Privacy Policy

Last updated: 30 November 2025

1. General

This Privacy Policy describes how Legislator (hereinafter “we”, “us”, “our”) processes personal data in connection with the use of our solution and website legislator.ch (collectively the “Solution”).

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).

2. Roles in Data Processing

2.1. Legislator as Data Processor (User Content)

For all User Content provided to the Solution by the customer or its end-users, including documents, prompts, uploaded files, queries, and other materials, we act as a data processor within the meaning of Art. 5 lit. j FADP. The customer/user remains the data controller and is responsible for ensuring a lawful basis for the processing and for the content submitted to the Solution.

2.2. Legislator as Data Controller (Account and Administrative Data)

For administrative, billing, website, and support data, Legislator acts as a data controller (Art. 5 lit. i FADP / Art. 4(7) GDPR, where applicable).

4. Categories of Personal Data Processed

When we act as controller, we process in particular Account and Administrative Data (see 4.1)

4.1. Account and Administrative Data (Controller)

• Name, surname
• Professional email address
• Organization / firm name
• Account identifiers
• Subscription status
• Technical logs (e.g. IP address, timestamps, login events)
• Other information you or your organization provide to us in the context of account management, billing or support

4.2. User Content (Processor)

When we act as processor, we process all data submitted to the Solution for processing, including:

• Documents (PDF, Word, images, scanned files)
• Legal texts
• Case descriptions and notes
• Prompts, queries, instructions
• Metadata contained in files
• History Data: previous queries, drafts, versions of files, and generated outputs stored to provide versioning and user convenience. This history can be deleted by the user at any time or upon request.

User Content may include particularly sensitive personal data under Art. 5 lit. c FADP (e.g. health data, data relating to criminal proceedings). We process such content only on documented instructions from the customer.

5. Purposes of Processing

5.1. Processor Purposes (User Content)

As data processor, we process User Content solely for the following purposes:

• Execution of AI inference tasks
• Generation of requested outputs
• Temporary caching for technical execution and performance
• Storage and management of history data, including previous queries, drafts, versions, and outputs, in order to provide versioning and user convenience
• System security, troubleshooting, and performance monitoring

5.2. Controller Purposes (Administrative Data)

As data controller, we process Account and Administrative Data for the following purposes: * Account creation and management * Subscription administration and payments * Technical maintenance and security * Compliance with Swiss retention requirements * Communication with users (e.g. operational messages, support, product information)

6. No Use for Model Training

We do not use User Content to train, fine-tune, or improve our proprietary models. Under our Data Processing Agreements, third-party AI providers act as subprocessors and are contractually prohibited from using Customer Data for model training or model improvement. AI processing is performed solely to generate the response to the specific request and for security and abuse‑prevention purposes where strictly necessary.

7. Data Storage and Technical Architecture

7.1. Storage Location (Persistent)

User Content and Account Data that must be stored persistently are stored on servers located in Switzerland.

7.2. AI Processing (Transient)

AI inference tasks are executed using trusted third-party providers.

• Transmission occurs via TLS-encrypted channels.
• Inputs are processed in volatile memory and not stored persistently by the subprocessors, except where technically unavoidable for short retention periods.
• Where technically unavoidable, providers may retain minimal logs for short, predefined periods (typically up to 30 days) solely for security, abuse monitoring, and operational reliability.

8. Subprocessors and International Transfers

8.1. Subprocessors

We engage specialized third‑party providers as subprocessors (e.g. cloud infrastructure, AI model providers, email and payment providers). A current list of subprocessors is available upon request at legal@legislator.ch.

8.2. Transfers to Third Countries

Where subprocessors are located outside Switzerland:

• Transfers to countries with a recognized adequate level of protection (Annex 1 OFADP) are permitted.
• Transfers to providers in the United States may rely on the Swiss–U.S. Data Privacy Framework, where applicable.
• In all other cases, transfers are based on Standard Contractual Clauses (SCCs) with the Swiss Addendum, or equivalent contractual safeguards ensuring an adequate level of protection (Art. 16 FADP).

9. Retention Periods

9.1. User Content (Processor)

User Content, including history data, drafts, previous versions, and generated outputs, is retained until deleted by the customer or according to the retention settings chosen by the customer. Upon deletion by the customer or upon request, User Content is promptly removed from our active systems. Residual copies may persist temporarily in encrypted backups, which are automatically purged after their standard lifecycle (maximum 30 days).

9.2. Account and Administrative Data (Controller)

Account and Administrative Data are stored for the duration of the contractual relationship. Business records (e.g. invoices, contract documents) are retained for 10 years as required by Swiss law.

9.3. Provider-Side Technical Logs

Technical logs on our systems and on subprocessor systems are retained only for short periods (generally ≤ 30 days) for security, abuse monitoring and operational purposes and are not used for model training.

10. Processing on the Customer’s Instructions

Legislator processes User Content exclusively on the documented instructions of the customer. Legislator does not determine the purposes or means of processing User Content. Subprocessors are engaged in accordance with Section 8. Upon instruction by the customer, Legislator deletes User Content as described in Section 9.

The Customer is solely responsible for ensuring that the submission of User Content to the Solution complies with applicable laws, including any professional secrecy, confidentiality, or data-protection obligations.

The Customer acknowledges that AI-generated outputs may contain errors and must be reviewed by the Customer.

11. Data Security

11.1. Technical and Organizational Measures

We implement appropriate technical and organizational measures to protect personal data, including in particular:

• TLS encryption in transit
• Full disk encryption at rest
• Logical and physical access controls
• Role‑based internal access restrictions
• Monitoring and detection of abnormal activity
• Secure development and deployment practices
• Regular reviews and audits of subprocessors and internal systems

11.2. Access to User Content

User Content is processed automatically by the Solution for the purposes described in Section 5. Human access to User Content occurs only where strictly necessary to:

1. resolve a support request initiated by the customer;
2. investigate or remediate errors, incidents, or quality and performance issues of the Solution; or
3. comply with legal obligations.

Any human access is restricted to specifically authorized personnel, is subject to confidentiality obligations, and is logged.

Where feasible, we use aggregated, pseudonymized, or otherwise minimized data for monitoring, troubleshooting, and quality improvement, and avoid accessing full documents.

12. Data Subject Rights

Where we act as controller, individuals have, under the conditions and within the limits of applicable law, the following rights:

• right of access;
• right to rectification;
• right to erasure (“right to be forgotten”), subject to statutory retention obligations;
• right to restriction of processing;
• right to data portability (where applicable);
• right to object to processing based on legitimate interests.

Where we act as processor, requests must be addressed to the data controller (the customer). Customers may request the deletion of User Content, including historical versions. We implement such deletions without undue delay in accordance with the customer’s instructions.

Requests may be sent to legal@legislator.ch.

13. Cookies

We use strictly necessary cookies for authentication, session management and essential functionality of the Solution.

We do not use third‑party tracking cookies or analytics cookies. If we introduce analytics or additional cookies in the future, we will update this Privacy Policy and, where required, obtain your consent.

14. Amendments

We may amend this Privacy Policy from time to time for example to reflect changes in our processing activities or in applicable law.

Material changes will be communicated through the Solution and/or by email. The current version of the Privacy Policy is available at https://legislator.ch/privacy and replaces all previous versions.