aidX

Privacy Policy

Last updated: March 2026

Controller

aidX AG, Bachtelstrasse 57, 8330 Pfäffikon ZH, Switzerland. Email: privacy@aidx.ch

What We Collect

  • Account data: email address, professional role (at registration)
  • Usage data: session logs, feature usage (anonymized)
  • Content data: chat inputs, uploaded documents, audio recordings — all clinical content is encrypted client-side before transmission. Our servers cannot access the plaintext content of your sessions.
  • Technical data: IP address, browser type, device identifiers

How We Use Your Data

  • To provide and improve the Service
  • To manage subscriptions and billing (via Stripe)
  • To send transactional emails (account, billing notifications)
  • To ensure security and prevent abuse

Zero-Knowledge Encryption Policy

Before any clinical content is transmitted, a pseudonymisation process runs automatically in your browser: names, locations, dates and other personal identifiers are detected and replaced with neutral placeholders — so that patient data never reaches our servers or the AI in identifiable form. All clinical content is then encrypted client-side with keys derived from your device. Our servers cannot access the plaintext content of your sessions.

Billing — Stripe

Payments are processed by Stripe, Inc. (stripe.com), a PCI DSS Level 1 certified payment service provider. When you subscribe, Stripe collects and processes your payment information under their own Privacy Policy (stripe.com/privacy). We receive only subscription status from Stripe — no full payment details are stored on our servers. aidX AG acts as the contracting party for your subscription.

AI Inference

AI inference is performed on infrastructure operated by us or under our direct control. No clinical content is transferred to third-party AI model providers.

Infrastructure & Hosting

Infrastructure is hosted by Infomaniak Network SA, Switzerland. All data remains on servers located in Switzerland.

Data Retention

  • Account data: retained for the duration of the subscription plus 12 months after cancellation
  • Content data: retained per your subscription tier's history limit. Users may delete content manually at any time.
  • Billing records: retained as required by Swiss law (10 years)

Your Rights (GDPR / nDSG)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

To exercise your rights: privacy@aidx.ch

Cookies

We use only technically necessary cookies for session management. No tracking or advertising cookies.

Security

We implement ISO 27001-aligned security practices including client-side encryption, encryption in transit and at rest, access controls, and regular security reviews.

Changes

We will notify you of material changes via email or in-app notice.

Contact

aidX AG · Bachtelstrasse 57 · 8330 Pfäffikon ZH privacy@aidx.ch