Odeo Logo

Privacy Policy – Odeo

Last updated: April 2026

1. Controller

The controller responsible for the data processing described in this Privacy Policy is:

Sidora AG
Sulzerallee 70
CH-8404 Winterthur
Switzerland
Email: info@sidora.ch

2. Scope and applicable law

This Privacy Policy describes how Sidora AG processes personal data in connection with the operation of the Odeo AI chatbot service and the website odeo.ch. The processing is carried out in compliance with the Swiss Federal Act on Data Protection (FADP / nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. Data we process

Depending on the use case, we process the following categories of personal data:

  • Contact data: first name, last name, email, phone, company (when you fill out a form)
  • Account data: login credentials, plan, billing data (for business customers using the Odeo Client Portal)
  • Conversation data: messages exchanged with the chatbot (for end users on customer websites)
  • Technical data: IP address (not stored permanently), browser, referrer, timestamps, error logs

4. Purpose of processing

We process personal data exclusively for the following purposes:

  • Operating the Odeo chatbot service and Client Portal
  • Generating chatbot responses based on the customer's knowledge base
  • Communication with our customers and prospects
  • Billing and contract management
  • Improving the customer's own bot (never for training of third-party models)
  • Security, fraud prevention, and abuse detection
  • Compliance with legal obligations

5. Legal basis

We process personal data based on:

  • Contract performance (Art. 6(1)(b) GDPR / Art. 31 nDSG)
  • Legitimate interests (Art. 6(1)(f) GDPR / Art. 31 nDSG), e.g. service improvement and security
  • Consent (Art. 6(1)(a) GDPR / Art. 6 nDSG), where applicable
  • Legal obligation (Art. 6(1)(c) GDPR / Art. 31 nDSG)

6. Hosting and data location

All personal data is stored exclusively on servers in Switzerland. Backups, processing, and operations are performed in Swiss data centres. Data does not leave Switzerland for routine operations.

7. Use of AI third-party providers

To generate chatbot responses, message content is transmitted to AI providers (in particular OpenAI). We ensure that:

  • Transmissions are encrypted (TLS 1.2+)
  • Contractual safeguards (Data Processing Agreements) are in place with the providers
  • Conversation data is not used by the providers to train their models for third parties
  • Customers can request a list of subprocessors at any time

8. Cookies and tracking

We do not use marketing or tracking cookies on odeo.ch. Only strictly necessary technical cookies are set, e.g. for session management or the cookie banner itself. IP addresses are not stored permanently.

9. Data retention

We retain personal data only as long as necessary for the stated purposes:

  • Contact form submissions: 3 years (Swiss statute of limitations)
  • Conversation data: as configured by the business customer; default 12 months
  • Billing data: 10 years (mandatory under Swiss accounting law)
  • Account data: deleted within 30 days after contract termination

10. Your rights

You have the following rights regarding your personal data:

  • Right of access (Art. 25 nDSG / Art. 15 GDPR)
  • Right to rectification (Art. 32 nDSG / Art. 16 GDPR)
  • Right to erasure (Art. 32 nDSG / Art. 17 GDPR)
  • Right to data portability (Art. 28 nDSG / Art. 20 GDPR)
  • Right to object (Art. 30 nDSG / Art. 21 GDPR)
  • Right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority

To exercise your rights, please contact info@sidora.ch.

11. Data security

We implement technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include encryption in transit (TLS), encryption at rest, access controls, regular security audits, and staff training.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available at odeo.ch/en/privacy. Material changes will be communicated via email to registered users at least 30 days before they take effect.