top of page

Privacy Policy

December, 5th 2025

At Smrtlife AG, we place great importance on the protection of your personal data. This privacy policy explains how we collect, use, store, and process your personal information, as well as your rights in relation to your data.

 

Additional privacy policies and other legal documents, such as Terms and Conditions, may apply to specific or additional activities and services.

By accessing the application or using the service, you agree to the current version of this privacy policy and are bound by its terms.

 

1. Contact Information

Responsible for data processing:

Smrtlife AG

Terrassenweg 1d

6300 Zug

Switzerland

info@smrtlife.ch


In individual cases, there may be other data controllers or joint controllership with at least one other party.

2. Terms and Legal Bases

2.1 Terms

Personal data refers to all information relating to an identified or identifiable natural person. This includes, for example, name, address, email address, telephone number, or IP addresses.

Sensitive personal data includes data about union membership, political, religious, or philosophical views and activities; health data; data related to intimate life or ethnic or racial origin; genetic data; biometric data that uniquely identifies an individual; data on criminal or administrative sanctions or proceedings; and data related to social assistance measures.

Processing of personal data refers to any operation performed with such data, regardless of the methods and procedures used. This includes, for example: querying, matching, adjusting, archiving, retaining, reading, disclosing, obtaining, collecting, recording, erasing, publishing, sorting, organizing, storing, modifying, distributing, linking, destroying, or using personal data.

A data subject is a natural person whose personal data is being processed.

2.2 Legal Bases

This Privacy Policy complies with the requirements of the Swiss Federal Act on Data Protection (FADP) and the Swiss Data Protection Ordinance (DPO), as well as the EU General Data Protection Regulation (GDPR).

3. Processed Data and Purpose

3.1 Processed Data and Purpose

We only process the personal data necessary to offer our services and activities securely, reliably, user-friendly, and sustainably. Such personal data may fall into the following categories: master and contact data, browser and device data, content data, meta or log data, and health data (specifically laboratory reports uploaded by the user).

3.2 Duration of Processing

Personal data is processed only as long as necessary for the respective purpose or as required by law. Once processing is no longer necessary, the data will be deleted or anonymized.

 

3.3 Cooperation with Third Parties

In certain cases, we process personal data through specialized third-party providers or transmit it to third parties—for example, for technical, administrative, or contractual purposes. In doing so, we ensure that such third parties also comply with all applicable data protection regulations and maintain an adequate level of data protection.

 

3.4 Consent and Legal Bases

As a rule, we only process personal data with the data subject’s consent. Consent may be waived if processing is permitted for other legal reasons. These include, in particular:

  • Fulfillment of a contract or pre-contractual measures,

  • Compliance with legal obligations,

  • Protection of our overriding legitimate interests or those of third parties.

 

Explicit Consent for Health Data: By uploading laboratory reports, the user explicitly consents to the processing of the special categories of personal data contained therein (Art. 9 GDPR; Art. 30 FADP) for the purpose of analysis and report generation. This consent is obtained via a mandatory confirmation mechanism prior to upload.

 

3.5 Data from Third-Party Sources

In addition, we may collect personal data from publicly accessible sources, receive it from third parties, or collect it in the course of our business activities, provided this is legally permissible.

4. Communication

We process personal data in order to enable and improve communication with affected individuals or third parties. This includes, in particular, data transmitted to us in the course of establishing contact, for example, via email, postal mail, or other communication channels.

We may store such data in an address book or similar systems to organize and track communication.

Third parties who transmit data about other individuals are obligated to ensure data protection with respect to the affected individuals. Among other things, this includes ensuring the accuracy of the transmitted personal data.

To ensure efficient communication, we use selected services from appropriate providers (e.g., email services). These providers are carefully selected and contractually obliged to comply with applicable data protection laws and ensure an adequate level of data protection.

5. Data Security

We implement appropriate technical and organizational measures to ensure the security of your personal data. These measures are risk-based and designed to protect the confidentiality, integrity, traceability, and availability of the data, although absolute data security cannot be guaranteed.

Your data is securely stored on servers within Switzerland and the European Union. Access to our website and other online services is protected by transport encryption. Patient data is immediately encrypted upon registration. A specialized, server-side redaction process ("Privacy Filter") is employed to automatically detect and mask direct identifiers (such as Name, Date of Birth, Patient ID) from uploaded documents before they are transmitted to any third-party sub-processors for OCR or analysis.

 

Further processing takes place exclusively in anonymized and randomized form, ensuring no link to identifiable personal data. Access to the data is restricted to authorized individuals and is strictly logged.

