Privacy Policy

1. Controller and contact

The data controller responsible for the visible4ai service ("Service") is Siempi AG, Birkenstrasse 47, 6343 Rotkreuz, Switzerland (CHE-369.093.556). Email: info@siempi.ch. Full operator details are in our Imprint. For data protection requests (access, correction, deletion, etc.) or complaints, please use the same contact channel.

2. Legal basis and applicable law

We process personal data on the following bases: performance of a contract (Art. 6(1)(b) GDPR / Art. 6(1) FADP) for account, subscriptions, and Service delivery; legitimate interests (Art. 6(1)(f) GDPR / Art. 6(2) FADP) for security, abuse prevention, and analytics; and consent (Art. 6(1)(a) GDPR / Art. 6(1) FADP) where we rely on it for non-essential cookies or analytics. We comply with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the GDPR for data subjects in the EEA/UK.

3. Data we collect and purposes

• Account data: Email and account identifiers when you register (e.g. email/password or Google Sign-In). Processed to create and manage your account. Authentication is provided by Firebase (Google); we do not store passwords. Legal basis: contract.
• Usage and technical data: IP address, user-agent, URLs you analyze, timestamps, and a hashed device fingerprint (derived from browser properties such as screen dimensions, colour depth, timezone, language, platform, hardware concurrency, touch capabilities, device memory, and a truncated user-agent string; used only for anonymous users). Used for rate limiting, abuse prevention, providing analyses, history, and audit PDFs. IP addresses are stored for rate limiting and abuse prevention; device fingerprint data is not stored in raw form, only as a one-way hash. Legal basis: contract and legitimate interest (security).
• Payment and subscription data: Processed by Stripe. We store subscription status, plan type, and identifiers (e.g. Stripe customer ID), not full payment details. Legal basis: contract.
• Analytics: We use Firebase Analytics (page views, feature usage) to improve the product. Analytics scripts are loaded only after you consent. You can object via browser settings or our contact. Legal basis: consent.

4. Cookies and similar technologies

We use cookies and similar technologies for: (1) essential operation (e.g. session, language preference, bot protection via Cloudflare Turnstile); (2) analytics (Firebase Analytics / Google Analytics, loaded only after you consent). Essential cookies are necessary for the Service; non-essential/analytics cookies require your consent and can be managed via our cookie settings. Withdrawing consent for analytics does not affect the availability of the Service.

5. Processors and third-party services (GDPR Art. 28 / FADP)

We use the following processors and services. Where they process personal data on our behalf, we have or use data processing agreements (DPAs) and ensure appropriate safeguards:

• Google (Firebase): Authentication (Auth), database (Firestore), file storage (Storage), analytics (Firebase Analytics). Data may be processed in the EU and US. Google offers Standard Contractual Clauses (SCCs). Firebase Privacy.
• Stripe: Payment and subscription processing. Data may be processed globally; Stripe complies with GDPR and offers SCCs. Stripe Privacy Policy.
• Resend: Transactional and marketing emails (e.g. welcome emails, analysis reports, account notifications). Email address and name are shared for delivery. Resend Privacy Policy.
• Hosting (Firebase App Hosting / Google Cloud): Server and request logs (IP, user-agent, etc.). Used to operate and secure the Service.
• Cloudflare (Turnstile): Bot protection for anonymous users. May set essential cookies. IP address is sent for verification. Cloudflare acts as a processor.
• Visibility-check APIs: When you run a GEO/visibility analysis, we send the domain and search queries to the following providers to check citation visibility: Perplexity, OpenAI, Anthropic, Google (Generative Language API). We do not send your account identity to these APIs; only the domain and queries necessary for the analysis.

6. Data retention

We retain your data for as long as your account exists and as needed to provide the Service, enforce our Terms, and comply with legal obligations (e.g. tax, commercial law). Analysis history and related data are kept in line with product functionality. Anonymous rate-limiting data (IP addresses and hashed device fingerprints) is retained for up to 30 days. You may delete your account and all associated data at any time from your account settings; we will delete or anonymize except where retention is required by law.

7. Your rights (GDPR Art. 15–22 / FADP)

You have the right to:

• Access (Art. 15 GDPR): obtain confirmation and a copy of your personal data.
• Rectification (Art. 16 GDPR): have inaccurate data corrected.
• Erasure (Art. 17 GDPR): request deletion of your data, subject to legal exceptions.
• Restriction of processing (Art. 18 GDPR): limit how we use your data in certain cases.
• Data portability (Art. 20 GDPR): receive your data in a structured, machine-readable format where applicable.
• Object (Art. 21 GDPR): object to processing based on legitimate interests (including analytics).
• Withdraw consent at any time where processing is based on consent, without affecting lawfulness of prior processing.

To exercise these rights, contact us at info@siempi.ch or via our Contact Form. If you are in the EEA or UK, you also have the right to lodge a complaint with a supervisory authority (e.g. in your country of residence). In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC).

8. International transfers

Your data may be processed in Switzerland, the EEA, and other countries (including the US) by us and our processors. For transfers from the EEA/UK/Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or the Swiss Federal Council, or equivalent mechanisms. Details can be provided on request.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or alteration. Our processors are chosen with regard to their security and compliance posture.

10. No sale of data

We do not sell your personal data to third parties.

11. Changes

We may update this privacy policy from time to time. The "Last updated" date at the top will be revised. We will notify you of material changes via email or in-app notice. If changes materially affect how we process your data, we will seek your consent where required by law.

12. Contact

For any data protection requests or questions: info@siempi.ch or our Contact Form.