Privacy Policy

Data Controller

Ava – Innovation Companion is operated by Digital Creative Academy, Switzerland. For privacy inquiries, please use the contact form.

Age Requirement

The Service is available only to individuals aged 18 and above pursuing business, product, or creative innovation projects. We do not knowingly collect personal data from minors.

What Data We Process

We collect only what is required for secure operation:

• Account Credentials: Username, encrypted email, and hashed password.
• Session Usage: Allowance counters, timestamps, and entitlement status.
• Payment References: Stripe customer IDs and payment metadata. We do not store full card numbers.
• Support Messages: Messages sent via the contact form.
• Security Logs: Minimal technical logs retained briefly to prevent abuse.

We intentionally do not store conversation transcripts. AI conversations are processed in real time and discarded immediately after the session.

Legal Basis for Processing

• Consent: When you create an account you consent to processing your credentials to deliver the Service.
• Contractual Necessity: Account data, session usage, and payment references are required to provide the Service.
• Legitimate Interest: We maintain security and prevent abuse while respecting your privacy rights.
• Legal Obligations: Limited payment and accounting records may be processed to comply with legal requirements.

Analytics & Tracking

We do not use third-party analytics services, advertising trackers, tracking pixels, or cookies beyond what is strictly necessary to maintain a secure session. We do not sell or share data with marketing services, social media platforms, or analytics providers.

Data Retention

• Account Data: Retained while your account remains active. Deleting your account removes stored credentials immediately.
• Dormant Accounts: Accounts with no activity for 365 days are purged automatically.
• Support Messages: Retained for up to 12 months.
• Security Logs: Deleted within 30 days unless extended for an active investigation.

Security Measures

Encryption in transit (HTTPS/WSS) and at rest for stored data. Access control with multi-factor authentication for operational staff. Regular internal audits and vendor assessments. Breach notification procedures consistent with FADP/GDPR requirements.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data; restrict or object to processing; withdraw consent; and lodge a complaint with a supervisory authority. Submit requests via the contact form.

Third-Party Providers

• Stripe: Payment processing and billing.
• OpenAI: AI inference. Inputs retained up to 30 days for abuse monitoring.
• Render: Hosting infrastructure.
• Google (Gmail): Email delivery.

Updates

We may update this Privacy Policy to reflect legal or operational changes. We will post the revision date at the top of the page. Continued use after changes take effect signifies acceptance.