Privacy statement

1. Introduction

This privacy policy informs you about the nature, scope and purpose of the processing of personal data as part of our online offering at innochat.ch and associated services. Protecting your privacy is very important to us. We comply with the requirements of the General Data Protection Regulation (GDPR), the Swiss Data Protection Act (RevDSG) and the Austrian DSG.

2. Responsible person

innoQ Research GmbH

Schutzengelstrasse 57

6340 Baar, Switzerland

Email: hello@innochat.ch

Telephone: +41 41 743 01 11

When processing data from individuals in the EU area:

EU‑Representative:

innoQ Germany GmbH

Krischerstrasse 100, 40789 Monheim am Rhein

Email: innochat@innoq.com

3. Purposes of data processing

We process personal data for the following purposes:

  • Provision and operation of our SaaS platform to create AI‑supported chatbots
  • User registration, contract processing and payment processing (via Stripe)
  • Provision of support and maintenance services
  • Analysis and optimization of our offer (e.g. to improve the response quality of chatbots)
  • Integration of language models (LLMs) to process text inputs (“chunks”: excerpts from text inputs used for AI processing)

4. Processed data categories

  • Master data (e.g. name, email address, company)
  • Payment details (e.g. credit card details via Stripe)
  • usage data (e.g. logins, bot activities)
  • Content from user inputs (text inputs to chatbots)
  • Analysis and tracking data is not collected.

5. Use of Artificial Intelligence (AI) and LLMs

The platform uses large language models (LLMs) from external providers to generate answers in chatbots. Here, parts of user input (so-called “chunks”) can be transferred to the following providers:

  • OpenAI (US)
  • Google AI/DeepMind (US/EU)
  • Anthropic (USA)
  • Amazon Bedrock (EU/US)
  •  ..

The transmission is carried out pseudonymized, i.e. without direct personal references. The providers process the data not for training purposes, insofar as this is contractually excluded (e.g. OpenAI API, Azure OpenAI, Amazon Bedrock). We make sure to select trustworthy providers with appropriate data protection agreements (SCCs, DPA, BAA, etc.).

6. Hosting and storage location

Our infrastructure is operated in AWS region Frankfurt. All system components, user accounts, and log data remain in this region unless explicitly stated otherwise (e.g. LLM APIs). The servers are protected by modern security mechanisms (TLS 1.3, IAM, KMS encryption).

7. Legal bases

Processing is carried out on the basis of the following legal bases:

  • Art. 6 para. 1 lit. b GDPR — to fulfill the contract (registration, use of the platform)
  • Art. 6 para. 1 lit. a GDPR — to fulfill the contract (e.g. use of third-party AIs, as they are part of our SaaS service)
  • Art. 6 para. 1 lit. f DSGVO — legitimate interest (e.g. misuse prevention, optimization)
  • According to Swiss DSG: Art. 6 para. 1 in conjunction with Art. 30 ff. RevDSG

8. Transfer of data to third parties

  • Payment processing via Stripe Payments Europe Ltd.
  • AI provider in accordance with Section 5
  • Service providers in the context of order processing (e.g. hosting, monitoring)
  • In accordance with the Swiss Data Protection Act (RevDSG), disclosure abroad is only made if there are suitable guarantees in accordance with Art. 16 et seq. RevDSG.
  • Before transferring personal data to third countries (e.g. USA), we carry out a Transfer Impact Assessment (TIA) in accordance with the requirements of the EU Commission and the FDOEB.

A transfer to third countries (USA) takes place exclusively with appropriate guarantees (standard contractual clauses of the EU Commission, DPA, Privacy Framework).

9. Storage period

Data is only stored for as long as is necessary to fulfill the respective purposes:

  • Contract data: until termination + 10 years (according to OR and UStG)
  • Usage data: 1—12 months (depending on category)
  • Chat inputs: depending on bot configuration (optional: immediate deletion)

10. Rights of data subjects

At any time, you have the right to:

  • Information (Art. 15 DSGVO/Art. 25 RevDSG)
  • Correction (Art. 16 GDPR)
  • Deletion (“right to be forgotten”, Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Withdrawal of consents granted (Article 7 (3) GDPR)
  • Objection to processing (Art. 21 GDPR)

Please send inquiries to: hello@innochat.ch

11. Cookies & Tracking

Our website only uses technically necessary cookies.

12. Amendments

This privacy policy can be amended at any time. The latest version can be found on this page.

Last updated: July 15, 2025