Privacy Policy

This Privacy Policy explains how Webmates collects, uses, shares, retains, and protects personal data in connection with Alfred. It applies to the public website, web app, mobile app, account area, support channels, credit system, approved calls and emails, and related services.

This Policy is intended to be read together with the Terms of Use and Cookie Policy. Product features may vary by platform, geography, account status, payment method, app-store status, and operational readiness.

Webmates is the controller or responsible operator for the processing described in this Policy unless another statutory operator is published. Rights requests, privacy questions, support requests, and legal questions may be sent to support@webmates.ch.

Where applicable law gives the User a right to complain to a data protection authority, the User may contact the competent authority in the User's jurisdiction. The Company may request information necessary to verify identity before acting on rights requests.

Terms such as Service, User, Account, Request, Candidate, Approved Contact, Third-Party Recipient, Credits, AI Output, and Result Summary have the meanings given in the Terms of Use. "Personal data" means information relating to an identified or identifiable person, as defined by applicable law.

The User may provide account details, profile details, task instructions, locations, contact information, saved contacts, preferences, support messages, billing-review context, privacy requests, and other information necessary for a supported workflow. The User should not submit unnecessary sensitive data, passwords, authentication codes, payment card numbers, medical details, regulated advice content, or third-party data unless lawful and necessary for an approved workflow.

Alfred may generate candidate lists, route classifications, blocked-number reasons, call statuses, email statuses, task statuses, credit estimates, credit settlement records, transcripts/notes, Result Summaries, notifications, support-ticket references, audit logs, and security events. These records help operate the Service, protect users, and maintain billing and support history.

The Service may obtain business, place, map, directory, contact, category, address, or route information from public sources and third-party provider categories. These sources may be used to show Candidates, verify locations, classify contacts, block unsupported numbers, or reduce wrong-recipient outreach. The specific source used may vary by feature, geography, and availability.

The Company processes personal data to create and secure accounts, authenticate users, interpret Requests, search for Candidates, present candidate review, contact Approved Contacts, generate Result Summaries, process subscriptions and top-ups, grant and debit credits, provide support, handle privacy requests, prevent abuse, maintain security, comply with legal obligations, troubleshoot failures, and improve reliability.

The Company may also process limited aggregated, anonymised, or de-identified operational information to understand service reliability, blocked routes, support categories, product quality, and abuse patterns, provided such processing does not identify individual users where anonymisation is claimed.

Depending on the context and applicable law, processing may rely on performance of a contract, steps requested before entering a contract, legitimate interests in operating and securing the Service, consent for optional technologies or optional disclosures, compliance with legal obligations, and establishment, exercise, or defence of legal claims.

Legitimate interests include fraud prevention, account security, abuse prevention, service reliability, support, billing integrity, credit ledger integrity, candidate-quality controls, and enforcement of the Terms. Where consent is required, the User may withdraw consent through available controls or by contacting support, without affecting prior lawful processing.

When the User approves outreach, Alfred may disclose information reasonably necessary to complete the Request to the Approved Contact. This may include the User's name, contact details, booking preferences, location, budget, reference number, requested service, availability, or other task details where needed for the approved workflow.

The User controls candidate selection and remains responsible for ensuring the disclosure is lawful and appropriate. Alfred may withhold optional contact details unless the User allows sharing or the selected workflow reasonably requires it.

Alfred uses AI-assisted processing to interpret task briefs, generate call or email instructions, classify candidate context, process responses, support transcription or notes, generate summaries, and assist support or operational review. AI Output may be inaccurate and should not be treated as professional advice or a guaranteed record.

The Service is not intended to make legally or similarly significant decisions about the User solely by automated means. Support, billing, credit, safety, account, and enforcement actions may involve automated triage, rule-based checks, or staff review.

Alfred app code does not store call audio. Telecommunications and AI voice provider categories may process audio transiently to operate supported calls and generate text notes or transcripts. Where Alfred stores text transcripts/notes, they are intended to be encrypted at rest, retained temporarily, and used primarily to produce concise Result Summaries and support review.

The product is summary-first: the primary user-facing output is a concise result rather than raw call material. Text notes and transcripts are secondary operational records and may be removed under the retention schedule.

The Company may share personal data with provider categories necessary to operate the Service, including hosting infrastructure, database and authentication services, payment processing, telecommunications and AI voice services, email delivery, mapping and location services, monitoring and security services, support tooling, app-store services, and optional analytics or advertising providers if enabled.

Providers are expected to process data under contracts, product terms, legal obligations, or technical safeguards appropriate to their role. The Company may also share data where required by law, to protect rights or safety, to investigate abuse, to complete a business transaction, or with the User's direction or consent.

