Skip to content

/privacy

Privacy policy

Who we are

Data controller: DVN Solutions (sole proprietorship), Zurich, Switzerland. Contact for data-subject requests: privacy [at] dvnsolutions.ch. Operator details are on the Imprint.

What we collect

Through the chat-widget intake or fallback form: company, role, work email, country, department, workflow pain (free-text), tools in use, hours-lost estimate, desired outcome, budget band, timeline, data-sensitivity classification, approval preference, optional cybersecurity fields. Plus: IP address (for rate-limit + abuse defence), preferred locale, in-chat consent timestamp.

Why we collect it

Legal basis: (a) consent for chat data and contact details, (b) legitimate interest for IP-based abuse defence. Purposes: workflow-fit qualification, response, future-engagement follow-up only.

Where it's stored

Lead + chat data: Supabase Postgres, Zurich (Switzerland, eu-central-2). LLM processing (OpenAI primary, Anthropic fallback) may transit non-EU infrastructure transiently under each provider's data-processing agreement. We do not store customer data with non-EU/non-CH parties for long-term retention. Subprocessor list + per-provider retention windows below — DVN verifies + locks before launch. Cross-border LLM processing relies on the providers' standard contractual clauses and data-processing agreements; no personal data is sold or used to train third-party models.

Subprocessors

OpenAI (LLM primary, US infra) · Anthropic (LLM fallback, US infra with EU regional routing where supported) · Cloudflare Turnstile (bot challenge, global edge) · Supabase (Postgres, Zurich / Switzerland) · Vercel (hosting + runtime, EU fra1 edge).

Retention

Qualified leads: 24 months from last interaction. Abandoned chat sessions: 90 days. You can request earlier deletion at any time via privacy [at] dvnsolutions.ch.

Your rights under revFADP + GDPR

Access, correction, deletion, portability, restriction of processing, objection. Email privacy [at] dvnsolutions.ch with the subject 'data subject request' + your work email; we respond within 30 days.

Cookies

Functional cookies (locale, chat-session, Cloudflare Turnstile challenge) are essential and always on. Analytics + marketing cookies are off until you opt-in via the consent banner. Cookie-consent choice itself is stored client-side in the dvn_cookie_consent cookie only — not in our database.

Updates

This policy is versioned. Material changes notified at first visit after change.

Automated decision-making

We apply a transparent fit-scoring heuristic (budget, timeline, workload, data sensitivity) to prioritise human follow-up. It does not produce automated decisions with legal or similarly significant effects; you can request human review or object at any time.

Last updated: pending launch