Privacy Policy
Last updated: 1 August 2026 Data controller: Envestis SA, Via Pretorio 13A, 6900 Lugano, Switzerland — info@envestis.ch
1. Who we are and the scope of this Policy
1.1. This Privacy Policy explains how Envestis SA (“ciaopost”, “we”, “us”) collects, uses, discloses, and protects personal data in connection with the ciaopost application, website, and services (the “Service”).
1.2. The Service is operated from Switzerland. We process personal data in accordance with the Swiss Federal Act on Data Protection (nLPD/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
1.3. This Policy covers three groups of people: (a) Business users — merchants, companies, and their invited Team Members who hold an account; (b) End Customers — customers of a Business who record or provide a testimonial through the Service; (c) Website visitors — anyone who visits our public website.
1.4. Cookies and tracking technologies used on our website are described in a separate Cookie Policy.
2. Our two roles: controller and processor
This is the most important distinction in this Policy.
2.1. We are the data CONTROLLER for:
- the personal data of Business users (account, billing, and usage data);
- the personal data of website visitors.
2.2. We are a data PROCESSOR for:
- the personal data of End Customers contained in testimonials and consent records. In this case the Business is the controller and decides why and how this data is used; we process it only on the Business’s instructions to provide the Service.
2.3. As a consequence, an End Customer who wants to exercise rights over their testimonial (access, correction, deletion, withdrawal of consent) should contact the Business that collected it. We will assist the Business as processor.
3. Personal data we collect
3.1. Business users (we are controller)
| Data | Examples | Source |
|---|---|---|
| Identity & contact | name, business name, email | you, at sign-up |
| Account & profile | segment (b2c/b2b), business category, city, preferences | you |
| Team members | names and emails of invited team members | you |
| Authentication | login credentials, session data | you / generated |
| Billing | subscription tier, payment status, invoices (card data handled by our payment processor, not stored by us) | you / Stripe |
| Connected accounts | access tokens for the social accounts you connect (stored encrypted) | you, via OAuth |
| Usage | posts created, publish outcomes, quota usage, logs | generated |
| Support | messages you send us | you |
3.2. End Customers (we are processor, on the Business’s behalf)
| Data | Examples | Source |
|---|---|---|
| Identity | first name (and any name the customer provides) | the End Customer, via the Business |
| Testimonial content | video, voice recording, photo, and/or text | the End Customer |
| Biometric-adjacent content | the customer’s image and voice within the testimonial | the End Customer |
| Consent record | the authorisation, relevant identifiers, and finger-drawn signature | the End Customer |
| Transcription | text transcription of the spoken testimonial | generated by AI |
3.3. Website visitors (we are controller)
| Data | Examples | Source |
|---|---|---|
| Technical | IP address, device, browser, pages viewed | automatic |
| Cookies & pixels | analytics and advertising identifiers | see Cookie Policy, subject to consent |
3.4. Fraud-prevention data
To prevent repeated abuse of the free trial, we retain a minimal record derived from a connected social account: a hashed identifier, a flag indicating a trial was used, and a date. This record survives account deletion, because deleting it would defeat its purpose. It is not used for any purpose other than fraud prevention.
4. Why we use personal data and our legal basis
4.1. As controller (Business users and visitors)
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and operate the Service, manage your account | Performance of a contract (Art. 6(1)(b)) |
| Process payments and manage subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Publish your content to your connected accounts | Performance of a contract (Art. 6(1)(b)) |
| Send service/transactional emails | Performance of a contract (Art. 6(1)(b)) |
| Secure the Service, prevent fraud and abuse | Legitimate interests (Art. 6(1)(f)) |
| Fraud-prevention record (§3.4) | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations (accounting, tax) | Legal obligation (Art. 6(1)(c)) |
| Improve the Service, aggregate analytics | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications (where applicable) | Consent or legitimate interests |
| Website analytics and advertising cookies/pixels | Consent (Art. 6(1)(a)) — see Cookie Policy |
4.2. As processor (End Customer data)
We process End Customer testimonial and consent data only on the Business’s instructions, to provide the Service (produce, subtitle, caption, and publish the testimonial to the Business’s channels). The lawful basis for collecting and publishing End Customer data is the responsibility of the Business (the controller), whose basis is the consent the End Customer gives through the Service.
5. AI processing
5.1. To provide the Service we use AI to (a) transcribe spoken testimonials into text and (b) generate captions and hashtags for posts.
5.2. Transcription is performed via a Whisper-family model provided by our sub-processor OpenRouter. The audio/text is processed to produce the transcription and is not used to train third-party models.
5.3. The subtitle text reproduces the End Customer’s own words verbatim. AI-generated captions and hashtags are separate content authored on the Business’s behalf and reviewed by the Business before publication.
