Privacy Policy
Last updated: June 2026
Data Controller: Adopt-AI SA, Geneva, Switzerland
1. Introduction
This Privacy Policy describes how Adopt-AI SA ("we", "Nectos") collects, processes, and protects personal data of users of the Nectos platform (nectos.ch, nectos.ai) and any associated communications.
We are committed to compliance with the Swiss Federal Act on Data Protection (nDSG/FADP), the EU General Data Protection Regulation (GDPR) where applicable, and all relevant legal provisions.
2. Data Controller
Adopt-AI SA
Rue du Pré-de-la-Bichette 1, 1202 Geneva, Switzerland
CHE-147.175.593
3. Data Collected
3.1 Account Data
Upon registration or demo request: first name, last name, email address, company name, phone number (optional), plan of interest.
3.2 Usage Data
Technical access logs (anonymized IP address, browser type, pages visited, timestamp), aggregated usage metrics.
3.3 User Content
Documents uploaded to knowledge bases, conversations with the AI assistant, web search queries.
3.4 Email Data (Gmail integration)
When you connect your Gmail account to Nectos via the optional Google OAuth2 integration, Nectos accesses the following data:
- Reading your emails (subject, sender, content preview)
- Sending emails on your behalf, upon your explicit request
- Draft management
Protection mechanisms for this data:
- No Gmail data is stored on our servers. Emails are retrieved in real time solely to respond to your request and displayed exclusively to you.
- OAuth2 access tokens are encrypted at rest with AES-256 and stored exclusively on Swiss sovereign infrastructure (Hidora SA).
- Gmail data is never used to train, fine-tune, or improve any artificial intelligence model.
- You can revoke access at any time from Settings → Integrations in Nectos.
3.5 Billing Data
Processed exclusively by Payrexx AG (Swiss FINMA-regulated provider). Nectos does not store any payment card data.
3.6 Location Data ("Data Journey" feature)
When you enable the Data Journey feature, which visualizes in real time the path of your requests through the Nectos infrastructure, your approximate location (city or region) is used to display your point of origin on the interactive map.
Processing of your location:
- Access to your location is requested explicitly via your browser's standard permission dialog. You can decline without any loss of functionality; the map simply displays without a point of origin.
- Your GPS position is used solely for visual display. It is not transmitted to our servers or retained.
- Accuracy is limited to the city or region.
Note regarding Google Maps:
This feature uses the Google Maps service for map display. Loading the map tiles involves requests to the servers of Google LLC (United States). These requests do not contain your personal data or the content of your exchanges with Nectos. For more information, see Google's privacy policy.
4. Processing Purposes
| Purpose | Legal basis |
|---|---|
| Provision of the Nectos service | Contract performance (Art. 6(1)(b) GDPR) |
| Communication and support | Legitimate interest / consent |
| Billing and accounting | Legal obligation |
| Service improvement | Legitimate interest (aggregated data only) |
| Security and fraud prevention | Legitimate interest |
| Marketing (newsletter, if applicable) | Explicit consent |
5. Data Residency — Swiss Guarantee
All data is stored and processed exclusively in Switzerland, on Hidora SA infrastructure (Switzerland).
No data is transferred to subprocessors located outside Switzerland without your explicit consent. Optional web search queries are anonymized before any contact with external providers.
6. Zero Training Commitment
Nectos does not train, fine-tune, or improve any AI model — its own or third-party — using customer data.
This commitment is contractual and applies to:
- Your conversations with the AI assistant
- Documents in your knowledge bases
- Your queries and prompts
- All other customer content
7. Data Sharing
We do not sell, rent, or share your personal data with third parties for commercial purposes.
We may share data only with:
- Hidora SA — infrastructure hosting (Switzerland)
- Payrexx AG — payment processing (Switzerland)
- Swiss authorities — when legally required
8. Data Retention
| Data type | Retention period |
|---|---|
| Account data (active accounts) | Duration of subscription + 30 days |
| Account data (after cancellation) | 30 days, then deletion |
| Technical access logs | 90 days |
| Billing data | 10 years (Swiss legal obligation) |
| User content (conversations, documents) | Duration of subscription |
After applicable periods, data is deleted securely and irreversibly.
9. Your Rights
Under the nDSG/FADP and GDPR, you have the following rights:
- Right of access — obtain a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data
- Right to portability — receive your data in a structured format
- Right to object — object to certain processing
- Right to restriction — restrict processing in certain cases
To exercise these rights: [email protected]
We will respond within 30 days.
10. Cookies
Nectos uses a minimal set of technically necessary cookies. No advertising or third-party tracking cookies are placed without your consent.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session | Technical | Authentication | Session |
| CSRF | Technical | Security | Session |
| GA4 (_ga) | Analytics | Anonymous statistics | 2 years |
11. Minors
Nectos is a professional service intended for adults. We do not knowingly collect data from individuals under 16.
12. Changes
We may update this Privacy Policy. Any material changes will be notified by email to registered users at least 14 days before taking effect.
13. Contact and Complaints
Adopt-AI SA — [email protected]
Rue du Pré-de-la-Bichette 1, 1202 Geneva
You have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch