Courtesy translation. The German version is legally binding.

Privacy policy.

This policy describes how ailean Real Estate Technologies AG processes personal data. It follows the revised Swiss Data Protection Act (revFADP, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Controller

ailean Real Estate Technologies AG, Zypressenstrasse 60, 8004 Zurich, Switzerland. UID CHE-415.801.057. Contact for data protection enquiries: [email protected].

2. What data we process

We process data you actively provide to us (for example in a contact request, when signing up for the investor update, in a job application or when using the live demo) and data that arises technically when you visit our website (IP address, browser type, time of access).

3. Purpose of processing

Processing takes place to answer your enquiry, to deliver our contractual services, to ensure the secure operation of our website and to fulfil legal obligations.

4. Legal basis

Processing is based on your consent, a contract with you, or our legitimate interests. For users in the EU we additionally rely on Art. 6 GDPR. Where the revFADP and the GDPR differ, we apply the stricter level of protection.

5. Hosting and storage location

The ailean platform runs on Microsoft Azure in the “Switzerland North” region (Zurich area) with geo-redundancy in “Switzerland West” (Geneva area). Our customers' tenant and property data is stored in Switzerland; transmission and storage are encrypted (in transit and at rest). For individual processing steps we use contractually bound service providers (section 6).

6. Service providers (sub-processors)

We only pass on data where this is necessary to deliver our services, where you have consented, or where we are legally obliged to. We do not sell data. Every service provider is bound by a data processing agreement. The main services used:

  • Microsoft Azure (cloud infrastructure, Switzerland; ISO 27001/27017/27018, SOC 1/2/3)
  • Supabase (product database, EU)
  • n8n, self‑hosted (workflow automation, Germany/EU)
  • OpenAI (AI inference, EU/USA; enterprise API with zero data retention, no training on ailean inputs)
  • Meta / WhatsApp Business API (tenant channel, EU/USA)
  • Twilio (SMS/telephony, USA/EU; being replaced by self-hosted 3CX in Switzerland)
  • Resend, Cloudflare, Railway (email delivery, CDN/security, app hosting, USA/EU)
  • Stripe (payment processing, EU; PCI DSS Level 1)
  • Google Workspace (internal collaboration, incl. job applications, EU/USA)
  • Run my Accounts AG (accounting, Switzerland)

The complete, continuously updated sub-processor list forms part of our data processing agreement and is made available to customers on request. Customers are informed of changes in advance and have a right to object.

7. Disclosure abroad

Where processing takes place outside Switzerland or the EU/EEA (in particular the USA), we rely on the requirements of Art. 16 et seq. revFADP and Art. 44 et seq. GDPR: the Swiss–US Data Privacy Framework where the recipient is certified, or the EU Standard Contractual Clauses (SCC 2021/914) with the Swiss annex, supplemented by technical safeguards and a documented transfer impact assessment. If a transfer basis ceases to apply, we inform affected customers without delay.

8. Processing on behalf of property management companies

Where ailean processes tenant data within the platform, ailean acts as a processor on behalf of the respective property management company; the controller within the meaning of data protection law (Art. 5 revFADP, Art. 4 GDPR) is the property management company. The basis is a data processing agreement (DPA) under Art. 9 revFADP and Art. 28 GDPR with instruction rights, confidentiality obligations and technical and organisational measures.

If tenants address data protection requests directly to ailean, we forward them to the responsible property management company without delay. We report data breaches to our customers within 48 hours of becoming aware of them. After the end of the contract, personal data is returned or deleted at the customer's choice — without instruction, at the latest after 30 days.

9. Artificial intelligence and data protection

ailean does not use customer data (inputs and outputs) to train or fine-tune AI models; for model improvements we use exclusively irreversibly anonymised or aggregated data with no personal reference. The integrated language model (OpenAI) is operated via the enterprise API with zero data retention and is contractually excluded from training on ailean inputs. Customers and data subjects in any case have a right to object (opt out) exercisable at any time.

10. Your rights

You have the right to access, rectification, erasure, restriction of processing and data portability. You may withdraw your consent at any time and lodge a complaint with the competent supervisory authority (in Switzerland: the Federal Data Protection and Information Commissioner, FDPIC).

11. Cookies and tracking

This website currently uses no tracking cookies and no third-party analytics scripts. Technically necessary settings (such as language preferences) remain locally in your browser and are not transmitted to us.

12. Security

We implement the technical and organisational measures required under Art. 8 revFADP and Art. 32 GDPR: encryption in transit and at rest, multi-factor authentication, role-based need-to-know access, tenant separation, logging, and backup and contingency concepts. Details of our security architecture can be found at Security.

13. Changes

We may amend this privacy policy at any time. The current version is always available on this page.

Version: 4 July 2026.