Legal

Privacy policy (revDSG & GDPR)

Controller
LLM Optimizeation Ready
Hünenbergerstrasse 8, 6330 Cham, Switzerland
Email: privacy@llmoready.com
Website: llmoready.com

Scope
This privacy policy explains the type, scope, and purposes of processing personal data when using our website, our SaaS platform ("LLMO Ready"), and related services. It complies with the Swiss Federal Act on Data Protection (revDSG) and – where applicable – the EU General Data Protection Regulation (GDPR).

Definitions
"Personal data" means any information relating to an identified or identifiable natural person. "Processing" covers any handling of data (e.g. collection, storage, use, disclosure, deletion). "Processors" are service providers that process data on our behalf.

1. Data we collect

We may process the following categories of data:

  • Account data: email address, name, company name, password (hashed), profile settings.
  • Contract & payment data: subscription plan, payment method, invoices, transaction history (partially held by payment processors).
  • Platform usage data: product uploads, generated knowledge packs, API requests, analytics on use frequency (anonymized statistics).
  • Technical data: IP address, browser type, device information, access logs, cookies/similar technologies.
  • Communication data: support inquiries, email correspondence, feedback forms.

2. Purposes of processing

Personal data is used exclusively for the following purposes:

  1. Provision of the website & SaaS platform, performance of pre-contractual measures, contract fulfilment.
  2. Account creation, authentication, access management (user and role management).
  3. Billing & payment processing, including compliance with statutory retention duties.
  4. Support & communication, handling of inquiries, incident handling.
  5. Security & stability, fraud prevention, abuse prevention, logging of system events.
  6. Product improvement, analysis of anonymised usage data (no personal profiling).
  7. Legal obligations (e.g. retention of accounting documents, compliance with data protection or tax laws).

3. Legal basis (revDSG / GDPR)

  • Contractual performance (Art. 6(1)(b) GDPR): account management, use of platform, billing.
  • Legitimate interests (Art. 6(1)(f) GDPR): statistics, security, fraud prevention, support efficiency, product optimization.
  • Legal obligations (Art. 6(1)(c) GDPR): storage of invoices, compliance with tax law.
  • Consent (Art. 6(1)(a) GDPR): where explicitly requested (e.g. analytics, newsletter if applicable).

4. Third-party processors & data sharing

We only disclose data to third parties insofar as necessary for service delivery or required by law. Processors are contractually bound to comply with data protection legislation and process data solely in accordance with our instructions. Categories of processors include:

  • Hosting providers (servers, CDN, database services).
  • Cloud services (storage, backup, media processing).
  • Payment processors (credit card / SEPA / third-party providers; data directly transmitted to them).
  • Customer support tools (email, ticket system).
  • Analytics / monitoring (anonymized usage statistics, performance monitoring).

A detailed list of subprocessors is available at llmoready.com/subprocessors. We do not sell data to third parties for marketing or advertising purposes.

5. Data transfers to third countries

If processing takes place in countries without an adequate level of data protection, we implement appropriate safeguards (usually EU standard contractual clauses and supplementary measures). Copies are available on request via privacy@llmoready.com.

6. Storage duration

We process personal data only as long as necessary for the purposes outlined above or as required by law. Contract and billing data are retained in line with statutory periods (usually 10 years in Switzerland and up to 10 years under EU law). Afterwards, data are anonymised or deleted.

6a. Trial access and data retention

When using a trial access, the following additional regulations apply:

  • During the trial: All data is processed to provide the trial access (login, account data, usage data, analysis results, technical logs).
  • Day 0 after trial ends (without upgrade):
    • Account is set to "trial_expired", login remains possible for upgrade
    • API access is deactivated
    • Automated cronjobs (monitoring, analyses) are stopped
    • User data is retained for 30 days for possible reactivation
  • After 30 days (without upgrade or reactivation):
    • All productive content and analysis data is anonymised
    • Knowledge Packs, product analyses and crawl data lose personal reference
    • Anonymised data serves exclusively statistical purposes (industry trends, performance benchmarks)
  • After 90 days:
    • All remaining personal data is deleted or fully anonymised
    • Exception: Invoice and contract data according to statutory retention obligation (10 years per revDSG Art. 12 + OR Art. 958f)
    • Invoice data retains personal reference for 10 years (tax law requirement)
    • Security logs are deleted after 12 months (unless security-relevant incidents exist)
  • After 10 years (invoice data):
    • Invoice data is anonymised (only amount, tax, industry – no address data)
    • Stripe references are removed

Legal bases: Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interest), Art. 6(1)(c) GDPR (legal obligation) – corresponding to revDSG Art. 12, 13 Abs. 1.

Statistical use of anonymised data

After the trial expires, anonymised data may be used for:

  • Industry-specific performance benchmarks (e.g., "Average AI visibility in category X")
  • Time series analyses for product development
  • Aggregated usage statistics

This data is no longer personal and cannot be assigned to any individual user.

7. Mandatory information

Specific data are required to register or provide our services. Without these details, account creation or service delivery is not possible.

8. Cookies & similar technologies

We use necessary cookies (e.g. session/CSRF) and – with consent – optional cookies/local storage for analytics or convenience. A consent banner allows you to manage and withdraw choices. Details: llmoready.com/cookies.

9. No automated individual decision-making

We do not conduct automated decision-making with legal effect. No profiling for marketing purposes.

10. Data security

We implement appropriate technical and organisational measures (encryption in transit/at rest, access restrictions, role management, backup/recovery, logging, hardening, least privilege).

11. Minors

Our offering targets business customers (B2B). We do not intentionally process data of minors.

12. Your rights

Depending on applicable law (revDSG/GDPR), you have rights to access, rectification, deletion, restriction, data portability, and objection to processing based on legitimate interests. You may withdraw consent at any time with future effect. Contact: privacy@llmoready.com. Complaints: Switzerland: Federal Data Protection and Information Commissioner (FDPIC); EU/EEA: competent supervisory authority at your place of residence, work, or alleged infringement.

13. Changes

We may amend this policy if we have a legitimate interest and amendments are reasonable. The current version always applies.

Effective: 01.10.2025 · Version 1.0