LogicBasis // Organisation

Privacy Policy

Valid from: June 2026

1. Principles

LogicBasis processes only the data strictly required for system operation, access management, billing, security, and user‑requested functionality.

The following applies:

  • no data is shared for advertising
  • no data is sold
  • no behavioural profiling
  • no use of data for model training

2. Data Categories

2.1 Account Data

  • email address
  • authentication identifiers
  • account status (Supabase Auth)

2.2 User Content

  • Room: user‑generated messages, session state, conversation history
  • Market: usage and billing metadata only (no content or text storage)

2.3 Technical Data

  • IP address
  • device and browser information
  • timestamps
  • technical access and request logs

2.4 Billing Data

Processed exclusively through Stripe. LogicBasis stores only:

  • payment status
  • subscription status
  • transaction references

No raw payment data is stored.

2.5 Security Data

  • hashed API keys
  • access tokens
  • rate‑limit identifiers
  • abuse‑prevention and integrity signals

3. Processing in Subsystems

Room

Room stores conversation history and session state to enable continuous use. Data is isolated per user (Row‑Level Security). No external analysis, no training, no profiling.

Market

Market processes only:

  • account metadata
  • usage counters
  • credit balances
  • billing information

Market does not store text inputs, model outputs or conversation history. Temporary processing occurs only for execution, security or diagnostics. All payments are handled entirely through Stripe.

4. Purpose of Processing

  • service delivery and system operation
  • authentication and access control
  • billing and subscription management
  • system integrity, monitoring and abuse prevention
  • security and fraud detection

No additional purposes are pursued.

5. Third‑Party Services & Subprocessors

LogicBasis uses the following service providers:

  • Supabase — authentication, database, row‑level security
  • Stripe — payment processing and billing
  • Vercel — hosting and infrastructure
  • OpenAI — processing of text inputs for response generation

OpenAI processes inputs only for real‑time response generation. Inputs are not used for training or model improvement.

Data may be processed outside Switzerland (EU, USA). Protection is ensured through Standard Contractual Clauses and established compliance frameworks.

6. API Security

  • API keys are stored only in hashed form
  • keys are bound to user accounts
  • validation occurs server‑side
  • abuse protection, rate‑limits and integrity checks are active
  • no sensitive keys or secrets are exposed to clients

7. Storage & Retention

Storage Rules

  • account data: retained until account deletion
  • Room data: retained until user deletion or account termination
  • billing data: retained according to legal and accounting obligations
  • API keys: stored only in hashed form
  • technical logs: retained for a maximum of 30 days (unless required for security cases)

Deletion

Users may request deletion at any time. Legal retention obligations remain unaffected.

8. Data Disclosure

Data is shared only with essential service providers required to operate LogicBasis systems.

No data is shared for advertising. No data is shared without a legal basis.

9. User Rights

  • access their data
  • request correction
  • request deletion
  • request data export

Requests may be sent to: contact@logicbasis.ch