Have Questions?

Join the conversation

Privacy Policy of ACAS.AI

Version 1.0 -- 19. March 2025

About us

This privacy policy ("Privacy Policy") explains how we process and protect your personal data when you use this Website or any other website, subdomain, or landing page owned or operated by Pepper Ventures Ltd (collectively, the "Websites"), including https://acas.ai and https://app.acas.ai. While some of these Websites may be dedicated to marketing or informational content and not directly process sales transactions, they may still collect personal data via input forms, web analytics, or other tools, and are, therefore, covered by the same data processing principles and practices described here.

The Website is operated by Pepper Ventures Ltd, Sinserstrasse 67, 6330 Cham, Switzerland ("ACAS.AI," "we," "our," or "us"). ACAS.AI is owned by Pepper Ventures Ltd and is the controller for the data processing described below.

Unless otherwise defined in this Privacy Policy or our General Terms & Conditions, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection.

ACAS.AI as a Data Processor

In the context of data protection regulations, ACAS.AI functions as a data processor, handling personal data on behalf of its clients. The clients, in turn, act as data controllers, determining the purposes and means of processing the personal data.

ACAS.AI operates strictly as a data processor, processing personal data solely under the instructions of our clients, who are the data controllers. We do not determine the purposes or means of processing any personal data. Clients are responsible for ensuring that their use of our services complies with applicable data protection laws.

Personal data we collect

We may collect or receive personal data for a number of purposes connected with our business operations when you use our Website or our services. This may include the following:

  • Client requests (e.g. details about your inquiries)
  • Personal details (e.g. name, date of birth, photographs)
  • Contact details (e.g. address, phone number, e-mail address)
  • Login details (e.g. password, username, sessions, user ID)
  • Payment details: We work with Stripe for payment processing. We do not store your credit card or payment details ourselves, but we may store certain metadata (e.g. payment ID, customer ID) provided by Stripe to identify your transaction.
  • Website visitor details (e.g. IP address, device ID, logfiles)
  • Service usage history (e.g. subscription details, usage data, account activity)

How we collect personal data

We collect information about our users when they use our Website or our services, including taking certain actions within it.

Directly

  • When users correspond with us by electronic means.
  • When users access, use, or otherwise interact with our Website.
  • When users sign up to receive our newsletter and other marketing materials.
  • When users submit their data to us.

Indirectly

  • From public sources, such as public directories.
  • From third parties, such as social media plugins and third-party cookies.

Legal Basis and purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

  1. Contract

    To perform our contractual obligations or take steps linked to a contract with you. In particular:

    • To manage your requests and provide our services.

  2. Consent

    We may rely on your freely given consent at the time you provided your personal data. In particular:

    • To provide users with news, special offers, newsletters, and general information about goods and services which we offer.

  3. Legitimate interests

    We may rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular:

    • To maintain and improve our Website and services.
    • To develop new services.

  4. Necessity for compliance with legal obligations

    To meet regulatory and public interest obligations. In particular:

    • To comply with applicable regulations and legislation.
    • For the legal enforcement of claims and rights.

Newsletter

We may send newsletters and other notifications by email and through other communication channels. We may have newsletters and other notifications sent by third parties or send them with the help of third parties.

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. We use "double opt-in" for any consent in the case of e-mails, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorized third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time.

Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links were clicked (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We need this statistical recording of usage, including success and reach measurement, in order to be able to offer newsletters and other notifications effectively and in a user-friendly manner, as well as permanently, securely, and reliably, based on the reading habits of the recipients.

You can unsubscribe from newsletters and other notifications at any time and thereby object in particular to the aforementioned collection of usage. You can do so by contacting us directly or following the link included in the footer of each newsletter we send you.

Profiling

We may engage in profiling activities in order to evaluate certain aspects of the data subjects whose data we process. In particular, we engage in profiling activities for the purposes of personalizing user experience, marketing and communications, fraud detection/abuse prevention, and usage analytics. These profiling endeavours allow us to better evaluate key aspects of you, allowing us to infer and predict information that helps provide our services more effectively. We use appropriate mathematical or statistical techniques when using profiling methods and have technical and organisational measures in place to ensure that inaccurate personal data are corrected and that there is no discrimination or discriminatory effect.

