Mont Virtua GmbH Bahnhofstrasse 20, 6300 Zug, Switzerland UID: CHE-451.311.553
Last updated: 26 March 2026
1. Controller
The controller responsible for data processing on this website and through our services is:
Mont Virtua GmbH Bahnhofstrasse 20 6300 Zug, Switzerland
Email: [email protected] Phone: +41 79 611 1551
2. Scope
This privacy policy explains how Mont Virtua GmbH (“Mont Virtua”, “we”, “us”) collects, processes, and protects personal data in connection with:
- Our website at montvirtua.com
- Our platform Enclava at enclava.ch
- Any other services, tools, or communications we provide
This policy applies in accordance with the Swiss Federal Act on Data Protection (FADP, SR 235.1, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).
3. Personal data we collect
3.1 Website visitors
When you visit our website, we may collect:
- Technical data: IP address, browser type, operating system, device type, referring URL, pages visited, date and time of access
- Cookies and similar technologies: See Section 7 below
3.2 Contact form and communications
When you contact us or submit a form, we collect:
- Name
- Email address
- Company name (if provided)
- Phone number (if provided)
- Message content
- Any other information you voluntarily provide
3.3 Platform users (Enclava)
When you use our Enclava platform, we collect:
- Account registration data (name, email, company, role)
- Authentication data (login credentials, SSO tokens)
- Usage data (queries, document uploads, feature usage, timestamps)
- Documents you upload to your knowledge base
- Query logs and AI interaction history
3.4 Business contacts
For business relationship management, we process:
- Name, title, and company affiliation
- Business email and phone number
- Meeting notes and correspondence history
4. Purposes and legal basis
We process personal data for the following purposes:
| Purpose | Legal basis (FADP) | Legal basis (GDPR, where applicable) |
|---|---|---|
| Providing and operating our website | Legitimate interest | Art. 6(1)(f) GDPR |
| Responding to inquiries | Performance of contract / pre-contractual measures | Art. 6(1)(b) GDPR |
| Providing Enclava platform services | Performance of contract | Art. 6(1)(b) GDPR |
| Improving our services and website | Legitimate interest | Art. 6(1)(f) GDPR |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) GDPR |
| Compliance with legal obligations | Legal obligation | Art. 6(1)(c) GDPR |
| Marketing communications (with consent) | Consent | Art. 6(1)(a) GDPR |
5. Data sharing
We share personal data only where necessary:
Service providers. We use third-party providers to operate our infrastructure, including hosting, email, analytics, and payment processing. These providers process data on our behalf under data processing agreements.
Swiss-hosted infrastructure. Platform data (Enclava) is processed and stored exclusively on Swiss-hosted infrastructure. We do not transfer platform data to servers outside Switzerland.
Legal requirements. We may disclose personal data if required by Swiss law, regulation, or legal process.
No sale of data. We do not sell personal data to third parties.
Current service providers include:
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | Website hosting, CDN, DDoS protection | Global (website content only, no personal user data) |
| Exoscale | Platform infrastructure (Enclava) | Switzerland (Geneva/Zurich) |
| GitHub | Code repository (no personal user data) | USA |
6. International data transfers
For website operation, certain technical data (such as IP addresses) may be processed by service providers outside Switzerland. Where this occurs, we ensure adequate protection through:
- Adequacy decisions recognized by the FDPIC
- Standard contractual clauses (EU SCCs)
- Other appropriate safeguards under Art. 16-17 FADP
Platform data (documents, queries, and AI interaction data) processed through Enclava remains in Switzerland. We do not transfer this data abroad.
7. Cookies and tracking
7.1 Essential cookies
We use technically necessary cookies for website functionality (session management, security). These do not require consent.
7.2 Analytics
We use privacy-respecting analytics to understand website usage. We do not use Google Analytics. If analytics tools are deployed, we will use cookieless, privacy-first solutions that comply with FADP without requiring a consent banner.
7.3 Third-party embeds
Our website may contain embedded content from third parties (e.g., calendar booking tools). These may set their own cookies. We will identify any such embeds here:
- Calendly (booking tool): Subject to Calendly’s privacy policy
8. Data retention
We retain personal data only as long as necessary for the purposes described above or as required by law.
| Data type | Retention period |
|---|---|
| Website access logs | 90 days |
| Contact form submissions | Duration of business relationship + 1 year |
| Platform account data | Duration of contract + 10 years (Swiss commercial law) |
| Platform usage data and query logs | Duration of contract + 1 year |
| Uploaded documents | Deleted within 30 days of account termination |
| Marketing consent records | Until consent is withdrawn + 3 years |
After the retention period, data is securely deleted or anonymized.
9. Data security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and role-based permissions
- Regular security reviews
- Audit logging of data access
- Swiss-hosted infrastructure for platform data
10. Automated decision-making
Our AI platform assists users in legal research, compliance analysis, and document review. The AI generates suggestions and retrieves information but does not make autonomous decisions with legal effect concerning individuals.
Users are always responsible for professional judgment regarding the output of our tools. No automated individual decision-making within the meaning of Art. 21 FADP takes place.
11. Your rights
Under the FADP (and GDPR, where applicable), you have the following rights:
- Right of access: You may request information about the personal data we hold about you.
- Right to rectification: You may request correction of inaccurate personal data.
- Right to deletion: You may request deletion of your personal data, subject to legal retention requirements.
- Right to data portability: You may request a copy of your data in a structured, machine-readable format.
- Right to object: You may object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
- Right to lodge a complaint: You may file a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
12. Children
Our services are not directed at persons under the age of 18. We do not knowingly collect personal data from children.
13. Changes to this policy
We may update this privacy policy from time to time. The current version is always available at montvirtua.com/privacy. Material changes will be communicated through our website or by email to registered users.
14. Contact
For questions about this privacy policy or your personal data:
Mont Virtua GmbH Bahnhofstrasse 20 6300 Zug, Switzerland
Email: [email protected] Phone: +41 79 611 1551