Privacy Policy

MediStrata Mobile & MediStrata Web
Effective Date: 2026.01.01

1. Introduction

EvolverAI GmbH (“we”, “our”, or “us”), located at Zwydenweg 3, CH-6052 Hergiswil, Switzerland, provides the MediStrata Mobile and MediStrata Web applications (collectively, the “App”).

The App is a professional software solution made available exclusively to authorized users (e.g., healthcare professionals) within the framework of a contractual relationship with their organization.

We are committed to protecting personal data in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

2. Roles and Responsibilities (Controller vs Processor)

2.1 Customer as Data Controller

Organizations subscribing to the MediStrata service (e.g., clinics, healthcare providers) act as Data Controllers.

• They determine the purposes and means of processing personal data
• They retain full ownership and control over all data processed באמצעות the App

2.2 EvolverAI as Data Processor

EvolverAI GmbH acts as a Data Processor, processing personal data:

• Solely on behalf of the Customer
• In accordance with contractual agreements
• Under documented instructions from the Customer

Important:
All patient-related data processed by means of MediStrata remains the property of the Customer (clinic or subscribing organization).

3. Categories of Data Processed

3.1 Account and User Data

• Name
• Email address
• Authentication credentials

Purpose:

• User authentication
• Service access management
• Communication

3.2 Customer Data (Including Patient-Related Data)

The App processes data input by authorized users, which may include:

• Textual data
• Audio recordings and transcriptions
• Contextual or operational information
• Patient-related data (which may include sensitive data such as health information)

⚠️ Important:

• This data is provided and controlled by the Customer
• EvolverAI does not determine the content or purpose of such data
• Processing occurs strictly to deliver the contracted service

3.3 Audio Data (Microphone Usage)

The App uses the device microphone exclusively for speech-to-text functionality.

• Audio recording is initiated only by explicit user action
• No background recording occurs

Processing Workflow:

1. Audio is temporarily captured on the device
2. Secure transmission to processing services
3. Speech-to-text conversion
4. Automatic deletion within 24 hours

3.4 Technical and Log Data

• Error logs
• System diagnostics

Purpose:

• Security
• System reliability
• Performance optimization

4. Legal Basis for Processing

Processing is carried out on the following legal bases:

• Contractual necessity (service delivery to Customers)
• Legitimate interests (security and system integrity)
• Customer responsibility for establishing lawful basis when acting as Data Controller

Where sensitive data (e.g., health-related information) is involved:

• It is processed only under Customer instructions
• EvolverAI does not independently use or analyze such data beyond service provision

5. Data Ownership

All data processed within the App, including patient-related data:

• Remains the exclusive property of the Customer
• Is not used, sold, or monetized by EvolverAI
• Is processed solely for the purpose of providing the service

6. Subprocessors and Third-Party Services

We engage trusted subprocessors to deliver the service:

• Speech-to-text processing: Soniox (EU)
• AI processing via Microsoft Azure (EU region)
• Cloud infrastructure: Exoscale (Switzerland)

All subprocessors:

• Are bound by Data Processing Agreements (DPAs)
• Provide adequate safeguards under GDPR
• Process data only under our instructions

7. Data Transfers and Storage

• Data is processed and stored within Switzerland and the European Union
• No transfers occur outside these regions without appropriate safeguards

8. Data Retention

• Audio data: maximum 24 hours, then deleted
• Other data: retained pursuant to Customer instructions and contractual obligations

9. Security Measures

We implement industry-standard technical and organizational measures, including:

• Encryption in transit (TLS/HTTPS)
• Secure infrastructure (cloud-based, access-controlled)
• Role-based access control
• Data minimization principles
• Monitoring and logging for security

10. Professional Use and Third-Party Data (Including Children)

The App is designed exclusively for professional use by authorized personnel and is not intended for direct use by patients or children.

Users may process personal data of third parties (e.g., patients), including minors, within the scope of their professional responsibilities.

In such cases:

• The Customer acts as Data Controller
• EvolverAI acts as Data Processor
• The Customer is responsible for ensuring lawful processing, including obtaining any required consents

EvolverAI does not knowingly collect data directly from children as end users.

11. Data Sharing

We do not sell or commercialize personal data.

Data is shared only:

• With subprocessors necessary for service delivery
• Under strict contractual and security obligations

12. Data Subject Rights

Data subjects should direct requests (access, rectification, deletion, etc.) to the Customer (Data Controller).

EvolverAI will:

• Assist Customers in fulfilling such requests
• Action taken pursuant to contractual obligations

13. Data Deletion

Customers may request deletion of data in accordance with their contractual rights.

Additionally, requests may be submitted to: removal@evolverai.ch

• Requests are processed within 7 days
• Verification may be required

14. No Advertising or Profiling

The App:

• Does not include advertising
• Does not perform profiling
• Does not use personal data for marketing purposes

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be communicated through appropriate channels.

16. Contact Information

EvolverAI GmbH
Zwydenweg 3
CH-6052 Hergiswil
Switzerland

E-mail: info@evolverai.ch