Privacy Policy

1. Introduction

AI Router Switzerland, operated by Nextgen Computing GmbH, is committed to protecting your personal data.

We comply with the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Responsible Entity

Nextgen Computing GmbH
Schönaustrasse 61
5430 Wettingen
Switzerland
Email: chris@nextgen.ch

3. Data We Process

a) API Usage (Core Service)

• Input data (prompts) is processed transiently in memory
• No storage of prompts or outputs
• No profiling, analytics, or model training

We act as a data processor for API content.

b) Account and Billing Data

• email address
• subscription information
• billing data (processed via Stripe)

c) Technical Logs

• IP address
• timestamps
• request metadata (endpoint, status codes)

Used for security, abuse prevention, and system stability.

Retention: up to 14 days.

4. Legal Basis for Processing (GDPR where applicable)

Where GDPR applies, we process personal data based on:

• Contract performance (Art. 6(1)(b)) — providing the API service
• Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, and system stability
• Consent (Art. 6(1)(a)) — where explicitly required

5. Data Retention

• API data (prompts, outputs): not stored
• Technical logs: up to 14 days
• Account data: until account deletion, then up to 3 months for legal obligations
• Security logs: up to 12 months

6. Data Sharing

We do not sell personal data.

We use the following subprocessors:

• Stripe — payment processing
• Infrastructure providers — Switzerland-based compute and hosting

All subprocessors are bound by contractual data protection obligations.

7. International Transfers

Some data (e.g., Stripe) may be processed outside Switzerland/EEA.

Safeguards include:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable

8. Your Rights (GDPR)

Where applicable under the GDPR, you may have the right to:

• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Data portability
• Lodge a complaint with a supervisory authority

9. Swiss Rights (nFADP)

You also have equivalent rights under Swiss data protection law.

10. Cookies

No tracking cookies are used. Only essential session cookies for technical functionality.

11. Security

We implement appropriate technical and organizational measures including:

• TLS encryption
• Access controls
• Secure authentication
• Password hashing (Argon2)
• Isolated compute environments

12. EU Representative

We have not appointed an EU representative under Article 27 GDPR, as our processing is limited in scope, does not involve large-scale monitoring, and is low risk.

13. Contact

For any privacy-related inquiries, contact chris@nextgen.ch.

14. Changes

We may update this policy. The latest version is always published here.

Last updated: April 28, 2026