1. Introduction
Wecheer AG ("we", "our", or "Company") is committed to protecting the privacy and data security of our business customers. As a Swiss company, we comply with the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (FADP).
2. Scope
This privacy policy applies to:
- The wecheer.io website
- The Wecheer.ai platform for business customers
- Related SaaS services and integrations
- All data collected from business users and customers
3. Information We Collect
For business customers, we collect:
- Account data (name, work email, company, job title, phone)
- Usage data (feature usage logs, login history, campaign data)
- Billing data (invoice records, payment information)
- Support communications (emails, chat transcripts)
- Website analytics (IP address, pages visited, session duration)
4. How We Use Your Information
We use business customer data to:
- Provide and maintain our SaaS platform and services
- Process billing and manage subscriptions
- Provide customer support and respond to inquiries
- Send product updates and feature announcements
- Analyze platform usage and improve our services
- Ensure compliance with legal and contractual obligations
5. Data Processing Role
For your business account and company information, Wecheer acts as the Data Controller. For consumer data you process through our platform on behalf of your customers, Wecheer acts as the Data Processor under GDPR Article 28. This relationship is governed by our Data Processing Agreement (DPA).
6. Data Sharing
We share your data with the following subprocessors:
- AWS (cloud infrastructure and storage)
- Segment (data pipeline and analytics)
- Google Analytics (website and platform analytics)
- Payment processors (stripe, etc., for billing)
We do not sell, rent, or share customer data with third parties for marketing purposes. Data may be disclosed when legally required by court order or regulatory authority.
7. AI Data Processing
When you use Wecheer.AI and other AI-powered features, additional data processing occurs:
- Data inputs: Prompts, campaign data, consumer analytics, and other information you provide to AI features are processed to generate responses and recommendations.
- Session data: AI interactions are processed in real-time. Individual prompts and responses are not stored beyond the active session unless you opt into conversation history.
- Model improvement: We may use anonymized and aggregated data to improve AI model performance. We do not use identifiable Customer data for AI training without explicit written consent.
- Third-party AI providers: AI features may utilise third-party infrastructure (e.g., large language model providers). These providers are bound by data processing agreements and included in our subprocessor list. Your data is encrypted in transit and subject to the same protections as all platform data.
- AI output data: AI-generated content (recommendations, reports, insights) is treated as Customer Data and subject to the same retention and deletion policies.
- Opt-out: You may request that your data not be used for any model improvement purposes by contacting privacy@wecheer.io.
8. Cookies & Website Analytics
Our website and platform use essential, functional, and analytics cookies. These cookies help us understand how you use our services and improve functionality. You can manage cookie preferences in your browser settings. Some features may not work properly if essential cookies are disabled.
9. Your Rights
You have the following rights under GDPR and Swiss law:
- Access: Obtain a copy of the personal data we hold
- Rectification: Correct inaccurate information
- Erasure: Request deletion in certain circumstances
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured format
- Objection: Object to certain processing activities
We will respond to rights requests within 30 days. To exercise these rights, contact privacy@wecheer.io.
10. Data Security
We implement comprehensive security measures:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Role-based access controls with principle of least privilege
- Regular security assessments and penetration testing
- Incident response procedures and breach notification
- Employee data protection training and confidentiality agreements
11. Data Retention
We retain data according to the following schedule:
- Account data: Retained for the duration of your subscription plus 12 months after termination
- Billing records: Retained for 7 years as required by Swiss law
- Analytics data: Retained for 24 months before deletion
- Support records: Retained for 12 months unless legally required longer
12. International Transfers
We primarily store data in EU and Swiss infrastructure. When transferring data outside these regions, we use Standard Contractual Clauses to ensure adequate protection. For more information on international transfers, please contact our privacy team.
13. Data Processing Agreement
For enterprise customers who process consumer data through our platform, a Data Processing Agreement (DPA) is available upon request. This agreement defines our roles and responsibilities as Data Processor and includes standard contractual clauses for data transfers.
14. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email at least 30 days in advance. Your continued use of our services constitutes acceptance of the updated policy.
15. Contact Us
For privacy inquiries or to exercise your data rights:
- Email: privacy@wecheer.io
- Wecheer AG
- Lausanne, Switzerland