>PromptOne_

Privacy Policy

PromptOne Sàrl

Rue du Pont-Neuf 10, 1227 Carouge (GE), Switzerland

Version 2.0 — Last updated: February 2026

1. Introduction and Scope

This Privacy Policy explains how PromptOne Sàrl ("PromptOne," "we," "us") collects, uses, and protects personal data in accordance with the Swiss Federal Act on Data Protection (nLPD, in force since September 1, 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).

This policy applies to:

  • Visitors to our website (promptone.ch)
  • Individuals who contact us via our contact form or email
  • Clients and their representatives who engage our services
  • Business contacts, partners, and suppliers

2. Data Controller

PromptOne Sàrl
Rue du Pont-Neuf 10
1227 Carouge (GE), Switzerland
IDE: CHE-XXX.XXX.XXX
TVA: CHE-XXX.XXX.XXX TVA
Email: support@promptone.ch

PromptOne has not appointed a Data Protection Officer (DPO), as this is not currently required given the nature and scale of our processing activities. For any data protection inquiries, contact us at the email address above.

We have not designated an EU representative under GDPR Art. 27 at this time. Should our processing activities require one, we will update this policy accordingly.

3. Data We Collect

3.1 Contact Form and Inquiries

When you contact us via our contact form or email, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Project description or message content

Providing this data is voluntary. If you choose not to provide it, we will be unable to respond to your inquiry.

3.2 Client Engagements

When you engage our services, we may additionally collect:

  • Company registration details (name, IDE number, address)
  • Contact details of your representatives (name, email, phone)
  • Billing and payment information
  • Technical data related to your project (system access credentials, API keys, data sets)
  • Communication records (emails, messages, meeting notes)

Providing this data is necessary for the performance of the contract. Without it, we cannot deliver our services.

3.3 Website Usage

Our website does not use cookies, tracking pixels, analytics tools, or any other tracking technologies. We do not collect any data about your browsing behavior. No third-party scripts are loaded that could track you.

4. Purpose, Legal Basis, and Retention

PurposeData UsedLegal Basis (nLPD / GDPR)Retention
Responding to your inquiryContact form dataOverriding interest (nLPD Art. 31 al. 2) / Pre-contractual measures (GDPR Art. 6(1)(b))12 months if no engagement follows
Providing contracted servicesClient engagement dataPerformance of contract (nLPD Art. 31 al. 2 / GDPR Art. 6(1)(b))10 years after end of engagement (CO Art. 958f)
Invoicing and accountingBilling dataLegal obligation (nLPD Art. 31 al. 1 / GDPR Art. 6(1)(c))10 years (Swiss tax and accounting law)
Legal compliance and dispute preventionAll relevant dataLegal obligation (nLPD Art. 31 al. 1 / GDPR Art. 6(1)(c))As required by applicable law

5. Automated Decision-Making and AI

PromptOne develops and deploys AI and automation solutions. Regarding our own data processing:

  • We do not use automated decision-making that produces legal effects or similarly significant effects on individuals based on their personal data.
  • We do not use your personal data to build profiles or train AI models.
  • We do not engage in profiling as defined under GDPR Art. 4(4) or nLPD Art. 5 let. f.

Where we process personal data on behalf of clients as part of AI projects, this is governed by a separate Data Processing Agreement (DPA) with the client, who remains the data controller for that data.

If our practices change, we will update this policy and, where required by nLPD Art. 21 or GDPR Art. 22, provide you with the right to obtain human review of any automated decision.

6. Data Sharing

We do not sell, rent, or trade your personal data.

We may share your data with the following categories of recipients:

  • Cloud and hosting providers (e.g., infrastructure services for email and file storage), under data processing agreements with appropriate safeguards
  • Accounting and invoicing software providers, for financial record-keeping
  • Professional advisors (fiduciary, legal counsel), bound by professional secrecy obligations
  • Authorities (tax authorities, regulators, courts), when required by law

We require all service providers to process your data only on our instructions and to maintain appropriate security measures.

7. International Transfers

Your data is primarily processed in Switzerland, which the EU recognizes as providing an adequate level of data protection.

Where data is transferred to countries that do not provide an adequate level of protection under Swiss or EU law (as determined by the Swiss Federal Council or EU Commission):

  • We implement appropriate safeguards, primarily standard contractual clauses (SCCs) approved by the Swiss Federal Data Protection and Information Commissioner or the European Commission.
  • We assess the data protection level of the recipient country and implement supplementary measures where necessary.

You may request information about the specific safeguards in place by contacting us.

8. Your Rights

Under nLPD and, where applicable, GDPR, you have the right to:

  • Access — request confirmation of whether we process your personal data and obtain a copy
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data, subject to legal retention obligations
  • Restriction — request restriction of processing in certain circumstances
  • Data portability — receive your data in a structured, commonly used, machine-readable format (where processing is based on consent or contract and carried out by automated means)
  • Object — object to processing based on overriding interest or legitimate interest
  • Withdraw consent — where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, contact us at: support@promptone.ch
We will respond within 30 days. If we cannot comply with your request, we will explain the reasons. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:

  • Encrypted communications (TLS/SSL)
  • Access controls and authentication
  • Secure hosting infrastructure
  • Regular review of security measures

10. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:

  • Notify the Swiss FDPIC as soon as possible (nLPD Art. 24)
  • Notify affected data subjects where required (nLPD Art. 24 al. 3)
  • Take immediate steps to mitigate the breach and prevent recurrence

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through our website. The current version, including the version number and date, is always available at promptone.ch.

12. Contact and Complaints

For any questions about this Privacy Policy or our data practices:

Email: support@promptone.ch

You have the right to lodge a complaint with:

  • Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) — www.edoeb.admin.ch
  • EU/EEA: The supervisory authority in your country of residence, if GDPR applies to our processing of your data