6. Personal Data Abroad

We generally process personal data in Switzerland and/or within the European Union (EU). In individual cases, the transfer of personal data to other countries may be necessary, for example, for processing by specialized service providers.

Such transfers only take place to countries that provide an adequate level of data protection, as determined by the Swiss Federal Council or the European Commission. If we transfer data to countries that do not offer a comparable level of data protection, we ensure the protection of your personal data by implementing appropriate safeguards, such as standard data protection clauses. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection, provided the specific legal conditions for such transfers are met, for example, the explicit consent of the affected individuals or a direct connection with the conclusion or performance of a contract. Affected individuals can request further information on the safeguards in place.

 

7. Rights of Affected Individuals

7.1 Data Protection Rights

In accordance with applicable data protection laws, affected individuals have the following rights:

  • Access: Affected individuals may request information about whether we process personal data about them, and if so, which personal data is involved. They also receive the necessary information to exercise their data protection rights and to ensure transparency. This includes the processed personal data as such, and—among other things—information on the processing purpose, retention period, any disclosure or export of data to other countries, and the source of the personal data.

  • Rectification and Restriction: Affected individuals may have incorrect personal data corrected, incomplete data completed, and restrict the processing of their data.

  • Erasure and Objection: Affected individuals may request the deletion of personal data ("right to be forgotten") and object to the future processing of their data.

  • Data Portability and Data Transfer: Affected individuals may request the release of their personal data or the transfer of their data to another controller.

We may defer, restrict, or deny the exercise of these rights within the legally permissible scope. We may inform affected individuals of any conditions that must be met in order to exercise their data protection rights. For example, we may partially or fully refuse access with reference to trade secrets or the protection of other individuals. We may also partially or fully deny deletion requests with reference to legal retention obligations.

In exceptional cases, we may charge a fee for the exercise of these rights. We will inform affected individuals in advance of any such costs.

We are obligated to appropriately identify individuals who request access or assert other rights. Affected individuals are required to cooperate in this process.

 

7.2 Legal Remedies

Affected individuals may assert their rights through legal action or file a complaint with a data protection authority. In Switzerland, the competent supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).

 

8. Use of the Website

8.1 Cookies

We use cookies to ensure and improve the functionality of our website. Cookies are small data files stored in your browser that help us recognize your browser during repeat visits. There are session cookies, which are deleted when you close your browser, and persistent cookies, which remain stored for a defined period. Persistent cookies may be used for purposes such as reach measurement or marketing.

You can disable or delete cookies at any time in your browser settings. Please note that our website may not function fully without cookies. Where legally required, we obtain your consent for the use of cookies.

 

8.2 Logging

We may log at least the following information for each access to our website and other online presence, provided it is transmitted to our digital infrastructure during such access:
Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page accessed on our website including amount of data transferred, and the previously visited webpage in the same browser window (referrer).

We log such information, which may also qualify as personal data, in log files. This information is required to ensure the long-term, user-friendly, and reliable availability of our online presence. It is also necessary to ensure data security—including with or through third parties.

 

8.3 Tracking Pixels

We may include tracking pixels in our online presence. Tracking pixels (also known as web beacons) are typically small, invisible images or JavaScript-based scripts that are automatically loaded when our online presence is accessed. These pixels—also from third parties whose services we use—can collect at least the same data as recorded in log files.

 

8.4 Comments

We plan to offer the possibility to publish comments on our website in the future. Once this function is activated, we will process the necessary data, such as the information provided by the commenting person, their IP address, and the date and time of the comment. This data is necessary to enable the publication of comments and prevent misuse. The processing is carried out based on our overriding legitimate interest.

 

9. Social Media

We maintain profiles and presences on social media platforms as well as other online services in order to communicate with interested individuals and to inform them about our offerings and activities. In this context, personal data may also be processed outside of Switzerland.

The respective applicable Terms and Conditions (T&Cs), Terms of Use, and Privacy Policies of the operators of these platforms apply. These provisions include, in particular, information about the rights of data subjects vis-à-vis the respective platform, such as the right to access.

 

10. Third-Party Services

We use services provided by specialized third-party providers in order to make our activities and operations secure, reliable, and user-friendly. These services enable us, for example, to integrate functions or content into our website. For technical reasons, it is essential that these providers have at least temporary access to users' IP addresses.

For necessary statistical, security-related, and technical purposes, these services may process data in anonymized, pseudonymized, or aggregated form. This is done to ensure and continuously improve the functionality of the services.

We collaborate with selected service providers that comply with the highest data protection standards. Examples of such providers include:

  • Hoststar: We use Hoststar (Multimedia Networks AG) for domain registration and DNS services.

