Privacy Policy

This Privacy Policy informs you about the processing of personal data when visiting and using zbern.ch. It is based on the revised Swiss Federal Act on Data Protection (FADP) and, where applicable, the European General Data Protection Regulation (GDPR).

1. Controller

datadada GmbH

Email: hello@datadada.io

2. What data we process

2.1 Account information

When you create an account, we process:

Email address
Password (hashed, never stored in plain text)
When signing in via Google: the profile information transmitted by Google (name, email address)
Time of registration and of the last sign-in

Legal basis (GDPR, where applicable): Performance of contract (Art. 6(1)(b) GDPR).

2.2 Conversation data

Your queries to the chatbot and the answers generated by the AI are stored in order to keep your conversation history available and to allow you to resume conversations.

Legal basis (GDPR, where applicable): Performance of contract (Art. 6(1)(b) GDPR).

2.3 Publicly shared conversations

If you actively publish a conversation via the share function, it is made publicly accessible under a unique URL. You can withdraw the publication at any time.

Legal basis (GDPR, where applicable): Consent (Art. 6(1)(a) GDPR).

2.4 Technical data and telemetry

Each use involves the processing of technical data:

IP address (truncated after a short time)
Browser type and version, screen resolution
Time and type of requests, response times, error messages
A randomly generated browser ID (UUID) that is stored exclusively in your browser's local storage (localStorage) and allows us to correlate sessions anonymously

These data serve the operation, troubleshooting and improvement of the service.

Legal basis (GDPR, where applicable): Legitimate interest in secure and stable operation (Art. 6(1)(f) GDPR).

2.5 Cookies

We use exclusively strictly necessary cookies:

Cookie	Purpose	Duration
`access_token`	Authentication session (httpOnly)	Until the token expires
`refresh_token`	Session renewal (httpOnly)	Until logout
`oauth_code_verifier`	PKCE protection during the Google sign-in flow	10 minutes

No tracking, advertising or analytics cookies from third parties are set. A cookie banner is therefore not required.

2.6 Waitlist

When you sign up for the waitlist on the landing page, we store exclusively:

Email address
Selected language (de / fr / it / en)
Origin of the visit (source, utm parameters if present in the URL)
Time of consent (consent_at)
Time of registration (created_at)

This data is used exclusively to inform you when the platform is opened up. Retention is limited to a maximum of 12 months after registration. On request to hello@datadada.io the entry is deleted at any time.

Legal basis (GDPR, where applicable): consent (Art. 6(1)(a) GDPR).

3. Recipients and processors

For the operation of zbern.ch we rely on the following service providers:

Service	Purpose	Location / Hosting
Supabase	Authentication, storage of account, conversation and publication data	EU (Ireland)
Anthropic	AI model (Claude) for answering your queries	USA
Langfuse	Telemetry and quality assurance of AI answers	USA
DigitalOcean	Hosting of the application (server, database backups)	EU (Frankfurt)

For data transfers to the USA (Anthropic, and where applicable Langfuse), we rely on the EU Standard Contractual Clauses and the recognised safeguards under the FADP.

Within our own infrastructure we also operate InfluxDB, Loki and Grafana for internal evaluation of telemetry data. These systems run on our own infrastructure at DigitalOcean; no transfer to third parties takes place.

4. Content of your queries

Please note: content that you enter into the chatbot is transmitted to Anthropic in the USA in order to generate a response. For this reason, please do not enter any particularly sensitive personal data (health data, data on ethnic origin, religious or political views of third parties, etc.) or any confidential business information.

In its Commercial Terms (Section B, as of 17 June 2025) Anthropic expressly undertakes not to use customer content from API services to train its models: "Anthropic may not train models on Customer Content from Services." zbern.ch accesses Anthropic exclusively via the commercial API.

5. Retention period

Account and conversation data: Until you delete your account
Published conversations: Until you withdraw the publication
Technical logs and telemetry data: For as long as required for the secure operation, troubleshooting and improvement of the service, as a rule no longer than 12 months

6. Your rights

You have the right at any time to:

Access the data we process about you
Rectification of inaccurate data
Erasure of your data ("right to be forgotten")
Restriction of processing
Data portability (export of your data in a commonly used format)
Object to the processing
Withdraw consent you have given, with effect for the future
Lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) or with an EU supervisory authority

Please address requests to: hello@datadada.io

7. Data security

We take appropriate technical and organisational measures to protect your data, in particular:

TLS encryption for all connections
Passwords are stored only in hashed form
Access to production systems only via multi-factor authentication
Regular security updates of the software in use
Row-level security at the database level to separate user data

8. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy in order to adapt it to changes in the legal situation or to changes in our service. The version published on zbern.ch shall prevail.

Last updated: 26 May 2026