NEUROFORGE
BYTEC AG
Chamerstrasse 172
6300 Zug, Switzerland
Email: marc@neuroforge.ch
UID: CHE-256.869.583
Web: neuroforge.ch
Data processing is conducted under the Swiss Federal Act on Data Protection (nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR). The legal basis is contract performance (Art. 6(1)(b) GDPR) and explicit consent for specially protected personal data (health data).
| Data Category | Details | Purpose |
|---|---|---|
| Account Data | Email, first name, password (hashed) | Authentication, personalization |
| Program Progress | Module status, streak, check-in history, daily progress | Progress tracking, Leon context |
| Heart Rate Variability (HRV) | HRV values in ms, three times daily (morning, midday, evening) | Biological weather report, stress level calculation |
| Stress Level | Subjective assessment 1-10, three times daily | Stress telemetry, coach overview |
| Mood | Six categories, three times daily | Pattern recognition, Leon context, coach overview |
| Identity Statements | Personal identity statements (I am / I act / I decide) | Core component of the NIP protocol |
| Goals | Top 3 personal goals | Leon context, coach overview |
| Chat Messages (Leon) | All messages in Leon chat (Morning, Debrief, 24/7) | AI coaching, session log |
| Coach Messages | Messages, voice messages, photos in Marc direct chat | Personal coaching (end-to-end encrypted) |
| Voice Recordings | Temporary audio recordings for speech-to-text | Voice input for chat fields (automatically deleted after transcription) |
| Photos | Camera/upload photos in Marc direct chat | Coach communication (end-to-end encrypted) |
| Push Settings | Push subscription, preferred reminder times | Personalized notifications |
The AI coach Leon is powered by the Anthropic Claude API (model: claude-opus-4-20250514). During each interaction with Leon, the following data is transmitted to the Anthropic API: the participant's current message, the conversation history of the current session, and relevant context (module status, streak, average HRV).
Anthropic processes this data to generate a response. Per Anthropic's terms of service, API data is not used for AI model training and is deleted within 30 days. Details: anthropic.com/privacy
Voice recordings are transmitted via a secure Cloudflare Worker to the OpenAI Whisper API for transcription. Audio data is used exclusively for transcription and is automatically deleted immediately after processing. No permanent storage of audio data occurs, neither on our servers nor at OpenAI.
All data between the participant's browser and our servers is transmitted via HTTPS/TLS (AES-256) encryption.
The Supabase database uses AES-256 encryption for all stored data.
Messages in the Marc direct chat (coach communication) are end-to-end encrypted. Only the participant and the coach can read these messages. Neither Supabase nor any third party has access to the plaintext.
Messages in the Leon chat are transport-encrypted and at-rest encrypted, but not end-to-end encrypted. This is technically necessary for Leon to access conversation history and provide contextual coaching. Access to this data is restricted exclusively to the Provider (coach).
| Provider | Purpose | Location | Data |
|---|---|---|---|
| Supabase | Database, authentication | AWS eu-central-1 (Frankfurt) | All persistent data |
| Cloudflare | CDN, Workers (API proxy, STT) | Global (Edge) | Transit data, temporary audio |
| Anthropic | AI Coach Leon (Claude API) | USA | Chat messages, context |
| OpenAI | Speech-to-Text (Whisper) | USA | Temporary audio data |
| ElevenLabs | Text-to-Speech (Leon's voice) | USA/EU | Leon's response text |
| Brevo | Email delivery | EU (France) | Email address, first name |
| Vimeo | Video hosting (module videos) | USA | No personal data |
| Novatrend | Web hosting | Switzerland | Static files |
Planned Migration: NEUROFORGE plans to migrate database infrastructure to a dedicated server in Switzerland to ensure complete data sovereignty under Swiss law. Participants will be notified of the migration.
Account data: For the duration of the contractual relationship and beyond, if lifetime access has been agreed.
Chat history (Leon): For the duration of the 90-day program. Participants may request deletion after program completion.
Coach messages: For the duration of the contractual relationship. Stored encrypted.
Health data (HRV, stress, mood): For the duration of the 90-day program. Deletion upon request possible at any time.
Voice recordings: Automatically deleted immediately after transcription. No permanent storage.
Photos: For the duration of the contractual relationship. Stored encrypted.
You have the following rights regarding your personal data:
Right of access: You may request information about your stored personal data at any time.
Right to rectification: You may request correction of inaccurate data.
Right to erasure: You may request deletion of your data, provided no legal retention obligations apply.
Right to data portability: You may request delivery of your data in a common, machine-readable format.
Right to object: You may object to the processing of your data at any time.
Right to restriction: You may request restriction of processing.
Please direct inquiries to: marc@neuroforge.ch. We respond within 30 days.
The Academy uses no tracking cookies and no third-party analytics. The following local storage is used:
localStorage: Authentication session (encrypted token), user preferences (push times). This data does not leave the browser and is not transmitted to third parties.
Service Worker: For offline functionality and push notifications. Caches static assets only.
Push notifications are optional and only sent upon explicit activation by the participant. The push subscription (endpoint URL, keys) is stored in the database. Push messages contain no sensitive data (only reminder texts with first name). Deactivation is possible at any time in the Cockpit.
In the event of a data security breach, affected participants will be notified without delay, within 72 hours at the latest. The competent data protection authority will be notified in accordance with legal requirements.
The Provider reserves the right to amend this Privacy Policy at any time. Material changes will be communicated to participants.
Contact: marc@neuroforge.ch
Competent supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland. edoeb.admin.ch