  • AWS: We use AWS services (Textract) for Optical Character Recognition (OCR). Data transmitted to AWS for this purpose is pre-redacted by Smrtlife AG to remove direct personal identifiers. Data is processed in AWS data centers located in the EU (Stockholm).

  • Anthropic: We use the Claude Large Language Model (LLM) exclusively for the recognition and structuring of laboratory values from the uploaded documents. The subsequent interpretation and wellbeing analysis are executed entirely by our proprietary technology. Only anonymized laboratory data is processed by this service; no personal user data is shared.

  • Digital Ocean: We use Digital Ocean for secure cloud hosting, computing power (Kubernetes), and database storage of our application. Data is stored exclusively in data centers located within the European Union (Amsterdam).

  • WIX: Our landing page and general website information are hosted by Wix.com. WIX processes technical usage data (such as IP addresses) to display the website securely.

  • Google: Various services for analysis and integration of functions. Further information can be found in Google's privacy policy.

  • Microsoft: Use of services to support functionalities and infrastructure. Further details on Microsoft's data protection practices can be found on their website.

 

We ensure that our partners comply with applicable data protection requirements and are happy to provide you with further information on the services used and how your data is processed upon request.

 

10.1 Digital Infrastructure

 

We use services from specialized third-party providers to deliver the digital infrastructure necessary for our activities and services. These services include, in particular, hosting and storage services. Your data is processed securely and stored exclusively within the European Union or Switzerland.

 

10.2 Automation and Integration of Apps and Services

We use specialized platforms to integrate third-party apps and services and to automate workflows. These technologies enable us to design our services efficiently and user-friendly.

 

10.3 Social Media Features and Social Media Content

We use plugins and services from social media platforms to provide content and features on our website. These allow you, for example, to share content or interact with our social media profiles. In the process, data such as your IP address may be transmitted to the respective platform providers. Further information can be found in the privacy policies of the respective platforms.

 

10.4 Fonts

We use services from third-party providers to deliver fonts, icons, and symbols on our website. When these contents are loaded, data such as your IP address may be transmitted to the respective provider. For further information, please refer to the privacy policies of the relevant providers.

 

10.5 Advertising

We use the option to run targeted advertisements via external platforms such as search engines and social networks, in order to reach individuals who may be interested in our services. To this end, we may transmit relevant — potentially also personal — data to third parties that enable such advertising. We may also track whether our advertisements are successful, meaning in particular whether they lead to visits to our website. Third parties on whose platforms we advertise and with whom you as a user are registered may potentially associate the use of our website with your profile there. For more information on the technologies used and their privacy policies, please refer directly to the respective providers.

 

11. Questionnaire Data Collection

Before processing laboratory results, users may be invited to complete a questionnaire that includes basic demographic and general wellness information (e.g., age, gender, ethnicity, lifestyle, nutrition, or overall wellbeing).

The purpose of this questionnaire is exclusively statistical and scientific — to help improve and further develop our software models, particularly in identifying and validating correlations or data patterns. The collected information will not be used for diagnostic, medical, or marketing purposes.

All data collected through the questionnaire will be processed in a strictly anonymized form for statistical analysis. Where pseudonymization is required for technical linkage, it is maintained with strict access controls. No direct personal identification is possible.

The legal basis for this processing is our legitimate interest, pursuant to Art. 6(1)(f) GDPR and Art. 31 FADP, in continuously improving and scientifically validating our software and in advancing research in preventive health analytics.

12. Performance and Reach Measurement

 

We analyze how our online offering is used in order to evaluate its effectiveness and reach. This includes, among other things, measuring the success of our activities and third-party links to our website, as well as using methods such as A/B testing to compare different versions of our offering. The insights gained help us fix errors, strengthen preferred content, and further optimize our online presence.

For performance and reach measurement, users' IP addresses are generally processed. These IP addresses are typically shortened (so-called "IP masking") to meet data protection requirements and to preserve anonymity as far as possible.

 

Cookies may be used in the course of performance and reach measurement, and user profiles may be created. Such user profiles may include, for example, the specific pages visited or content viewed on our website, information about screen or browser window size, and an approximate location. In principle, any such user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Some third-party services with which users are registered may be able to associate the use of our online offering with their user account or profile on the respective platform.

We use services for performance and reach measurement that help us aggregate, analyze, and manage data. The selection of services used is made with consideration for data protection regulations.

 

13. Final Provisions

We reserve the right to amend or supplement this Privacy Policy at any time. We will inform you about changes or additions in an appropriate manner, particularly by publishing the most current version of the Privacy Policy on our website.

The German version of this Privacy Policy is legally binding, including for international users. All other language versions are for convenience only. In case of doubt, the German original shall prevail.

bottom of page