You have the right to object to our profiling activities. To that end, you can contact us at any time to object to this processing activity.

Data retention

We retain personal data for as long as it is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements.

For all generated leads and personalized messages, ACAS.AI maintains a strict 7-day data retention policy. All such data is permanently deleted after 7 days, and this retention period cannot be extended under any circumstances. Once deleted, this data cannot be recovered or restored. We strongly recommend downloading and securely storing your results promptly after they are delivered.

Service Providers

ACAS.AI may engage third-party companies ("Service Providers") to facilitate the operation of our Website, assist in analyzing the usage of the Website, or perform Website- and service-related services, such as payment and the provision of IT infrastructure services. These third parties have access to the user's personal data only to the extent necessary to perform these tasks on behalf of ACAS.AI.

Type(s) of service providers who might access your personal data:

  • Accounting firms
  • Banks and payment service providers
  • Other group entities
  • Marketing firms and mailing list providers
  • Public authorities
  • Website hosting service providers

Data transfers

ACAS.AI and/or the Service Providers may transfer your personal data to and process it in the following countries:

  • USA

We may use Service Providers who are partly located in so-called third countries (outside Switzerland and outside EU) or process personal data there, i.e. countries whose level of data protection does not correspond to that of Switzerland.

We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad. Such safeguards may include:

  • The transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner;
  • Applying standard data protection model clauses, binding corporate rules, or other standard contractual obligations that provide appropriate data protection.

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible --- and there is a risk --- that authorities in the third country (e.g., intelligence services) can gain access to the transferred data and that the enforceability of your data subject rights cannot be guaranteed.

Data Security & Compliance

We maintain strict data security protocols during the 7-day retention period, users should be aware of the following:

Data Protection

  • All data is encrypted at rest and in transit
  • Access controls restrict data visibility
  • No data sharing with third parties
  • Secure deletion protocols after 7 days

Regulatory Considerations

  • We do not offer service in GDPR regions
  • Users must verify compliance with local laws
  • Email usage must comply with anti-spam regulations
  • Consider industry-specific regulations

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments.

We also take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to safeguard your system.

Legal Responsibility for Message Usage

While ACAS.AI provides personalized outreach messages as a service, users bear full legal responsibility for how these messages are used:

  • User liability: You are solely liable for any legal issues arising from your use of our generated content
  • Compliance responsibility: Users must ensure all outreach activities comply with applicable laws and regulations
  • No warranty: We make no guarantees regarding the legal compliance of messages in specific jurisdictions or for specific use cases
  • Indemnification: By using our service, you agree to indemnify ACAS.AI against any claims resulting from your use of our content

Data disclosure

We may disclose your personal data in the good faith belief that such action is necessary:

  • To comply with a legal obligation (i.e. if required by law or in response to valid requests by public authorities, such as a court or government agency);
  • To protect the security of the Website and defend our rights or property;
  • To prevent or investigate possible wrongdoing in connection with us;
  • To defend ourselves against legal liability.

Your rights

You have the below data protection rights. To exercise these rights, you may contact us at the address specified above or send an e-mail to: info@acas.ai. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access

    You have a right to request a copy of your personal data, which we will provide to you in an electronic form.

  • Right to amendment

    You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.

  • Right to withdraw consent

    If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent with effect for the future. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the 'unsubscribe' link in the email you received or contact us at info@acas.ai.

  • Right to erasure

    You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.

  • Right to restriction of processing

    You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.

  • Right to portability

    You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or to perform our contractual obligations.

  • Right to object to processing

    Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.

  • Right to lodge a complaint with a supervisory authority

    You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch/edoeb/en/home.html).

Links to third-party apps and sites

Our website may contain links to websites or apps that are not operated by us. When you click on a third party link, you will be directed to that third party's website or app. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services.

We maintain online presences on social networks to, among other things, communicate with customers and prospective customers and to provide information about our products and services. If you have an account on the same network, it is possible that your information and media made available there may be seen by us, for example, when we access your profile. In addition, the social network may allow us to contact you. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network. As soon as we transfer personal data into our own system, we are responsible for this independently. This is then done in order to carry out pre-contractual measures and to fulfil a contract. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to their data protection declarations. Below is a list of social networks on which we operate an online presence:

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

Contact us

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at: info@acas.ai.