Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to Suisse Notes. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meeting transcription and note-taking service. The service is provided by Suisse AI Group GmbH, while Suisse IT GmbH acts as the data controller and intellectual property owner.

We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (nDSG/DSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for processing your personal data is:

Suisse IT GmbH
Kesslernmattstrasse 20
8965 Berikon
Switzerland

UID: CHE-168.610.867
Email: info@suisse-notes.ch

Suisse IT GmbH is responsible for determining the purposes and means of processing personal data and owns all intellectual property rights related to the Suisse Notes platform.

3. Service Provider

The service is marketed and operated under the brand of:

Suisse AI Group GmbH
Kirchstrasse 3
CH-8304 Wallisellen
Switzerland

UID: CHE-361.204.651
Email: info@suisse-notes.ch

Suisse AI Group GmbH provides the commercial services, customer support, and billing operations for Suisse Notes on behalf of Suisse IT GmbH.

4. Data We Collect

4.1 Account Information

  • Name and email address
  • Company/organization name (if applicable)
  • Account credentials (securely hashed)
  • Payment and billing information
  • Account preferences and settings

4.2 Meeting Data

  • Audio recordings of meetings (temporary, for transcription)
  • Meeting transcriptions
  • AI-generated summaries and notes
  • Meeting metadata (date, time, duration, participants)
  • Action items and key points extracted by AI

4.3 Calendar Data

  • Calendar event details (title, time, attendees)
  • Meeting links (Zoom, Microsoft Teams, Google Meet)
  • Calendar integration tokens (securely stored)

4.4 Technical Data

  • IP address and device information
  • Browser type and version
  • Usage data and interaction logs
  • Error logs and diagnostic data

5. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To provide meeting transcription, note-taking, and AI-powered meeting assistance
  • Account Management: To create and maintain your account, process payments, and provide customer support
  • Calendar Integration: To automatically join scheduled meetings and sync meeting data
  • Service Improvement: To analyze usage patterns and improve our services
  • Communication: To send service-related notifications, updates, and support responses
  • Legal Compliance: To comply with legal obligations and protect our rights

6. Legal Basis for Processing

Under Swiss law (nDSG) and the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b) GDPR / Art. 31 nDSG): Processing necessary to provide our services and fulfill our contractual obligations
  • Consent (Art. 6(1)(a) GDPR / Art. 6 nDSG): Where you have explicitly consented, such as for recording meetings
  • Legitimate Interests (Art. 6(1)(f) GDPR / Art. 31 nDSG): For service improvement, security, and fraud prevention
  • Legal Obligation (Art. 6(1)(c) GDPR / Art. 31 nDSG): To comply with applicable laws and regulations

7. Data Storage and Location

Your data is stored exclusively in Switzerland to ensure the highest level of data protection and sovereignty. We use Microsoft Azure Switzerland North (Zurich region) as our primary data center.

Key storage principles:

  • All data at rest is encrypted using AES-256 encryption
  • All data in transit is protected using TLS 1.3
  • Swiss data residency is maintained for all customer content
  • Regular security audits and penetration testing

8. Third-Party Data Processors

We work with carefully selected third-party service providers who process data on our behalf:

8.1 Soniox (Transcription)

Audio data is processed by Soniox for speech-to-text transcription. Audio is transmitted securely and is not retained after transcription is complete.

8.2 Microsoft Azure (Infrastructure)

We use Microsoft Azure Switzerland North for data storage, computing, and infrastructure services. Microsoft acts as a data processor under a Data Processing Agreement (DPA) that ensures GDPR and nDSG compliance.

8.3 Microsoft Graph API

For users who connect Microsoft 365 calendars, we access calendar data through the Microsoft Graph API. Only necessary calendar information is accessed and processed.

8.4 Google Calendar API

For users who connect Google calendars, we access calendar data through the Google Calendar API in accordance with Google's API Services User Data Policy.

9. Data Retention

We retain your data for the following periods:

  • Audio recordings: Deleted immediately after transcription is complete (typically within minutes)
  • Transcriptions and notes: Retained for the duration of your subscription, or as specified in your account settings
  • Account information: Retained for the duration of your account plus 90 days after deletion
  • Billing records: Retained for 10 years as required by Swiss commercial law
  • Technical logs: Retained for up to 12 months for security and debugging purposes

You may request earlier deletion of your data at any time, subject to legal retention requirements.

10. Your Rights

Under Swiss data protection law and the GDPR, you have the following rights:

  • Right of Access: You may request a copy of your personal data
  • Right to Rectification: You may request correction of inaccurate data
  • Right to Erasure: You may request deletion of your personal data
  • Right to Data Portability: You may request your data in a machine-readable format
  • Right to Restriction: You may request limitation of processing
  • Right to Object: You may object to processing based on legitimate interests
  • Right to Withdraw Consent: You may withdraw consent at any time

To exercise any of these rights, please contact us at info@suisse-notes.ch. We will respond to your request within 30 days.

11. Calendar Integration and Meeting Bot

Suisse Notes integrates with popular calendar and video conferencing platforms to provide seamless meeting transcription:

11.1 Google Calendar & Google Meet

When you connect your Google account, we request access to read your calendar events and meeting links. Our meeting bot joins Google Meet sessions as a participant to record and transcribe.

11.2 Microsoft 365 & Microsoft Teams

When you connect your Microsoft account, we access your Outlook calendar through Microsoft Graph API. Our bot joins Teams meetings as a guest participant.

11.3 Zoom

For Zoom meetings, our bot joins using the meeting link from your calendar. The bot appears as a named participant in the meeting.

Important: You are responsible for obtaining consent from all meeting participants before enabling recording and transcription. Our bot announces its presence when joining meetings.

12. Cookies and Tracking

We use only essential cookies that are strictly necessary for the operation of our service. These include:

  • Authentication cookies: To keep you logged in securely
  • Session cookies: To maintain your session state
  • Security cookies: To prevent fraud and protect your account

We do not use advertising cookies, tracking pixels, or third-party analytics that would track your behavior across websites. Essential cookies do not require consent under Swiss law.

13. International Data Transfers

Your data is primarily stored in Switzerland. Where data must be transferred outside Switzerland or the EEA (for example, to Soniox for transcription), we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Contractual data protection commitments

Switzerland is recognized by the EU as providing adequate data protection, ensuring seamless transfers between Switzerland and the EEA.

14. Children's Privacy

Suisse Notes is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at info@suisse-notes.ch.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to registered users
  • Displaying a notice within the application

Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

16. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Data Protection Contact
Email: info@suisse-notes.ch
Address: Suisse IT GmbH, Kesslernmattstrasse 20, 8965 Berikon, Switzerland

If you are not satisfied with our response, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC):

Federal Data Protection and Information Commissioner (FDPIC)
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Feldeggweg 1
3003 Bern
Switzerland
www.edoeb.admin.ch