Privacy Policy

Digital Business Schweiz GmbH – mateqAI

Last updated: January 2026

1. Introduction

This Privacy Policy explains how Digital Business Schweiz GmbH ("we", "us", "Provider") processes personal data when you visit or use our SaaS platform mateqAI ("Platform"), available at https://www.mateq.ai.

We take data protection seriously. The processing of your data is carried out in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

The responsible party (Controller) for data processing is:

Digital Business Schweiz GmbH

c/o Mats Hess

Tellstrasse 20

8400 Winterthur, Switzerland

Email: legal@mateq.ai

Web: https://www.mateq.ai

3. Data We Collect

We collect and process the following categories of data:

3.1. Account and Profile Data

  • Surname, first name, email address, password (encrypted).
  • Company name, organization ID, role within the company.
  • Subscription details (status, duration).

3.2. Payment Data

  • Billing address and payment method.
  • Transaction history.

Note: We do not store credit card details or complete payment information. Processing is handled exclusively via our certified payment service provider Stripe.

3.3. Usage and Analytics Data

  • Activities within the Platform (login times, feature usage, navigation).
  • Technical data: IP address, browser type, device type, operating system.

3.4. Data from Third-Party Integrations (Dashboard & APIs)

To display aggregated performance data in your dashboard, we connect via interfaces (APIs) to your accounts with third-party providers (Google, Meta, LinkedIn).

Type of Data: We retrieve performance metrics (e.g., impressions, clicks, costs, conversions) and campaign structures.

Processing and Storage: This data is retrieved to visualize it for you within the Platform. We reserve the right to store this data permanently on our servers to improve load times (caching) or for historical analysis, as long as your subscription is active.

Permissions: Access is granted exclusively based on the OAuth permissions (tokens) you provide, which you can revoke at any time in the settings of the respective third-party platform.

4. Purposes of Processing

We process your data for the following purposes:

  • Provision and operation of the SaaS Platform (performance of contract).
  • Management of user accounts and authentication.
  • Automated creation and management of ad campaigns and tracking setups.
  • Processing of payments and invoicing.
  • Improvement of the Platform and troubleshooting.
  • Compliance with legal obligations (e.g., accounting).

Notice regarding the use of data for Analysis and AI Models:

  • Individual Analyses (Forecasts): We use your data to provide you with personalized forecasts and analyses within the Platform. This data remains strictly isolated and is only visible to your account.
  • Benchmarks & Product Improvement: We are entitled to use data from connected integrations (e.g., Google/Meta) in anonymized and aggregated form to:
    • Create industry benchmarks and comparative values (excluding any possibility of identifying individual companies).
    • Train and improve our algorithms and machine learning models ("Machine Learning").
  • No Transfer: Raw data from Google integrations is not sold to unauthorized third parties or used for training public generative AI models (e.g., public LLMs) where there is a risk that your data could be reproduced.

5. Legal Basis

We base our processing on the following legal grounds (in accordance with Art. 6 GDPR and Art. 31 FADP):

  • Performance of Contract: For providing SaaS services and billing.
  • Consent: For access to third-party APIs (OAuth) and optional cookies.
  • Legal Obligation: Retention of records for accounting purposes.
  • Legitimate Interest: Platform security, analysis for product improvement.

6. Storage and Retention Periods

Location: Your data is primarily stored on servers in Switzerland (Zurich) and, for redundancy and delivery (CDN), on servers in the European Union (EU).

  • Account Data: Retained as long as your subscription is active.
  • Technical Data: Backups and logs are routinely deleted after 90 to 180 days.
  • Accounting Data: Invoices and payment-relevant data must be retained for 10 years in accordance with the Swiss Code of Obligations (CO). After contract termination, this data is locked and archived solely to fulfill legal obligations.

7. Third-Party Disclosures

We only share data if necessary for contract performance. We select our service providers carefully and ensure they adhere to appropriate security standards (such as ISO certifications, SOC2, or GDPR compliance).

Our key service providers are:

PurposeProviderLocationData Protection Standard
Database & BackendSupabaseSwitzerland (Zurich) / USASOC2 / GDPR-compliant
Hosting & CDNNetlifyGlobal / EUDPF / SCCs
Domain & EmailHostpoint AGSwitzerlandFADP-compliant (Switzerland)
PaymentStripe Payments Europe Ltd.IrelandPCI-DSS Level 1
Analytics (Web)Google Ireland Ltd.IrelandGDPR-compliant
API PartnersGoogle, Meta, LinkedInIreland / USAAt your instruction (OAuth)

Where providers are located in the USA (e.g., via Netlify or parent companies), they are either certified under the Data Privacy Framework (DPF) or bound by Standard Contractual Clauses (SCCs).

8. Data Security

We implement appropriate technical and organizational measures (TOMs) to protect your data:

  • Encryption of data transmission (SSL/TLS).
  • Encrypted storage of passwords and API tokens.
  • Access restrictions (Role-Based Access Control) for our employees.

9. International Transfers

Data may be transferred to the EU and the USA within the scope of using cloud services (e.g., Netlify). For transfers to the USA, we rely on the adequacy decision for the Swiss-US Data Privacy Framework or the EU-US Data Privacy Framework, or on Standard Contractual Clauses.

10. Your Rights

Under the FADP and GDPR, you have the following rights:

  • Right to access your stored data.
  • Right to rectification of incorrect data.
  • Right to deletion of your data (unless legal retention obligations apply).
  • Right to restriction of processing.
  • Right to data portability.
  • Right to withdraw consent (e.g., disconnect OAuth connections).

To exercise these rights, please contact us at legal@mateq.ai.

11. Changes to this Policy

We may update this Privacy Policy. The current version is always available on our website. Significant changes will be communicated to you via email or through the Platform.

Contact

Digital Business Schweiz GmbH

c/o Mats Hess

Tellstrasse 20

8400 Winterthur, Switzerland

Email: legal@mateq.ai

Web: https://www.mateq.ai