6. Who we share personal data with
6.1. We do not sell personal data.
6.2. We share personal data with the following categories of recipients:
Sub-processors (acting on our instructions):
| Sub-processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Hosting and storage | Germany (EU) |
| Stripe | Payment processing | EU and US |
| Brevo | Transactional email | EU |
| OpenRouter (Whisper-family model) | Transcription and AI captions | US |
| Sentry | Error monitoring | EU and US |
| Firebase Cloud Messaging | Push notifications | US |
A current list of sub-processors is maintained and available on request. Social media platforms (when you publish): when you publish content, it is sent to the platforms you connected (Facebook, Instagram, TikTok, X, Pinterest, YouTube, LinkedIn). Your and your End Customers’ content becomes subject to those platforms’ own privacy policies once published.
Advertising and analytics partners (website only, subject to consent): where you consent, our website loads tracking pixels from advertising and analytics partners (e.g. Meta/Facebook, TikTok, LinkedIn, Google/YouTube). These partners act as independent controllers or joint controllers for the data collected through their pixels. See the Cookie Policy for the full list and their policies.
Legal and corporate: we may disclose data where required by law, to enforce our terms, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets.
7. International data transfers
7.1. We are based in Switzerland. Some sub-processors and advertising partners are located outside Switzerland/the EU, including in the United States.
7.2. Where we transfer personal data outside Switzerland/the EEA, we rely on appropriate safeguards, such as Standard Contractual Clauses, and the Swiss-US and EU-US Data Privacy Framework where the recipient is certified under it.
8. How long we keep personal data
| Data | Retention |
|---|---|
| Business account data | For the life of the account + 30 days after closure |
| Billing/invoice data | As required by law (ten years, Swiss accounting rules) |
| End Customer testimonials & consent records | Per the Business’s instructions; consent records kept as evidence for ten years |
| Connected-account tokens | Until you disconnect or close the account |
| Logs and technical data | 12 months |
| Fraud-prevention record (§3.4) | Retained beyond account deletion, for as long as needed to prevent abuse |
| Website analytics | Per the Cookie Policy |
When data is no longer needed, we delete or anonymise it, subject to legal retention obligations and the fraud-prevention exception above.
9. Your rights
9.1. Depending on your location and applicable law (GDPR/nLPD), you have the right to:
- access your personal data;
- rectify inaccurate data;
- erase your data (“right to be forgotten”), subject to legal exceptions and the fraud-prevention record;
- restrict or object to processing, including processing based on legitimate interests and direct marketing;
- data portability;
- withdraw consent at any time, where processing is based on consent (this does not affect prior processing);
- lodge a complaint with a supervisory authority (in Switzerland, the FDPIC; in the EU, your local data protection authority).
9.2. Business users may exercise these rights by contacting us at info@envestis.ch.
9.3. End Customers should exercise rights over their testimonial by contacting the Business that collected it, because the Business is the controller of that data (§2). We will support the Business’s response as processor.
9.4. We respond within the timeframe required by law (generally one month under GDPR). We may need to verify your identity before acting.
10. Security
10.1. We implement technical and organisational measures appropriate to the risk, including encryption of connected-account tokens at rest, access controls, and secure infrastructure.
10.2. No system is perfectly secure. We cannot guarantee absolute security, but we maintain measures designed to protect personal data and will notify you and the relevant authorities of a data breach where required by law.
11. Children
11.1. The Service is intended for businesses and adults. Business accounts require users to be at least 18.
11.2. The Business must not use the Service to capture testimonials from minors unless lawfully permitted with appropriate consent, and the Business is responsible for that compliance.
12. Changes to this Policy
We may update this Policy. We will post the updated version with a new date and, for material changes, provide notice by email and in-app notice.
13. Contact
Data controller: Envestis SA, Via Pretorio 13A, 6900 Lugano, Switzerland Privacy contact: info@envestis.ch General: info@envestis.ch
Appendix — Open Items for Counsel (not part of the published Policy)
- DPA (GDPR Art. 28) — separate document governing the processor relationship for End Customer data. Reference it here.
- EU representative (Art. 27) — likely required given EU End Customers and users.
- Special-category data — confirm treatment of image/voice (§3.2).
- Transfer mechanisms — specify per recipient, especially US pixels and AI provider (§7).
- Retention periods — set all bracketed values (§8) consistently with the ToS and Swiss law.
- Fraud-prevention record — validate legitimate-interest basis for data surviving deletion (§3.4, §8).
- Marketing basis — consent vs legitimate interest (§4.1).
- AI Act — transparency obligations for AI output (§5.4).
- Sub-processor list — keep the table (§6) current and DPA-backed.