Privacy Policy

1. Controller

The controller responsible for the processing of your personal data is:

Fireminer AG Wadsack Zug AG Bahnhofstrasse 7, 6300 Zug, Switzerland CHE-202.093.568 Email: privacy@evertold.ai

2. Scope & Applicability

This Privacy Policy applies to all personal data collected through the EverTold mobile application ("App"), the website at evertold.ai ("Website"), and any related services (collectively, the "Services"). This policy applies to all users, including participants in our pilot programme.

The Services are designed for use by adults, including elderly persons and their caregivers. If you are setting up or managing the Services on behalf of another person, you are responsible for ensuring that person understands and, where possible, consents to the data processing described in this policy.

3. Pilot Programme & Special Terms

By participating in the EverTold pilot programme, you acknowledge and consent to the following additional terms:

Development use: All data collected during the pilot period, including voice recordings, conversation transcripts, usage patterns, and any other data generated through your use of the Services, may be used by Fireminer AG for product development, improvement, testing, training of AI models, analytics, and research purposes.
Consent as condition of access: Your consent to this data use is a condition of receiving access to the pilot programme. You may withdraw your consent at any time by contacting us at privacy@evertold.ai. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.
De-identification: Data used for development purposes will be de-identified using industry-standard techniques (such as pseudonymisation, voice anonymisation, and removal of identifying metadata). However, given the nature of voice and conversational data, complete anonymisation cannot always be guaranteed. Where true anonymisation is achieved, the data falls outside the scope of data protection law and may be retained without restriction.
Duration: These pilot-specific terms apply for the duration of the pilot programme and for a period of five (5) years thereafter, during which Fireminer AG retains the right to use previously collected pilot data for the purposes stated above.

4. Data We Collect

4.1 Data you provide directly

Name, email address, and contact details (registration)
Role or relationship to the end user (e.g. family member, caregiver)
Voice recordings and conversation transcripts
Profile information about the end user (health notes, preferences, medication schedules)
Any other information you voluntarily submit through the Services

4.2 Data collected automatically

Device information (device type, operating system, unique identifiers)
Usage data (features used, session duration, interaction patterns)
Log data (IP address, access times, app crashes, system activity)
Cookies and similar technologies on the Website

4.3 Sensitive Personal Data

The Services process the following categories of sensitive personal data as defined by Art. 5 para. 1 let. c FADP:

Health-related data (e.g., medication reminders, wellness check-ins, health notes)
Biometric data: voice recordings that may uniquely identify a natural person

By using the Services, you explicitly consent to the processing of such sensitive personal data as described in this policy, in accordance with Art. 6 para. 7 let. a FADP. You may withdraw this consent at any time (see Section 10 below), though withdrawal may limit the functionality of the Services.

5. Purposes of Processing

We process your personal data for the following purposes:

Providing, operating, and maintaining the Services
Delivering personalised AI companion interactions
Sending medication reminders and wellness check-ins
Generating and preserving life stories and keepsakes
Communicating with you about your account and the Services
Product development, improvement, and research (especially during the pilot)
AI model training and optimisation
Ensuring security, preventing fraud, and enforcing our terms
Complying with legal obligations under Swiss law

6. Legal Basis

Under Swiss data protection law, the processing of personal data by private persons is generally permitted unless it breaches the personality rights of the data subject (Art. 30 FADP). A breach of personality rights is unlawful unless justified by consent, an overriding private or public interest, or the law (Art. 31 FADP).

We rely on the following justifications for processing your data:

Consent (Art. 6 para. 6–7 FADP): We obtain your explicit consent for the processing of sensitive personal data (health data, biometric voice data) and for the use of your data for AI model training during the pilot programme.
Performance of a contract (Art. 6 para. 3 FADP): We process data as necessary to provide the Services you have requested.
Overriding interests (Art. 31 para. 2 FADP): We process data for analytics, security, and product improvement where our legitimate business interests are not overridden by your rights.
Legal obligations: Where required by Swiss law.

7. Data Sharing & Third Parties

We do not sell your personal data. We may share data with the following categories of recipients:

Service providers: Cloud hosting, AI processing, analytics, and communication services that process data on our behalf under strict contractual obligations
Family members and caregivers: Certain data (wellness summaries, stories, status updates) may be shared with designated family members or caregivers as configured by you or your authorised representative. You may modify or revoke these sharing settings at any time within the App or by contacting us.
Legal requirements: Where required by Swiss law, court order, or governmental request
Corporate transactions: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality obligations

8. International Data Transfers

Your data may be transferred to and processed in countries outside of Switzerland. Where such transfers occur, we ensure an adequate level of data protection through:

Transfers to countries recognised by the Swiss Federal Council as providing adequate protection
Standard contractual clauses approved by the FDPIC
Other appropriate safeguards as required under Art. 16-17 FADP

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law. Specifically:

Account data: Retained for the duration of your account and up to 12 months after deletion
Pilot data: Retained for up to 2 years after the conclusion of the pilot programme for development purposes, unless fully anonymised (in which case the data is no longer personal data and may be retained without restriction).
Voice recordings & transcripts: Retained for as long as the account is active; de-identified versions may be retained indefinitely for AI training
Legal records: Retained as required by Swiss commercial law (typically 10 years)

10. Your Rights

Under the Swiss FADP, you have the following rights with respect to your personal data:

Right of access (Art. 25 FADP): You may request information about the data we hold about you
Right to rectification (Art. 32 FADP): You may request correction of inaccurate data
Right to deletion (Art. 32 FADP): You may request deletion of your data, subject to legal retention obligations. Please note that fully anonymised data (which is no longer personal data) cannot be attributed to you and therefore cannot be deleted.
Right to data portability (Art. 28 FADP): You may request your data in a commonly used electronic format
Right to withdraw consent: You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Withdrawal of consent for sensitive data processing may limit the functionality of the Services.
Right to object (Art. 30–32 FADP): You may object to processing that you believe breaches your personality rights.

To exercise any of these rights, contact us at privacy@evertold.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with Art. 8 FADP. These measures include:

Encryption of data in transit (TLS) and at rest
Access controls and role-based permissions
Regular security assessments and penetration testing
Employee confidentiality obligations and training
Incident response procedures

No method of transmission or storage is completely secure. In the event of a data security breach that poses a high risk to your personality or fundamental rights, we will notify the FDPIC as quickly as possible and inform you where required for your protection, in accordance with Art. 24 FADP.

12. Children

The Services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@evertold.ai and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via the App or by email at least 30 days before they take effect. Your continued use of the Services after such changes constitutes acceptance of the updated policy. Previous versions of this policy will be archived and available on request.

14. Governing Law & Jurisdiction

This Privacy Policy is governed by Swiss law. Any disputes arising from or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of Zug, Switzerland.

15. Contact

Fireminer AG Wadsack Zug AG Bahnhofstrasse 7, 6300 Zug, Switzerland Email: privacy@evertold.ai