Privacy Policy

This Privacy Policy describes our practices regarding the personal data we collect from or about you when you use Sanction Compass and related software and services (collectively referred to as “Services”).

1. Data controller

zehnplus GmbH, with its registered office at Baarerstrasse 52, 6300 Zug, Switzerland, is the data controller responsible for the processing of your Personal Data as described in this Privacy Policy.

We rely on the following service providers to assist us in delivering our services to you (collectively, the “Service Providers”):

OpenAI (Language Model Provider):

We utilise OpenAI’s language model to enhance our service’s capabilities, including text generation and conversational interfaces.
https://openai.com/policies/row-terms-of-use/
https://openai.com/policies/row-privacy-policy/

Hetzner (Cloud Server Provider):

Hetzner provides the infrastructure and hosting services for our platform, ensuring reliable access and data storage.
https://www.hetzner.com/legal/terms-and-conditions/
https://www.hetzner.com/legal/privacy-policy/

Stripe (Payment Services Provider):

We use Stripe to process payments securely and efficiently for transactions conducted through our platform.

https://stripe.com/en-gr/legal/consumer

By accepting these Terms of Use, you acknowledge and agree that you are also subject to the terms, conditions, and policies of the third-party Service Providers. You agree to review and comply with the terms and policies of these third-party services, as referenced above. Your continued use of our services constitutes your acceptance of any updates or changes to these third-party terms. If you do not agree to the terms of these third-party services, you must refrain from using our services.

2. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) as described below:

Personal Data You Provide.

We collect the following Personal Data when you create an account or communicate with us-

Account Information: When you create an account with us, we collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history (collectively, “Account Information”).
User Content: When you use our Services, we collect Personal Data included in the input, file uploads, or feedback you provide (“Content”).
Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (collectively, “Communication Information”).
Social Media Information: When you interact with our social media pages, we collect Personal Data that you choose to provide to us, such as your contact details (collectively, “Social Media Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.
Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your age or identity (collectively, “Other Information You Provide”).

Personal Data We Receive Automatically from Your Use of the Services.

When you visit, use, or interact with the Services, we receive the following information (“Technical Information”):

Log Data: Information your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
Device Information: Includes the name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services and improve your experience.

Personal Data We Receive from Other Sources.

We may collect information from other sources, including publicly available information on the internet, particularly to develop the models that power our Services. We also receive information from our trusted partners, such as security partners to protect against fraud, abuse, and other security threats to our Services, or marketing vendors who provide us with information about potential customers of our business services.

3. How We Use Personal Data

We may use Personal Data for the following purposes:

To Provide and Maintain Our Services: We use your Personal Data to deliver and manage the Services effectively.
To Improve and Develop Our Services: We continuously strive to enhance our Services and introduce new features, conducting research and analysis as needed.
To Communicate with You: We may use your Personal Data to communicate important information about our Services, including sending you updates, and marketing materials related to our Services and events.
To Prevent Fraud and Criminal Activity: We use Personal Data to detect and prevent fraud, criminal activities, and misuse of our Services, ensuring the security of our systems and Services.
To Comply with Legal Obligations: We may process Personal Data to fulfil legal requirements and protect the rights, privacy, safety, or property of our users, ourselves, our affiliates, or any third party.

Aggregated or De-Identified Information. We may aggregate or de-identify Personal Data so that it can no longer be used to identify you. This information may be used to analyse the effectiveness of our Services, improve and add features, conduct research, and for similar purposes. Occasionally, we may share or publish aggregated information, such as general user statistics, with third parties. We collect this information through the Services, cookies, and other means described in this Privacy Policy. We will maintain and use de-identified information in an anonymous or de-identified form and will not attempt to re-identify the information unless required by law.

4. Disclosure of Personal Data

In certain circumstances, we may disclose your Personal Data to:

Vendors and service providers: We may share your Personal Data with vendors and service providers to assist us in meeting our business operation needs and performing specific services and functions. This includes providers of hosting services, customer service, cloud services, content delivery, data warehousing, support and safety monitoring, email communication software, web analytics, payment processing, and other IT services. These parties will access, process, or store your Personal Data only as necessary to fulfill their duties to us, in accordance with our instructions.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data and other information may be disclosed during the diligence process to counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interactions with our Services, with government authorities, industry peers, or other third parties as required by law. This includes, but is not limited to, situations where we believe in good faith that disclosure is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) investigate any violations of our terms, policies, or the law, (iv) detect or prevent fraud or other illegal activities, (v) safeguard the safety, security, and integrity of our products, employees, users, or the public, or (vi) protect against legal liability.
Affiliates: We may disclose Personal Data to our affiliates, which are entities that control, are controlled by, or are under common control with the Service Provider. Our affiliates will use your Personal Data in a manner consistent with this Privacy Policy.

5. Retention

We will retain your Personal Data only for as long as necessary to provide our Services to you or for other legitimate business purposes, such as resolving disputes, ensuring safety and security, or complying with legal obligations. The duration for which we retain Personal Data will depend on several factors, including:

Purpose of Processing: The specific purpose for which we are processing the data, such as whether it is necessary to retain the data to deliver our Services.
Data Characteristics: The amount, nature, and sensitivity of the data.
Risk Assessment: The potential risk of harm resulting from unauthorized use or disclosure of the data.
Legal Requirements: Any applicable legal obligations we must adhere to.

