Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller responsible for your personal data is:

Vision Security Labs GmbH
Bahnhofstrasse, c/o Incoswiss AG
6300 Zug, Switzerland
[email protected]

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information
  • Profile information
  • Payment information (processed securely by Stripe; we do not store card details)
  • Usage data
  • Voice recordings (for Voice Mode subscribers)
  • Device and session information for security purposes

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Track your progress and deliver answer evaluations
  • Send you technical notices and support messages
  • Detect and prevent fraud, account sharing, and abuse
  • Respond to your comments and questions

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: to provide the services you have subscribed to
  • Legitimate interests: to maintain security, prevent fraud, and improve the service
  • Consent: for voice recordings, which you explicitly enable by using Voice Mode
  • Legal obligation: where required by applicable law

5. Voice Recordings

When you use Voice Mode, your audio is:

  • Transmitted securely to our servers and stored in encrypted cloud storage
  • Transmitted to OpenAI for transcription and answer evaluation
  • Used solely to evaluate your answer against expected responses
  • Never shared with third parties for marketing purposes
  • Retained for as long as your account is active and deleted upon account closure

By enabling Voice Mode, you consent to the recording and processing of your voice data as described above. You may withdraw this consent at any time by discontinuing use of Voice Mode.

6. Data Retention

We retain your personal data for as long as necessary to provide the service and comply with our legal obligations:

  • Account data: retained while your account is active; deleted upon account closure upon request
  • Voice recordings: retained while your account is active; deleted upon account closure
  • Practice session data: retained while your account is active
  • Billing records: retained for the period required by applicable law (typically 10 years under Swiss law)

7. Third-Party Services

We use third-party processors including Stripe (payment processing) and OpenAI (voice transcription and answer evaluation). We also use providers for cloud storage, email delivery, and optional social login (Google, Microsoft). Some processors operate outside Switzerland/EEA; standard contractual clauses are in place.

8. Cookies

We use cookies and similar technologies to maintain your session, authenticate your account, and ensure the security of the service. These strictly necessary cookies cannot be disabled without affecting service functionality. We also offer optional analytics, including Google Analytics and first-party product usage measurement, which only run if you choose to accept analytics. We do not use cookies for advertising purposes.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is transmitted over HTTPS.

10. Your Rights

Under applicable data protection law (including the Swiss FADP and GDPR where applicable), you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict the processing of your data
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC)

To exercise any of these rights, or for any questions regarding this policy, contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service.