Privacy Policy
Your data is safe with us. Transparency and trust in data processing.
Our Privacy Promise
At schnellstart.ai, we take the protection of your data seriously. As a Swiss company, we are subject to the Federal Data Protection Act (FADP) and commit to the highest standards.
We only process your data when necessary to provide our services. We do not sell your data and do not share it with third parties unless required for contract fulfillment.
Swiss Hosting: All personal data is stored and processed in Switzerland or the EEA.
Legal Basis
Your data is processed based on the following legal grounds:
Contract Performance (Art. 6 Para. 1 FADP) - Processing for the fulfillment of a contract with you or for pre-contractual measures.
Legitimate Interests (Art. 6 Para. 1 FADP) - Processing based on our legitimate business interests, insofar as your interests do not prevail.
Consent (Art. 6 Para. 6 FADP) - Where you have given us your consent, we process your data accordingly.
Your Rights
Under the Swiss Data Protection Act, you have the following rights:
Right of Access: You can request information about the data we store about you at any time.
Right to Rectification: You can request the correction of inaccurate data.
Right to Deletion: You can request deletion of your data, provided no legal retention obligations exist.
Data Portability: You can request that we provide your data in a common format.
Right to Object: You can object to the processing of your data at any time.
What Data We Collect
We only collect data necessary for our services:
Contact Data: Name, email address, phone number, company name – when you contact us or use our services.
Technical Data: IP address, browser type, access times – automatically when visiting our website.
Cookies and tracking: PostHog (Frankfurt, EU) only loads after you opt in via the cookie banner, no analytics fires before consent. Session recording requires a separate marketing opt-in and masks every form input. Booking pages embed a Cal.com calendar that sets cookies in the cal.com domain when the embed loads; this is necessary to deliver the booking you requested. The consent banner itself stores one entry in localStorage ("schnellstart-cookie-consent") so we remember your choice.
Hosting & Data Residency
Your data is processed and stored in Switzerland:
Website Hosting: Azure Switzerland North (Zurich) – data center in Switzerland, operated by Microsoft. No customer data leaves Switzerland.
Workflow Automation & AI: Self-hosted on Infomaniak (Switzerland) – a Swiss provider with data centers in Geneva and Winterthur. AI models also run via Infomaniak Swiss AI.
Databases: PostgreSQL / Supabase, EU-compliant hosted. Backups encrypted in Swiss data centers.
Technical Security Measures
We use state-of-the-art security technologies:
Encryption: All data transfers use TLS 1.3. Stored data is encrypted with AES-256.
Access Control: Only authorized employees have access to personal data, following the principle of minimal privilege.
Regular Updates: Our systems are continuously updated and patched against known security vulnerabilities.
Employee Training: All employees receive regular training in data protection and IT security.
Use of US-Based Services
For certain functions, we use services from US companies (e.g., Azure by Microsoft). In all cases:
Data Residency Switzerland/EU: Even with US providers, data is processed exclusively in Swiss or EU data centers (e.g., Azure Switzerland North).
Swiss-US Data Privacy Framework: Where a US data transfer is necessary, we ensure the provider is subject to the Swiss-US Data Privacy Framework.
Provider Auditing: Every third-party provider is audited for FADP compliance, security standards, and contractual guarantees (DPA).
Swiss-First Approach: Wherever possible, we prefer Swiss providers (Infomaniak) or European alternatives.
Subprocessor Inventory
Services that process visitor data on our behalf, per FADP Art. 9 & 19 / GDPR Art. 28. Updated whenever a processor is added or removed.
AI inference (chat): Conversations with our chatbot run on Infomaniak Swiss AI, Swiss infrastructure, no prompt content used for model training, no data transfer outside Switzerland.
Each processor is bound by a data-processing agreement (DPA). Copies available on request.
Retention Periods
We keep personal data only as long as we need it. After the period below, data is automatically and irreversibly deleted unless a legal hold applies.
How to request your data, fix it, or delete it
Under FADP Art. 25–29 you can ask what we hold about you, correct it, transfer it, or have it deleted. Here is the exact procedure.
1. Send the request
Email [email protected] with the subject "FADP request". Tell us what you want: access, correction, deletion, transfer, or objection. You do not need to give a reason for deletion.
2. Help us identify you
Include the email address or name you used with us. For sensitive requests we may ask for a second identifier so data does not reach the wrong person. We do not ask for ID copies unless legally required.
3. Our response
We acknowledge within 5 working days and respond fully within 30 days. The request is free of charge unless it is manifestly unfounded or excessive (FADP Art. 25(6)).
4. If you disagree
You can lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch. You do not need our permission first.
EU AI Act: how we classify our AI
The EU AI Act (Regulation 2024/1689) sorts AI systems into four risk tiers. Switzerland isn't bound by it, but clients with EU exposure rightly ask where we stand. Here's the answer.
Risk classification: limited risk
As of May 2026, none of the AI we operate falls under Annex III (high-risk): no biometric identification, no employment screening, no education grading, no credit scoring, no critical-infrastructure control. Our chatbot is a limited-risk GPAI deployment with a transparency obligation only. We re-classify before adding any new AI system.
Chatbot transparency (Art. 50)
The chatbot is labeled as an AI assistant on first interaction. No impersonation, no "is this a real person?" ambiguity. Conversations route through Infomaniak Swiss AI on Swiss infrastructure; no prompt content is used to train models.
Client AI systems
For AI we build for clients, we classify each system upfront: prohibited / high-risk / limited / minimal. Annex III high-risk work is only accepted with an explicit risk-management plan, human-oversight design, and conformity assessment baked in from day one, never as a default scope.
AI literacy obligation (Art. 4)
Our team meets the literacy requirement through continuous training on model behavior, bias, and limitations. We also help clients meet theirs. AI-literacy training is part of our core service, not an add-on.
When You Need a Data Protection Consultant
For complex data protection questions, we recommend professional advice:
Special Data Categories: If you process health data, religious or political beliefs.
Regulated Industries: Banks, insurance, healthcare – additional regulations apply here.
Automated Decisions: If your AI systems make automated decisions with legal effect.
Legal Uncertainty: When in doubt about your data protection obligations – better to ask once more.
Contact & Data Protection Officer
For questions about data protection, you can reach us at:
Responsible: schnellstart.ai / Lukas Huber
Email: [email protected]
Address: Ringstrasse 37, 8500 Frauenfeld, Switzerland
We will respond to your inquiry within 30 days.
Right to Complain: You have the right to lodge a complaint with the competent data protection authority (FDPIC).
Changes to this Policy
We update this privacy policy as needed. We actively communicate significant changes.
Last Updated: May 20, 2026
Version: 2.4
Next Review: November 2026
Questions about Data Protection?
We are happy to answer all your questions about data processing and our data protection measures.
Contact data protection officer