Privacy Policy

Last Updated: August 10, 2025

1. About

Welcome to Prospera AI ("we", "us", "our"). We are a Swiss company providing a platform that empowers sales teams and agencies to build multi-channel AI agents for email, AI calling, and LinkedIn interactions. Your privacy is of paramount importance to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform and services.

2. Data Controller & Roles

For website, account, billing and support data, Prospera AI is the data controller. For customer-submitted content and contact/lead data processed in the Service (e.g., emails, call data, LinkedIn interactions), the Customer is the controller and Prospera AI acts as processor.

Contact Information

Email: tim@prospera-ai.com

Address: Dorfstrasse 24, 8596 Scherzingen, Switzerland

3. Information We Collect

Account & Billing Information

Name, business email, role, company, billing details (payment is handled by our PSP as a separate controller).

Usage & Log Data

Product interactions, IP address, device/browser info, timestamps, diagnostics.

Communication Data

Support requests, emails, in-product messages, call recordings only if enabled by Customer.

Customer Content & Contacts (Processor Data)

Messages, lead/contact details, notes, call/audio content, and related metadata that you or your organization upload or connect (e.g., via CRM, email, calendar, VoIP, LinkedIn).

Cookies & Similar Technologies

See our Cookie Policy for details and choices.

Sources

Data from you/your organization; automatically via the Service; from connected integrations you authorize (e.g., email, CRM, LinkedIn, VoIP); from our service providers; and, where lawful, publicly available business sources.

4. How We Use Your Information

We process personal data to:

•Provide and operate the Service (accounts, seats, features, integrations).
•Secure the Service (access control, logging, abuse/fraud prevention).
•Support & communications (product updates, incident notices, responses to requests).
•Improve & analyze the Service (quality, diagnostics, roadmap decisions).
•Marketing with consent where required (newsletters, promos; unsubscribe anytime).
•Compliance & enforcement (contracts, legal obligations).

Processor role: Where we act as processor, we process data only on Customer instructions per the DPA.

5. Legal Basis for Processing

We rely on:

•Contract necessity (Art. 6(1)(b) GDPR) for providing the Service.
•Legitimate interests (Art. 6(1)(f) GDPR) for security, service improvement, limited analytics (with opt-out), and fraud prevention, balanced against your rights.
•Consent (Art. 6(1)(a) GDPR) for marketing and non-essential cookies/trackers.
•Legal obligation (Art. 6(1)(c) GDPR) for tax, accounting, compliance.

(For Switzerland: processing follows DSG requirements incl. Art. 31 DSG.)

7. International Data Transfers

We may transfer data outside Switzerland and the EEA. Where we do, we implement appropriate safeguards, including:

•EU Standard Contractual Clauses (Modules 2/3) with Swiss addendum, and UK IDTA/Addendum where applicable;
•Transfer Impact Assessments and supplementary measures (e.g., encryption, access controls).

8. Your Rights

Subject to law, you have the right to access, rectify, erase, restrict, object (including to processing based on legitimate interests), and data portability. Where processing relies on consent, you may withdraw it at any time (without affecting prior processing).

We respond within one month (extendable as permitted). You may lodge a complaint with the Swiss FDPIC/EDÖB or with your competent EU supervisory authority.

Submit a Request

Email: tim@prospera-ai.com

(We may verify your identity before processing requests)

9. Data Retention

We retain data only as long as necessary for the purposes described or as required by law:

•Account & billing: contract term + up to 10 years (Swiss accounting law).
•Usage/logs: 90–180 days (security/diagnostics).
•Customer content/contacts (processor): contract term + 30 days post-termination (then deletion or anonymization per DPA).
•Support tickets: up to 24 months.

Retention periods may vary where legal holds or statutory duties apply.

10. Security

We maintain appropriate technical and organizational measures, including encryption in transit and at rest, role-based access with MFA, least-privilege, audit logging, backups, vendor due diligence, and an incident response process with notification obligations (incl. GDPR 72-hour notice where required).

11. Automated Decision-Making & Profiling

We do not make solely automated decisions producing legal or similarly significant effects about you. If this changes, we will inform you about the logic, significance, and your rights (including human review).

12. Changes to This Policy

We may update this Policy. We will notify you of material changes (e.g., in-app/email) and indicate the "Last Updated" date. Continued use after the effective date signifies acceptance.

Questions about our privacy practices? Contact us