In some instances, the length of time we retain data may also depend on your settings. For example, ENSO AI’s data controls allow you to disable chat history. When chat history is turned off, conversations will not be saved in your history, and we will permanently delete new conversations after 30 days, reviewing them only as needed to monitor for and investigate abuse.

When a user deletes their account, we will delete or anonymize their Personal Data. We may retain certain anonymized inputs, such as questions asked or feedback provided, for purposes including improving our services, conducting analytics, and developing new features. These anonymized records will contain no personal identifiers and cannot be linked back to individual users.

6. Your Rights

You have the following statutory rights in relation to your Personal Data:

Access: You can access your Personal Data and obtain information regarding how it is processed.
Deletion: You can request the deletion of your Personal Data from our records.
Rectification: You can rectify or update your Personal Data.
Data Portability: You can transfer your Personal Data to a third party (right to data portability).
Restriction: You can restrict how we process your Personal Data.
Withdrawal of Consent: If we rely on consent as the legal basis for processing, you can withdraw your consent at any time.
Complaints: You can lodge a complaint with your local data protection authority (details below).

You have also the following rights to object:

Direct Marketing: You can object to our processing of your Personal Data for direct marketing purposes at any time.
Legitimate Interests: You can object to our processing of your Personal Data when it is based on your legitimate interests.

You can exercise some of these rights through your Sanction Compass account. If you are unable to exercise your rights through your account, please submit your request via support-sanctions@zehnplus.ch.

Please note that these rights may be limited in certain circumstances. For example, if fulfilling your request would reveal Personal Data about another person or if you ask us to delete information that we are required by law or have compelling legitimate interests to retain.

We hope to address any questions or concerns you may have. If you have unresolved complaints regarding our handling of your Personal Data, you can contact the Federal Data and Protection Information Commissioner (Switzerland), our lead supervisory authority, or your local supervisory authority. For any unresolved complaints relating to the UK you can reach out to the Information Commissioner’s Office.

Accuracy Note: Services like Sanction Compass generate responses by predicting the most likely words to follow a user’s request. In some cases, these predictions may not be factually accurate. Therefore, you should not rely solely on the factual accuracy of outputs from our models. If you notice that an Output contains factually inaccurate information about you, and you would like us to correct it, please submit a correction request to support-sanctions@zehnplus.ch. Due to the technical complexity of our models, we may not be able to correct inaccuracies in every instance. If necessary, you can request the removal of your Personal Data by contacting support-sanctions@zehnplus.ch.

7. Children

Our Services are not directed to, or intended for, children under the age of 16. We do not knowingly collect Personal Data from children under 16. If you have reason to believe that a child under 16 has provided Personal Data through the Services, please contact us at support-sanctions@zehnplus.ch. We will investigate any notifications received and, if appropriate, delete the Personal Data from our systems.

Users under the age of 18 must have permission from a parent or guardian to use our Services.

8. Legal Bases for Processing

When we process your Personal Data for the purposes described above, we rely on the following legal bases:

Purpose of processing	Type of Personal Data processed, depending on the processing activity:	Legal basis, depending on the processing activity:
To provide and maintain our Services	• Account Information • User Content • Communication Information • Other Information You Provide • Log Data • Usage Data • Device Information • Cookies and Similar Technologies	Where necessary to perform a contract with you, such as processing a user’s prompts to provide a response.
To improve and develop our Services, add new features and conduct research	• Account Information • User Content • Communication Information • Other Information You Provide • Data We Receive from Other Sources • Log Data • Usage Data • Device Information • Cookies and Similar Technologies	Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services, such as when we train and improve our models.
To communicate with you, including to send you information or marketing about our Services and events	• Account Information • Communication Information • Social Media Information • Other Information You Provide • Log Data • Usage Data • Device Information • Cookies and Similar Technologies	Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications.
To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services	• Account Information • User Content • Communication Information • Social Media Information • Other Information You Provide • Data We Receive from Other Sources • Log Data • Usage Data • Device Information • Cookies and Similar Technologies	Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services.
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party	• Account Information • User Content • Communication Information • Social Media Information • Other Information You Provide • Data We Receive from Other Sources • Log Data • Usage Data • Device Information • Cookies and Similar Technologies	Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties and broader society, including in protecting our or our affiliates’, users’, or third parties’ rights, safety, and property, such as analysing log data to identify fraud and abuse in our Services.

9. Data Transfers

We may transfer your Personal Data to recipients outside the EEA, Switzerland, and the UK for the purposes described in this Privacy Policy. If you are located in the EEA, Switzerland, or the UK and your Personal Data is transferred to a third country, that country may not provide the same level of data protection as your home country. However, we ensure that such transfers comply with applicable data protection laws. To facilitate the transfer of your Personal Data outside the EEA, Switzerland, or the UK, we rely on the European Commission’s adequacy decisions for certain countries. For other jurisdictions, we utilize the Standard Contractual Clauses approved by the European Commission, along with any applicable country-specific addenda. For more information or to obtain a copy of the appropriate safeguards we have in place, please contact us at support-sanctions@zehnplus.ch.

By using our Services, you acknowledge and agree that your Personal Data may be processed and stored in our facilities, as well as on the servers of third-party service providers located in their facilities in the United States. Your data may also be shared with our service providers and affiliates in other jurisdictions.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless a different type of notice is required by applicable law.

11. How to Contact Us

If you have any questions or concerns that are not addressed in this Privacy Policy, please contact Support at support-sanctions@zehnplus.ch.

For matters related to Personal Data processing, you can also contact our Data Protection Officer at dpo-sanctions@zehnplus.ch.