Data Protection
How Schatzi Protects Your Data
Schatzi AI is built on a foundation of user ownership, privacy-first engineering, and fully Swiss-operated infrastructure.
You remain the master of your data at every moment.
User-Controlled Privacy
You Own Your Data — Always
Your prompts, conversations, and files are yours, not ours.
We give you complete control over what is stored, for how long, and what is deleted.
You can:
- Delete your entire chat history at any moment
- Remove uploaded files immediately after use
- Disable or limit history retention
- Customize privacy settings per workspace
- Manage API keys, account data, and tokens
- Keep only what you intentionally decide to keep
We do not:
- Train on your data
- Analyze or harvest content
- Reuse your information for any purpose
- Retain content longer than technically necessary
This is privacy by design — not by marketing.
Swiss Hosting (Jurisdiction Reinforcement)
Swiss Infrastructure Only
Although you control your data, Schatzi reinforces this through a strict infrastructure policy:
- All processing occurs on servers physically located in Switzerland
- No hidden replication, no overseas “backup copies”
Key benefits of Swiss jurisdiction:
- Protected by the Federal Act on Data Protection (FADP)
- Strong confidentiality protections
- Stable and predictable legal environment
User ownership + Swiss jurisdiction = maximum privacy guarantees.
Zero Data Retention (Unless You Choose Otherwise)
We Only Keep What You Explicitly Want to Keep
By default, Schatzi uses a minimal retention approach:
- Prompts: Deleted after processing unless you voluntarily enable history
- Uploads: Automatically removed after the model finishes processing
- Responses: Not stored server-side after delivery
- Model outputs: Not used for training or profiling
If you disable history, no persistent conversation data remains.
Your confidential information stays confidential — with zero training, zero profiling, and zero data selling.
FADP & GDPR Compliance
We align fully with:
- FADP (Swiss Federal Act on Data Protection)
- GDPR (EU General Data Protection Regulation)
Our compliance features include:
- Data minimization
- Purpose limitation
- Transparent data processing
- User rights access (export, deletion, correction)
- Strict storage limitation
- Legal basis for every data-handling operation
You can request a Data Processing Agreement (DPA) at any time.
Secure & Green Swiss Infrastructure
Physical Security
- 24/7 monitored Swiss data centers
- Redundant power and cooling
- Controlled and audited physical access
- Disaster recovery and high-availability design
Network Security
- TLS 1.3 for all connections
- Hardened network architecture
- Firewall protection
- DDoS mitigation
- Regular penetration testing and audits
Access Controls
- Zero-trust principles
- Strict internal access limitations
- Multi-factor authentication
- Role-based permissions
- Audit logging and regular reviews
Sustainable Energy
- Majority hydroelectric and low-carbon power
- green-energy data centers
- Lower carbon footprint than foreign hyperscalers
Data Processing Details
What We Process During Usage
To deliver AI responses, we temporarily process:
- Prompt text
- Uploaded files
- Model configurations
- Session metadata (timing, token consumption)
Billing Data (Minimal)
To operate your account:
- Email and subscription plan
- Aggregated token usage
- Payment details (managed by PCI-compliant payment processors)
What We Don’t Do
❌ No training on your content
❌ No third-party data sharing
❌ No advertising or profiling
❌ No cross-user data contamination
❌ No long-term storage without your choice
Data Lifecycle
During Processing
- You send a prompt or upload a document
- Data is encrypted and processed on Swiss servers
- Model generates the output
- Response is returned to you
- Temporary data is cleared
After Processing
- Prompts: Deleted unless history is enabled
- Files: Deleted after processing
- Responses: Not stored server-side
- Logs: Minimal technical logs retained briefly
Billing Data
- Aggregated token counts
- Account and subscription data
- No content-level billing storage
Technical Safeguards
Encryption
In Transit: TLS 1.3
At Rest: Encrypted storage, protected keys, ongoing security updates
Isolation
- Full workspace and user isolation
- Separate processing contexts
- Strict sandboxing
- Zero cross-user access
Monitoring
- 24/7 security monitoring
- Intrusion detection
- Automated response systems
- Regular vulnerability scans
Regulatory Compliance
FADP (Switzerland)
We meet all requirements:
- Lawful processing basis
- User rights fulfillment
- Breach notifications
- No cross-border data transfers
GDPR (EU)
For EU-based clients:
- GDPR-compliant processing
- Optional DPA
- Data export controls
- Subject access request procedures
For Regulated Industries
Schatzi AI is designed for sectors with the highest privacy expectations:
Financial Services
Banks, wealth managers, fiduciaries, family offices
Legal & Professional Services
Law firms, trustees, auditors, consulting firms
Healthcare & Research
Clinics, laboratories, research institutions
Government & Public Sector
Cantonal authorities, public institutions, regulated agencies
With Schatzi AI, you own your data, you control its lifecycle, and everything runs under Swiss jurisdiction.
True privacy, by design.
Transparency
We believe privacy should never be a mystery.
- Clear, human-readable privacy policy
- Regular transparency updates
- Open communications about incidents
- Fast responses to privacy inquiries
- Optional security & compliance documentation for enterprise clients
Questions About Data Protection?
For specific questions about how your data is protected:
- Review our Privacy Policy
- Read our Terms of Service
- Contact us for a Data Processing Agreement (DPA)
- Reach out to support with specific concerns