Provider categories may process data in Switzerland, the EEA, the United Kingdom, the United States, or other jurisdictions. Where required, the Company relies on contractual, organisational, technical, or legal safeguards for international transfers. Transfers may also occur where necessary to perform a contract, respond to the User's request, or establish, exercise, or defend legal claims.

Account data is retained while the Account exists and for a reasonable period afterwards where needed for legal, security, billing, dispute, or backup purposes. Request records and Result Summaries are retained while needed for account history, support, billing, security, and dispute handling. Text transcripts/notes are retained temporarily, currently planned for 90 days, unless earlier deletion or longer retention is required for security, support, legal, or abuse reasons.

Credit, payment, subscription, invoice, tax, and ledger records may be retained for statutory accounting, tax, audit, chargeback, and fraud-prevention periods. Support tickets may be retained while needed to answer the request and for a reasonable support, dispute, legal, or quality period. Security logs may be retained for a limited period appropriate to detection, investigation, and defence. Deletion/export records may be retained to evidence compliance.

The Company applies organisational, technical, and contractual safeguards designed to protect personal data, including HTTPS/TLS in transit, restricted credential handling, access controls, role separation, ownership checks, rate limits, abuse-prevention checks, monitoring, encrypted storage for sensitive text records where stored by Alfred, and operational review for sensitive workflows.

Although the Company applies safeguards, no method of transmission, processing, authentication, or storage can be warranted as absolutely secure. The Service is provided subject to the limitations in the Terms of Use.

Depending on where the User lives and the applicable legal basis, the User may have rights to request access, correction, deletion, portability, restriction, objection, consent withdrawal, and information about processing. Some rights may be limited by legal obligations, billing records, fraud prevention, security, disputes, backups, or the rights of others.

The User may use account privacy controls where available or contact support@webmates.ch. The Company may verify identity and may refuse, limit, or delay requests where permitted by law, including where requests are manifestly unfounded, excessive, fraudulent, or conflict with legal retention obligations.

The Account area may provide export and deletion request controls. Export files may contain account, request, contact, credit, support, and summary data. The User is responsible for securing exported files. Account deletion may deactivate access and remove or anonymise data where possible, subject to retention needed for legal, billing, security, fraud, tax, dispute, audit, or operational purposes.

The Service is not intended for children. Users must not submit children's personal data unless lawful, necessary for a supported ordinary administrative task, and authorised by a parent, guardian, school, organisation, or other responsible person as required by law. The Company may delete or restrict accounts or data where child-related use appears unsupported or unlawful.

The User should avoid submitting unnecessary sensitive personal data, including medical information, financial account information, government identifiers, authentication codes, passwords, precise private location data, legal case details, employee records, or data about third parties. The Service is not designed for emergencies or regulated advice, and sensitive content may be refused, deleted, limited, or escalated for review.

The Cookie Policy explains essential cookies, authentication/session storage, security cookies, preference storage, and optional analytics or advertising technologies. Essential technologies are used to operate and secure the Service. Non-essential analytics, attribution, advertising, or remarketing technologies are not active unless enabled and subject to the required consent or choices.

Client-side product analytics, advertising pixels, remarketing tags, and session replay are not enabled in the current public configuration unless explicitly configured later. If optional analytics or advertising technologies are introduced, the Company must update consent controls, policy language, and app-store disclosures where required before relying on those technologies.

The Company must not send call transcripts, raw notes, arbitrary task text, phone numbers, email addresses, payment card data, support message bodies, vendor notes, or exact internal diagnostics to public-site analytics.

The Service currently relies on its own cookie and consent controls for optional technologies. Browser "Do Not Track" or Global Privacy Control signals may not automatically change Service behavior unless required by applicable law or implemented in the Service. If such support is implemented, this Policy and the Cookie Policy should be updated.

Mobile app privacy disclosures, including iOS privacy manifests, App Store privacy labels, and future app marketplace data-safety forms, must remain consistent with this Policy. They should disclose account information, contact information, user content/task instructions, purchases, usage data, diagnostics/logs, identifiers, support data, and other data categories where applicable. If analytics, advertising, tracking, or additional SDKs are added, mobile disclosures must be reviewed before release.

If the Company is involved in a merger, acquisition, financing, restructuring, sale of assets, change of control, or transfer to a successor operator, personal data may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality, security, and legal safeguards.

The Company may update this Policy as the Service, legal requirements, provider categories, app-store disclosures, data practices, retention rules, analytics configuration, or business structure changes. Material updates will be communicated where required. The "Last updated" date indicates the current version.

For privacy questions, rights requests, support, export, deletion, billing, security, or legal matters, contact support@webmates.ch unless a different statutory privacy contact is published.