Cette page est disponible uniquement en anglais
Privacy Policy
Effective date: 2026-05-21 | Last updated: 2026-05-21
Previous versions: v1 (Feb 2026)
Contents
True Aim AG (“True Aim”, “we”, “us”) provides a multi-tenant claims-processing platform (“Service”). This Privacy Policy describes how we collect, use, disclose, and protect personal data when our customers (“Tenants”) and their end users (collectively, “you”) interact with our Service or with this website.
1. Roles
For personal data submitted by a Tenant about its end users in connection with the Service, the Tenant is the data controller and True Aim acts as a data processor under a data processing agreement. For personal data we collect directly, including account information of Tenant administrators and marketing-site visitor data, True Aim acts as a data controller.
2. Categories of personal data we process
- Account data: name, email, organisation, role, authentication metadata.
- Claims data submitted by Tenants: claim narratives, claimant identifiers, dates of loss, policy numbers, uploaded documents.
- Derived data: structured data extracted from uploaded documents by our document intelligence and language model components.
- Usage and telemetry: application logs, audit trail entries, request metadata, operational metrics.
- Website data: IP address, browser metadata, pages visited (collected via standard server logs and, where applicable, cookies as described in our Cookie Notice).
3. Lawful bases for processing (GDPR / Swiss FADP)
Contract performance, legitimate interest in operating and securing the Service, consent where required, and legal obligation.
4. How we use personal data
To provide and operate the Service; authenticate users; detect, investigate, and prevent security incidents; comply with legal obligations; and improve the Service in aggregated, non-identifying form. We do not sell personal data and we do not use Tenant data to train foundation models.
5. Sub-processors and disclosures
We host the Service on Microsoft Azure in Switzerland North. Our active sub-processors are:
- Microsoft Azure (compute, database, storage, networking, Application Insights, Key Vault, Container Registry).
- Microsoft Azure OpenAI Service (language model inference; no training on customer data).
- Microsoft Azure Document Intelligence (document OCR and extraction).
- Google Workspace (business email and operational documents, EU region).
Tools used internally (source control, CI/CD, CRM) that do not process Tenant production data are not customer sub-processors and are not listed here. We do not disclose personal data to other third parties except as required by law or with explicit Tenant instruction.
6. International transfers
Personal data is stored in Switzerland. Where processing occurs outside Switzerland or the EU/EEA, we rely on Standard Contractual Clauses and equivalent safeguards.
7. Security
We protect personal data using administrative, technical, and physical controls including encryption in transit and at rest, network segregation, least-privilege access, multi-factor authentication, and continuous monitoring. Our security posture is described in further detail at trueaim.ai/security and in our SOC 2 report (available under NDA).
8. Retention
We retain personal data only as long as necessary to deliver the Service and meet our legal obligations. Tenant data is retained for the duration of the Tenant’s subscription plus the contractually agreed return/deletion period. Specific retention periods are documented in our internal data retention schedule and reflected in our customer Data Processing Agreement.
9. Your rights
Subject to applicable law (including GDPR and Swiss FADP), you have rights of access, rectification, erasure, restriction, portability, and objection. If you are an end user of a Tenant, please contact the Tenant first; we will support the Tenant in fulfilling your request. To contact us directly, email privacy@trueaim.ai. You also have the right to lodge a complaint with a supervisory authority. In Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); in the EU, your local data protection authority.
10. Automated decision-making
The Service supports human-in-the-loop claims processing. Outputs of our document intelligence and language models are recommendations to Tenant operators; final decisions are made by the Tenant’s authorised personnel. No solely-automated decisions producing legal or similarly significant effects are taken by True Aim against end users.
11. Changes to this policy
We will update this policy as our practices evolve. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated to active Tenants.
12. Contact
True Aim AG, c/o Yarowa AG, Metallstrasse 9, 6300 Zug, Switzerland.
Email: privacy@trueaim.ai.