Privacy Policy
Effective: March 2026
1. Data Controller
mazdek GmbH
Switzerland
Email: [email protected]
mazdek GmbH (“mazdek”, “we”, “us”) is the controller of your personal data under the Swiss Federal Act on Data Protection (nDSG/FADP).
You must be at least 13 years old to create an account or use mazdek services.
2. Data We Collect
Account data
Email address, name (optional), profile picture (optional), authentication credentials, and account preferences.
Phone number (verification)
If account verification requires it, we collect and store your phone number to send a one-time SMS code and to check it against fraud/abuse signals. We use it only for verification and security.
Usage data
Transcription content and audio files you upload, chat conversations and messages, text-to-speech generations, documents and files you upload to projects, knowledge you create, translation requests, and project data.
Voice samples & custom voices
If you create a custom voice, we collect the voice recordings you provide and use them to build a voice model. Voice samples are stored privately, and the voice model is created with our text-to-speech provider (see International Data Transfers). Voice is sensitive data; we process it only to provide this feature to you.
Technical data
IP address, browser type, device information, and session data. We use this to operate and secure the Service and to prevent fraud and abuse.
Billing data
Subscription plan, usage statistics, payment transactions, and invoices. Payment card details are processed and stored exclusively by our PCI-compliant payment processor — we never see or store your card number.
3. Purposes and Legal Basis
| Purpose | Legal basis (nDSG) |
|---|---|
| Providing the service (ASR, TTS, chat, translation) | Contract performance |
| Account management and authentication | Contract performance |
| Billing and payment processing | Contract performance, legal obligation (OR 958f) |
| Security, fraud prevention, and abuse protection | Legitimate interest |
| Service analytics and improvement (we do not train AI models on your content without consent) | Legitimate interest, with opt-out via privacy settings |
| Platform communications and feature updates | Legitimate interest |
4. International Data Transfers
Your data is primarily processed on servers in the European Union. To provide the Service we rely on a small number of carefully selected service providers (“sub-processors”), described below by category. Some are located outside Switzerland, including in the EU and the United States:
| Category of recipient | Location | Purpose |
|---|---|---|
| Cloud hosting, database & file storage | EU | Running the Service and storing your data |
| GPU / AI compute providers | EU & USA | Speech recognition, text-to-speech, chat, language and image processing |
| Speech / voice processing provider | USA | Multilingual text-to-speech and custom voices (receives voice samples) |
| Payment processor | USA | Billing; card details are handled solely by the processor |
| SMS / communications provider | EU | One-time verification codes (receives phone number) |
| Fraud-prevention provider | USA | Risk scoring (receives IP address and, for verification, phone number) |
| Email provider | EU | Transactional email (verification, sign-in, notices) |
| Error-monitoring provider | USA | Diagnostics and reliability (no account identifiers attached) |
For transfers to the USA, we rely on the Swiss-U.S. Data Privacy Framework where applicable, or standard contractual clauses (SCCs) recognized by the FDPIC. A current list of our specific sub-processors is available on request at [email protected].
5. Data Retention
| Data type | Retention |
|---|---|
| Account data | Preserved while deactivated; erased + anonymized on permanent deletion |
| Conversations, transcripts, TTS, knowledge | Until you delete them individually |
| Audio files (uploads, generated audio) | Until you delete them individually |
| Billing records (invoices, subscriptions, transactions) | 10 years (OR Art. 958f) |
| Sessions | Removed on logout or account closure; expired sessions are not reusable |
| Background processing data (queues) | Auto-expires within days |
When you deactivate your account, your login is disabled but your data is preserved; you can reactivate by contacting support. When you permanently delete your data (Settings > Account > “Permanently delete my data”), your conversations, transcripts, generated audio, custom voices and personal profile are erased immediately and your profile is anonymized. Only financial records required by Swiss commercial law (OR Art. 958f, 10 years) are retained, in an anonymized form no longer linked to your identity. You can also request removal at [email protected].
6. Your Rights under Swiss Law
Under the nDSG (Art. 25–29), you have the right to:
- Access — Request a copy of your personal data (available via Settings > Privacy > Export Data)
- Rectification — Correct inaccurate personal data (via Settings > Account)
- Deactivation — Temporarily disable your account while your data is preserved (via Settings > Account)
- Erasure — Permanently delete your conversations, media and personal profile (via Settings > Account > “Permanently delete my data”). Billing records required by law are retained in anonymized form
- Data portability — Export your data in a structured, machine-readable format (JSON)
- Objection — Object to data processing for service improvement (toggle off “Help improve mazdek” in Privacy settings)
- Withdraw consent — Revoke consent for location metadata or AI training at any time via Privacy settings
To exercise any right not available through the app, contact us at [email protected]. We will respond within 30 days.
7. Privacy Controls
You can manage the following in Settings > Privacy:
- Help improve mazdek — Whether your de-identified queries may be retained to analyze and improve the Service. We do not use your content to train AI models without your consent.
- Export data — Download all your data as a JSON file at any time.
Both toggles default to off. Your preferences are saved to your account.
8. Data Security
We implement appropriate technical and organizational measures to protect your data (nDSG Art. 8), including:
- TLS encryption for all data in transit
- Encrypted database connections
- Session-based authentication with secure cookies
- Rate limiting and abuse protection
- Role-based access control for administrative functions
- Payment processing delegated to a PCI DSS-compliant payment provider
9. Supervisory Authority
If you believe your data protection rights have been violated, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC):
FDPIC — Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Feldeggweg 1, CH-3003 Bern
www.edoeb.admin.ch
10. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The “Effective” date at the top reflects the latest version.
11. Contact
For privacy-related questions or to exercise your rights:
mazdek GmbH
Email: [email protected]
Last updated: March 2026