Legal

Privacy Policy

Last updated: 5 May 2025

This Privacy Policy explains how Webmates (“we”, “us”, “Alfred”) collects, uses, and protects your personal data when you use our AI concierge service available at webmates.ch and app.webmates.ch.

We take privacy seriously. We collect only what we need, we don’t sell your data, and we give you full control over it.

1. Who we are

Alfred is operated by Webmates, currently a sole-trader service. If you have any questions about this policy, contact us at support@webmates.ch.

2. What data we collect

Account data: Your name, email address, and optionally your phone number when you create an account.

Request data: The details you enter when creating a request — service type, location, date, budget, and any notes.

Call records: When Alfred makes a call on your behalf, we store the transcript of that conversation, the call duration, and information gathered from it (e.g. quoted price, availability, vendor contact details).

Payment data: Billing is handled by Stripe. We store your Stripe customer ID and subscription status, but never your full card details.

Usage data: Basic server logs including your IP address, device type, and the actions you take in the app. We use this for security and to fix bugs.

Communications: If you contact us by email, we keep a record of that exchange.

3. How we use your data

  • To provide the Alfred service — making calls, sending emails, and notifying you of results
  • To manage your account, subscription, and credits
  • To improve the service and fix issues
  • To comply with legal obligations
  • To send you transactional emails (call results, billing receipts, account changes)

We do not use your data for advertising, sell it to third parties, or share it with anyone except where necessary to provide the service.

4. Who we share data with

Vendors you ask us to contact: When Alfred calls or emails a vendor on your behalf, it shares your first name and, if you opt in, your contact details (email/phone) to facilitate the booking. You control this via the “Share my contact details” option on each request.

Supabase: Our database and authentication provider. Data is stored in EU data centres. Privacy policy.

ElevenLabs: The AI voice technology that powers Alfred’s calls. Call audio and transcripts are processed by ElevenLabs. Privacy policy.

Twilio: Telephony provider used to make outbound calls.Privacy policy.

Stripe: Payment processor.Privacy policy.

Resend: Email delivery service used to send confirmations and enquiry emails.Privacy policy.

All third-party processors are bound by data processing agreements and handle data in accordance with applicable law.

5. Legal basis for processing (GDPR)

If you are in the EU or Switzerland, our legal basis for processing your data is:

  • Contract performance — to provide the service you signed up for
  • Legitimate interests — for security, fraud prevention, and service improvement
  • Legal obligation — where required by law
  • Consent — for optional features (e.g. sharing your contact details with vendors)

6. Data retention

We keep your data for as long as your account is active. If you delete your account, we schedule permanent deletion of all your data within 30 days. During that window you can cancel the deletion.

Call transcripts are retained for 12 months from the date of the call, after which they are automatically deleted. You can delete any transcript earlier via the app.

Billing records are kept for 7 years as required by financial regulations.

7. Your rights

Under GDPR and the Swiss Federal Act on Data Protection (nFADP), you have the right to:

  • Access — request a copy of all data we hold about you (available in-app via “Export my data”)
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Portability — receive your data in a machine-readable format (JSON export)
  • Restriction — ask us to limit processing in certain circumstances
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, for consent-based processing

To exercise any of these rights, email us at support@webmates.ch or use the self-service tools in the app (Account → Privacy & data).

8. Cookies and tracking

We use only functional cookies necessary to keep you logged in. We do not use advertising cookies or tracking pixels. We do not use Google Analytics or similar third-party analytics on the app.

The public website (webmates.ch) may use anonymised analytics (e.g. page view counts) with no personally identifiable information collected.

9. Security

All data is transmitted over HTTPS. Database access is protected by row-level security policies, meaning each user can only access their own data. Passwords are hashed by Supabase (bcrypt) and we never see them. We do not store call audio — only the text transcript.

10. International transfers

Your data is stored in Supabase’s EU region (Frankfurt). Some processors (ElevenLabs, Twilio) may process data in the US. Where this occurs, transfers are covered by Standard Contractual Clauses (SCCs) or equivalent adequacy mechanisms.

11. Children

Alfred is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.

12. Changes to this policy

We may update this policy from time to time. We will notify you by email and display the updated date at the top. Continued use of the service after changes constitutes acceptance.

13. Contact

For any privacy questions or to exercise your rights:
Email: support@webmates.ch
Response time: within 5 business days (GDPR requires within 30 days).