Privacy Policy

Last updated: 2 May 2026

1. Data Controller

Mercurix Sàrl ("we")
Rue de Berne 58, c/o Semsa Salihbegovic, 1201 Geneva, Switzerland
UID: CHE-444.410.641
Email: [email protected]

2. Data We Process

  • Account data: first name, last name, work email, company, team size, role.
  • Content data: emails you authorize us to process via connected accounts (Gmail, Outlook), CRM metadata (Salesforce, HubSpot, Odoo), generated notes and summaries.
  • Technical data: IP address, browser type, access logs.
  • Communications data: messages you send us via website forms.

3. Purposes and Legal Bases

  • Providing the titop.ai service — performance of contract (GDPR Art. 6(1)(b))
  • Security and fraud prevention — legitimate interest (GDPR Art. 6(1)(f))
  • Account-related communication — performance of contract
  • Direct marketing — consent (GDPR Art. 6(1)(a)), withdrawable at any time
  • Compliance with legal obligations — legal obligation (GDPR Art. 6(1)(c))

4. Recipients

We share your data only with processors necessary to operate the service:

  • Cloudflare, Inc. (USA) — website hosting, under Standard Contractual Clauses.
  • Infomaniak Network SA (Switzerland) — transactional email service.
  • Our infrastructure in Switzerland for application compute.
  • Our GPU infrastructure (Switzerland or Europe depending on plan) for AI inference.

No data is sent to OpenAI, Anthropic, Google AI, or any other external cloud AI provider.

5. Transfers Outside Switzerland / EEA

For our cost-optimized European deployment option, certain processing may occur in European jurisdictions outside the EEA. In that case, we apply appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

For our Swiss residency option (regulated industries), data remains entirely within Switzerland.

6. Retention Periods

  • Account data: contract duration + 3 years (accounting and legal obligations)
  • Content data: based on your plan, 1 week (Free) to 1 year (Enterprise)
  • Technical logs: 90 days
  • Contact requests: 24 months

7. Your Rights

Under GDPR and nDSG, you have the following rights:

  • Access to your data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16)
  • Erasure ("right to be forgotten", Art. 17)
  • Restriction of processing (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdrawal of consent at any time

To exercise your rights, contact: [email protected]

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch) or your competent European supervisory authority.

8. Security

We implement appropriate technical and organizational measures: encryption in transit (TLS), encryption at rest, role-based access control, access logging, and regular audits.

9. Automated Decisions

titop.ai uses AI models to classify and summarize your emails. These processing operations do not produce legal effects on you. Final business decisions remain under your control.

10. Cookies

The titop.ai website uses no marketing tracking cookies. Only strictly necessary functional cookies are used.

11. Changes

We may update this policy. Material changes will be notified to you by email.

12. Contact

For privacy questions: [email protected]