Privacy Policy
1. Data Controller
The party responsible for data processing is: Alexander Boll, Sprintbox GmbH, Schutzengelstrasse 46, 6340 Baar. Contact: alexander.boll@codebar.ch.
2. Purpose
We use your data to provide the Sprintbox service, for authentication, for AI text and image generation (via Anthropic, OpenAI, or PublicAI for text; OpenAI or Google Gemini for images, depending on organization settings), and for sending transactional emails (e.g., password reset, magic link login).
3. Legal Basis
Under the Swiss Federal Data Protection Act (FADP), we process your data on the following basis: contract fulfillment (providing the service), your consent (optional profile data such as LinkedIn and skills), and our legitimate interest (session cookies, security).
4. Data Collected
Upon registration (via magic link), we store your name and email address. We store temporary tokens sent by email for magic link login. If you set a password (e.g., via password reset), it is stored in hashed form.
When using the app, we store organization memberships, invitation data, interview data, and related content. If you create a profile, we store your LinkedIn URL, headline, skills, and a persona summary for AI prompts. Uploaded file attachments (PDFs, images) and their AI-extracted content are stored. For AI image generation, we send prompts to the configured provider. Session data is stored for authentication.
5. Recipients and Third Parties
When using "Generate with AI", your context and prompts are sent to Anthropic (Claude), OpenAI (GPT), or PublicAI (Apertus) for text generation, depending on your organization's configuration. For image generation, we use OpenAI (DALL-E) or Google Gemini. Each provider processes this data according to its privacy policy. Transactional emails may be sent via our email service provider. We do not share your data with third parties for marketing purposes.
6. International Data Transfer
Anthropic, OpenAI, and Google are based in the USA. Switzerland has not recognized the USA as a country with adequate data protection. We ensure protection through contractual guarantees (e.g., standard contractual clauses, data processing agreements) with these US providers. PublicAI (Apertus) is based in Switzerland and may process data in Switzerland or the EU. Our email service provider may also process data outside Switzerland depending on configuration. You may request information about the guarantees for individual transfers.
7. Cookies and Sessions
We use session cookies for authentication. These are required for the operation of the service. We do not use tracking or advertising cookies.
8. Retention
We store your data as long as your account exists.
9. Security
We protect your data with appropriate technical and organizational measures: passwords are hashed (bcrypt), connections use HTTPS, session management follows secure practices, and API keys for AI providers are stored encrypted. Access to personal data is restricted to authorized persons.
10. Automated Decisions
We do not use automated individual decisions within the meaning of Art. 21 FADP (e.g., profiling, credit scoring, or algorithmic decisions that significantly affect you). AI-generated content supports your work but does not constitute such a decision.
11. Your Rights
Under the Swiss Federal Data Protection Act (FADP), you have the right to access (Art. 25), rectification (Art. 32), deletion (Art. 33), restriction of processing, data portability (Art. 28), and objection to processing (Art. 30). You may also file a complaint with the Federal Data Protection and Information Commissioner (FDPIC). Contact us at the email address above to exercise your rights.
12. Supervisory Authority
You have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of your personal data violates Swiss data protection law. FDPIC: Feldeggweg 1, 3003 Bern, Switzerland. Website: https://www.edoeb.admin.ch.
13. Changes
We may update this privacy policy. Changes will be published on this page.