Privacy Policy

1. Introduction

Astervox (hereinafter "Astervox" or "we") values the protection of your personal data. This Privacy Policy explains how we collect and process personal data.

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for data processing is:

3. Collection and Processing of Personal Data

Personal data is information that we can use to identify you. We primarily process personal data that we receive from our customers and business partners or that you provide to us voluntarily.

Personal data we may process includes:

• Name, business address, email address, phone number
• Company affiliation and role
• Account data for our platform (username, password hash)
• Platform usage data (created content, settings)
• Technical data (IP address, browser type, device information)

3.1 Metadata-Only Architecture

Our AI governance platform operates on a metadata-only architecture. When connecting to your knowledge sources (e.g., Salesforce Knowledge, SharePoint), we only scan metadata such as timestamps, status fields, and version information. We do not store or process the content of your knowledge articles or customer data.

4. Purpose of Data Processing

We use personal data for the following purposes:

• Providing, maintaining, and improving our platform
• Communication with you (support, updates, security notices)
• Contract processing and billing
• Compliance with legal obligations
• Marketing and advertising (unless you have objected)
• Analysis and improvement of our services

Where you have given consent for the processing of your personal data for specific purposes, we process your data based on that consent. Consent can be withdrawn at any time.

5. Cookies and Tracking

We use cookies and similar technologies on our website. A cookie is a small file stored on your computer when you visit our website.

5.1 Technically Necessary Cookies

These cookies are required for website functionality (e.g., language selection, login status).

5.2 Analytics Cookies

We use Google Analytics by Google Ireland Ltd. to analyze website usage. Google Analytics uses cookies to collect anonymous information (e.g., number of visitors, origin, time spent). We do not transmit complete IP addresses to Google.

More information: Google Privacy Policy

You can block cookies in your browser. Please note that some features may be limited as a result.

6. Data Sharing

We share personal data with the following recipients:

• Service providers: IT providers, hosting providers, payment processors
• Authorities: When legally required
• Business partners: In the context of contract processing

We do not sell your personal data to third parties.

7. International Data Transfers

Your data is primarily stored in the European Union (Frankfurt, Germany). For transfers to countries without adequate data protection, we ensure an adequate level of protection through standard contractual clauses.

For Swiss customers, we offer Swiss data residency options upon request.

8. Data Retention

We retain your personal data for as long as necessary to fulfill contractual and legal obligations. Once your data is no longer required, it will be deleted or anonymized.

• Account data: During the contract period, plus 30 days after deletion request
• Platform data: According to your retention settings (1 month to 10 years)
• Audit logs: According to regulatory requirements (default: 10 years)

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication
• Regular security reviews
• Employee data protection training

10. Your Rights

You have the following rights regarding your personal data:

• Access: You can request a copy of your data
• Rectification: You can request correction of inaccurate data
• Erasure: You can request deletion of your data
• Restriction: You can request restriction of processing
• Data portability: You can request transfer of your data
• Objection: You can object to processing

To exercise these rights, contact us at privacy@astervox.com. We will respond within 30 days.

11. Right to Complain

You have the right to lodge a complaint with the relevant data protection authority:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch
• EU: Your local data protection supervisory authority

12. Changes

We may update this Privacy Policy at any time. The current version published on our website applies. We will notify you of material changes by email or other appropriate means.

13. Contact

For questions about data protection, contact us: