Legal
Privacy Policy
Courtesy translation, provided for information only. The French original (version française) is the sole authoritative version.
Version 2.0 of 10 July 2026. This statement describes the processing of personal data carried out by the publisher of LEMIA (art. 19 LPD, the Swiss Federal Act on Data Protection (nFADP); Art. 13-14 GDPR where applicable). It replaces the version of 5 July 2026.
Contents
- 1. Scope
- 2. Definitions
- 3. Controller and roles
- 4. Principles and architecture
- 5. Data processed and purposes
- 6. Cookies and analytics
- 7. Retention periods
- 8. Recipients and processors
- 9. Transfers abroad
- 10. Security
- 11. Data security breaches
- 12. Your rights
- 13. Automated individual decision-making
- 14. Changes
- 15. Governing law and jurisdiction
1. Scope
This policy describes how the Publisher of LEMIA processes personal data:
- on the public website www.lemia.ch (the "Site"), including the contact and access-request forms;
- in the context of the contractual relationship (account, licence, subscription, billing, support);
- through the LEMIA software (the "Software"), a desktop application installed on the client's own computer, and the technical link between the Software and the Publisher's servers (the "control server").
It does not govern the processing that the client itself carries out with the Software on the data of its own files: for such processing, the client is the controller (see §3 and §5.5). This policy supplements the terms of use and the legal notice.
2. Definitions
- Personal data: any information relating to an identified or identifiable natural person (art. 5 let. a LPD).
- Sensitive data: personal data concerning, in particular, health, the intimate sphere, religious, philosophical, political or trade-union views or activities, genetic or biometric data, criminal or administrative proceedings and sanctions, or social assistance measures (art. 5 let. c LPD).
- Processing: any operation relating to personal data, irrespective of the means used — collection, recording, storage, use, disclosure, archiving, erasure (art. 5 let. d LPD). Merely routing a piece of data is already processing.
- Controller: the person or body that decides on the purposes and means of a processing operation (art. 5 let. j LPD).
- Processor: the person or body that processes personal data on behalf of the controller (art. 5 let. k LPD).
- Client: the professional, firm, practice or institution that subscribes to the Software licence; User: any natural person authorised by the Client to use the Software.
- Content: the documents, instructions, texts and results that the Client processes or produces with the Software.
- Technical metadata: operational markers devoid of content — device and version identifiers, execution steps, task and token counters, durations, statuses, technical scores.
3. Controller and roles
Controller for the processing operations described in this policy (Site, contact, account, licence, billing, technical metadata):
LEMIA Sàrl, a limited liability company in the course of incorporation whose registered office will be in Geneva, Switzerland, represented by its founder, Colin Thompson (the "Publisher"). Contact: contact@lemia.ch (subject line "Data protection").
The Publisher acts in two distinct capacities:
- Controller for the data described above (Site visitors, prospects, clients and users);
- For the Content that the Client processes with the Software: the Client is the sole controller (art. 5 let. j LPD and, where applicable, Art. 4 no. 7 GDPR). The Publisher does not receive this Content and has no access to it (see §4). Access to the AI models is made using the Client's own access keys ("BYO keys"): the Client contracts directly with the AI provider, including, where required, the necessary data processing agreement (DPA) — the Publisher is not a party to that relationship nor to the flow of Content (see the Terms of Use, art. 5.1 and 11.2).
4. Principles and architecture
The Publisher applies the principles of lawfulness, proportionality, purpose limitation and data minimisation (art. 6 LPD), as well as data protection by design and by default (art. 7 LPD). The product architecture is the direct expression of these principles — a "desktop + content-blind server" model:
- The Software is a desktop application: your files stay on your own computer. The documents you open, the Content produced and your execution logs do not pass through any of the Publisher's servers and are never transmitted to it. The Software embeds no content telemetry.
- AI processing goes from your own computer directly to a Swiss operator (INFOMANIAK NETWORK SA — see §5.5 and §8): only the excerpts strictly necessary for the requested task are transmitted to it, and the processing takes place in Switzerland.
- The Publisher's control server sees technical metadata only. The link between the Software and the Publisher's servers is filtered by a strict allowlist, applied in "closed by default" mode on both sides of the link: only enumerated technical markers (steps, counters, durations, statuses) may cross it. Content — your texts, your instructions, your documents, the results produced — is not on that list and does not cross it.
As a result, the Publisher is technically unable to view, hand over or return its clients' Content: it does not hold it. These commitments are to be understood as best-effort obligations (obligations de moyens), implemented through the measures described on the Security page; they are restated in the Terms of Use (art. 4.2, 4.3 and 11.2).
5. Data processed and purposes
5.1 Website
The Site is a static showcase website hosted by Infomaniak SA (Switzerland). When you visit it, the only data processed are the host's technical server logs (IP address, timestamp, page requested, user agent), generated for security and operational purposes. Purposes: display, stability and security of the Site. Basis: overriding interest in the secure operation of the Site (art. 31 para. 1 LPD).
5.2 Contact and access requests
If you write to us (contact@lemia.ch) or submit the access request form (name of the firm or practice, professional e-mail address, profession, optional message), we process the data you voluntarily provide for the sole purpose of responding to your enquiry, reviewing your access request and, where applicable, preparing the contractual relationship. Basis: pre-contractual steps and performance of the contract. This data is neither sold nor passed on to third parties for marketing purposes.
5.3 Account, licence and billing
If you subscribe to a licence, we process the data necessary for the conclusion and performance of the contract:
- Identity and contact details: company name, surname, first name, e-mail, professional contact details;
- Contractual data: plan subscribed, number of seats, version of the Terms of Use accepted and timestamp of acceptance;
- Access: account identifiers, roles, seats ("postes") allocated;
- Billing: billing details, history of invoices and payments;
- Support: your communications and support requests.
Purposes: account and access management, provision of the service and support, billing, contract management, abuse prevention. Basis: performance of the contract and legal obligations (in particular accounting obligations).
5.4 Technical steering and licence metadata
For licence management, metering of the usage included in the subscription and service stability, the Software may transmit technical metadata to the Publisher: device and version identifiers, task and token counters, durations, execution statuses, technical scores, session events and anonymised error logs. This metadata never includes the content processed — no text, no document, no instruction, no file name.
By way of illustration, here is the form of a typical record on the Publisher's side:
2026-07-10 14:32:11 run=8f21 etape=redaction-2 statut=termine
tokens_entree=10350 tokens_sortie=2239 duree=4.2s verdict=accepte
What never appears in it: your texts, your instructions, the content of your documents, the names of your files, the subject matter of your cases.
This metadata is used for licence management (seats, version), service stability and diagnostics. It is not used to bill your AI consumption: that consumption runs on your own access keys and is paid by you directly to the AI provider (Terms of Use, art. 5.1) — the Publisher earns nothing on that consumption.
5.5 Data processed with the Software
The data you process with the Software (documents, instructions, Content produced) is your responsibility: you are its controller, and the Publisher has no access to it. This data may include sensitive data (art. 5 let. c LPD) when you open such documents in the Software; it is up to you to have an adequate justification and to comply with your professional obligations, in particular professional secrecy where it applies.
To produce the requested results, the Software transmits the strictly necessary elements to the sole AI provider called by the Software:
- A single flow, by design: the Software is designed to call only Infomaniak (INFOMANIAK NETWORK SA, Geneva, Switzerland) — every AI call is processed in Switzerland, by a Swiss operator, and this commitment is restated in our contracts. Infomaniak presents its models as not being trained on your data; this contractual commitment is passed through in the applicable data processing agreement.
- No public AI services: the large public AI platforms are neither offered nor callable by the Software — there is no setting to enable them.
- Web tools blocked: AI-initiated web search and web reading tools are blocked — no content is transmitted to a third party outside Switzerland at the AI's initiative.
The sends you approve yourself towards the outside world (e-mails, connected services) are your own acts, carried out through your own accounts after explicit approval: they fall under your responsibility and your own safeguards. The details of the technical measures (sandbox, forbidden folders, human approval, encrypted logs) are set out on the Security page.
6. Cookies and analytics
The Site uses no cookies, no trackers, no analytics tool and no fingerprinting. No browsing profile is built. Should an online client area ever require a technical session identifier, it would be strictly necessary for the service, free of any tracking, and disclosed on this page.
7. Retention periods
We keep personal data only for as long as necessary for the purposes pursued, then delete or anonymise it (art. 6 para. 4 LPD):
| Type of data | Retention period | Basis |
|---|---|---|
| Content processed with the Software (documents, texts, results) | Never held by the Publisher — it stays on your own computer | "Desktop + content-blind server" architecture (§4) |
| Contact enquiries and access requests not followed up | At most 2 years after the last exchange | Proportionality (art. 6 para. 4 LPD) |
| Account and licence data | Duration of the contract, then deletion within 90 days | Minimisation (art. 6 para. 4 LPD) |
| Accounting records and invoices | 10 years after the end of the financial year | Art. 958f of the Swiss Code of Obligations (CO) (legal obligation) |
| Technical steering metadata (counters, statuses) | Duration of the contract, then deletion within 12 months | Proportionality; licence management |
| Technical logs of the control server (connections, errors) | Rolling 12 months | Security and investigation capability (art. 8 LPD, OPDo — the Swiss Data Protection Ordinance) |
| Documentation of data security breaches | At least 2 years after notification (art. 24 LPD) | Art. 15 para. 4 OPDo (legal obligation) |
| Technical logs of the Site (host) | According to the host's practices, for security purposes | Overriding interest (art. 31 LPD) |
On the client's own computer, the Software itself applies retention rules: the local activity log (art. 12 nFADP / art. 4 OPDo) is kept for at least one year for traceability purposes, and temporary working files (for example the conversational assistant's exports) are purged automatically after a few days. This data stays on your machine and under your control.
8. Recipients and processors
The data for which the Publisher is the controller is neither sold, nor rented, nor passed on to third parties for commercial purposes. It is accessed only by the people who need it to operate, secure and maintain the service ("need to know" principle). The Publisher uses the following service providers:
| Provider | Location | Service | Access to Content |
|---|---|---|---|
| INFOMANIAK NETWORK SA | Geneva, Switzerland | Execution of the AI models (processing of the tasks requested by the Software) | Receives, from your own computer and using your own access keys, the excerpts strictly necessary for the task; processing in Switzerland; processor of the Client (direct contract), and presents its models as not being trained on your data |
| Infomaniak SA | Geneva, Switzerland | Hosting of the website and of the Publisher's servers (licence, metadata) | None — the control server holds only technical metadata; Content does not pass through it |
| Online payment provider | Switzerland (planned) | Collection of subscription payments — not yet in service | None — it will be named on this page before any go-live, and will receive payment data only |
For the Content processed with the Software, the AI provider is the processor of the Client (direct contractual relationship, with the provider's DPA): the Publisher plays no part in that relationship and does not appear in the processing chain of the Content. We may also disclose data where a legal obligation compels us to do so — it being recalled that the Publisher holds no Content and therefore cannot hand any over.
9. Transfers abroad
The Publisher transfers no personal data abroad: the Site, the Publisher's servers and the AI processing are operated in Switzerland, and the Software directs no AI call to a foreign provider (see §5.5). The sends that the Client itself triggers to recipients abroad, through its own accounts and after approval, fall under the Client's responsibility.
For clients established in the European Union: Switzerland benefits from an adequacy decision of the European Commission recognising an adequate level of protection of personal data; EU → Switzerland transfers are covered on that basis (Art. 45 GDPR).
10. Security
The Publisher takes appropriate technical and organisational measures (art. 8 LPD; OPDo) to protect the data it processes: encryption of connections, metadata-only filtering of the control server in "closed by default" mode, redacted logs (secrets, personal data and paths masked), compartmentalised access. On the client's own computer, the Software applies in particular: a sandbox restricting access to the open working folder only, a list of forbidden folders that are technically unreadable, a staging area and human approval before any write or any send, logs encrypted at rest, access keys kept in a local encrypted vault. The details, in plain words, are set out on the Security page. These measures constitute best-effort obligations.
11. Data security breaches
The Publisher documents any data security breach affecting the processing operations for which it is the controller, notifies the FDPIC (PFPDT) of breaches likely to result in a high risk to the personality or fundamental rights of the data subjects (art. 24 LPD), and informs the affected clients without delay, in accordance with the applicable contracts. The Software additionally provides the Client, in its Compliance area, with a breach documentation register for the Client's own notification obligations.
12. Your rights
For the data for which the Publisher is the controller (Site, contact, account, licence, metadata), you have the following rights:
- access (art. 25 LPD) — response as a rule within 30 days, free of charge;
- rectification (art. 32 LPD);
- erasure or destruction (art. 32 para. 2 let. c LPD);
- objection to processing (art. 30 para. 2 let. b LPD);
- delivery or portability of your data (art. 28 LPD);
- and, if the GDPR applies to your situation, the corresponding rights (Art. 15-22 GDPR).
How to exercise them: write to contact@lemia.ch (subject line "Data protection"), specifying the right you are exercising. To protect your data against abusive requests, we may ask for proof of identity where the identity of the requester is not established with certainty.
Persons whose data is processed by a firm or practice using LEMIA (a firm's clients, patients or principals): your point of contact is the firm or practice, which is the controller and, where applicable, the holder of professional secrecy. The Publisher does not hold this data and is technically unable to access it; it therefore cannot respond directly to a request concerning it.
You may at any time contact the Federal Data Protection and Information Commissioner (FDPIC/PFPDT, edoeb.admin.ch).
13. Automated individual decision-making
Neither the Publisher nor the Software carries out any exclusively automated decision producing legal effects on, or significantly affecting, the data subjects (art. 21 LPD): the Software is designed so that a human — the Client — approves every result before any use, any write and any send.
14. Changes
This policy may be updated, in particular in the event of changes to the service, to our service providers or to the legal framework. The version in force is published on this page with its date and version number. In the event of a substantial change affecting clients under contract, a communication is sent to them. Minor changes (clarifications, corrections with no impact on rights) may be made without prior notice.
15. Governing law and jurisdiction
This policy is governed by Swiss law. Any dispute relating to it falls within the jurisdiction of the ordinary courts of the Publisher's registered office, namely Geneva, Switzerland, subject to any mandatory forums provided for by law.
Version 2.0 of 10 July 2026. Contact: contact@lemia.ch.