Privacy Policy

1. Introduction

Adopt-AI ("Adopt-AI", "we", "us") is committed to protecting the privacy and personal data of its Clients and their end-users in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Swiss Federal Act on Data Protection (nLPD / DPA).

This Privacy Policy explains how we collect, use, protect, and process personal data in connection with our services and website (https://adopt-ai.io).

This Policy applies to all interactions with Adopt-AI, including via our platform, APIs, forms, or direct engagements, unless a more specific policy or contract applies.

2. Who We Are

Data Controller:

Adopt-AI acts as a data processor for most services provided to Clients, who remain data controllers.

For any data we collect directly (e.g., contact forms or website analytics), Adopt-AI acts as the data controller.

Swiss Data Protection Officer (DPO):

📍 Adopt-AI SA
Rue du Pré-de-la-Bichette 1, 1202 Geneva, Switzerland
📧 contact@adopt-ai.io

3. Data We Process

3.1 Data We Process on Behalf of Clients

When delivering services such as business process automation, LLM deployment, or AI solutions, we may process:

• Customer or employee data shared by the Client (e.g., names, emails, purchase or usage data);
• Business documents, orders, logs, or messages transiting via APIs or integrations;
• Metadata and analytics related to service usage.

Important: The Client is solely responsible for ensuring lawful collection and transfer of this data and for obtaining valid consent where applicable.

3.2 Data We Collect Directly

When you visit our website or contact us, we may collect:

• Identification data (e.g., name, email address);
• Professional details (e.g., company name, job title);
• Technical data (e.g., IP address, browser, device type);
• Communication content.

We do not knowingly collect data from minors or sensitive categories of data without explicit legal basis.

4. Legal Basis for Processing

We only process personal data when there is a valid legal basis, including:

• Performance of a contract (e.g., provision of our services);
• Legitimate interest (e.g., security, fraud prevention, business analytics);
• Compliance with legal obligations;
• Consent, where required (e.g., newsletters or optional cookies).

When acting as a processor, we process data strictly in accordance with the Client's documented instructions.

5. Purposes of Processing

We use data to:

• Deliver and improve our services;
• Ensure system security and monitor infrastructure performance;
• Communicate with Clients and respond to inquiries;
• Fulfill contractual and regulatory obligations;
• Provide technical support and user assistance.

We do not use client or end-user data for marketing purposes unless explicitly authorized.

6. Data Sharing and Subprocessors

We may share personal data with:

• Trusted subprocessors (e.g., GCP, Make, Softr) strictly for service delivery;
• Legal or regulatory authorities, when required by law;
• Advisors or auditors bound by confidentiality obligations.

All subprocessors are contractually bound by Data Processing Agreements (DPAs) and must meet GDPR and Swiss DPA requirements.

A full list of subprocessors is available upon request.

7. International Data Transfers

Where data is transferred outside the EU or Switzerland, we ensure appropriate safeguards, such as:

• Data hosting in European zones (via GCP infrastructure);
• Standard Contractual Clauses (SCCs) for third-country transfers;
• Compliance with additional Swiss-specific transfer requirements when applicable.

We do not allow uncontrolled access to data from countries without adequate protection.

8. Data Retention

We retain personal data:

• For the duration of the contract with the Client;
• For as long as necessary to fulfill legal, tax, or operational obligations;
• No longer than strictly necessary for the intended purpose.

At the end of a contract, data is deleted or returned to the Client in accordance with our DPA and internal retention policy.

9. Data Security

We implement robust technical and organizational measures, including:

• Encryption at rest and in transit;
• Access controls and audit logs;
• Regular penetration testing and system monitoring;
• Backup systems with regional failover in Europe.

These measures are reviewed and updated regularly in line with best practices and regulatory expectations.

10. Data Subject Rights

Under GDPR and Swiss DPA, you have the right to:

• Access your data;
• Rectify inaccurate or incomplete data;
• Erase your data ("right to be forgotten");
• Restrict or object to processing;
• Data portability (in certain cases);
• Withdraw consent (where processing is based on consent);
• File a complaint with a supervisory authority.

Requests may be submitted to: 📧 privacy@adopt-ai.io

If we act as a data processor, we will inform the relevant Client (data controller) of your request and support them in handling it.

11. Cookies and Tracking

We use only strictly necessary cookies for platform performance and security. No marketing or behavioral tracking cookies are used by default unless explicitly accepted.

Full cookie details are provided in our Cookie Policy (available on our website).

12. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. In case of material changes, Clients will be notified by email or via the platform.

The latest version is always available at: 🌐 https://adopt-ai.io/privacy

13. Contact

For all questions or concerns regarding this Privacy Policy or data protection practices:

📧 privacy@adopt-ai.io
📧 dpo@eminence.ch (Swiss market only)