Navigation menu

Legal

Privacy Policy

Effective date: 2026-06-16

This Privacy Policy explains how DeepPsy AG (“DeepPsy”, “we”, “us”, or “our”) processes personal data when you visit our public marketing website, contact us, submit feedback or complaints, complete anti-spam checks, or subscribe to our newsletter.

This website is intended for general company, product, and service information. It is not intended for submitting patient data, medical records, EEG/ECG files, urgent medical requests, diagnoses, symptoms, medical history, or other sensitive health information.

If you are a patient or healthcare professional and need to share medical or case-related information with DeepPsy, please use the dedicated secure channels provided for that purpose.

1. Controller

The controller responsible for processing personal data through this website is:

DeepPsy AG
Forchstrasse 154
8125 Zollikon, Switzerland
Email: info@deeppsy.io

Data protection contact:

Mateo de Bardeci
Email: mateo.debardeci@deeppsy.io

2. Scope of This Policy

This Privacy Policy applies to the public DeepPsy marketing website and related website forms, including contact, feedback, and complaint forms, newsletter subscriptions, website analytics, anti-spam checks, web font delivery, and basic website security and hosting.

It does not apply to clinical workflows, patient data processing, secure case portals, EEG/ECG analysis, Biomarkers processing, clinical reports, research platforms, employment records, supplier records, or other services governed by separate agreements or privacy notices.

3. Personal Data We Process

Depending on how you use the website, we may process the following categories of personal data.

3.1 Website Operation, Logs, and Security Data

When you visit the website, our hosting provider and technical systems may process information needed to deliver and secure the website, such as:

  • IP address
  • requested URL and pages visited
  • date and time of request
  • browser or user agent
  • device type
  • operating system
  • referral source
  • error logs
  • security events
  • approximate location derived from technical information, such as country or region
  • campaign parameters, such as UTM parameters, if you arrive through a tagged link

3.2 Website Analytics Data

We use Plausible Analytics to understand aggregated website usage. Plausible may process limited analytics data such as:

  • page URL
  • referral source
  • browser type
  • operating system
  • device type
  • country, region, or city derived from IP address
  • campaign parameters, such as UTM parameters

We do not use website analytics to identify individual visitors, and we do not send names, email addresses, patient data, health information, form contents, or other sensitive information to Plausible.

3.3 Search Visibility Data

We use Google Search Console to understand how the website appears in Google Search. Search Console provides aggregated information such as:

  • search queries
  • impressions
  • clicks
  • search result position
  • indexed URLs
  • indexing or crawl issues

Google Search Console does not require us to place visitor-tracking cookies on the website.

3.4 Web Font Delivery Data

The website loads fonts through Google Fonts. When your browser requests Google Fonts CSS or font files, Google may receive technical request data such as:

  • IP address
  • requested URL on Google servers
  • browser and operating system information contained in HTTP headers
  • referrer page

Google states that the Google Fonts API does not set or log cookies and does not use information collected by Google Fonts to create end-user profiles or for targeted advertising.

3.5 Contact Form Data

If you contact us through a website contact form, we may process:

  • contact type or audience selected by the form
  • name
  • email address
  • phone number, if provided
  • message content
  • privacy acknowledgement record
  • date and time of submission
  • technical metadata needed to operate and secure the form

3.6 Feedback Form Data

If you submit general feedback through the website, we may process:

  • submission type
  • website locale/language
  • name, if provided
  • email address, if provided
  • phone number, if provided
  • organization or clinic, if provided
  • role
  • feedback area
  • feedback message
  • whether the feedback may describe a safety, defect, patient harm, or product/service concern
  • consent or preference for follow-up contact
  • privacy acknowledgement record
  • reCAPTCHA response token and related anti-spam metadata
  • date and time of submission
  • technical metadata needed to operate and secure the form

3.7 Complaint Form Data

If you submit a complaint or concern through the website, we may process:

  • submission type
  • website locale/language
  • name, if provided
  • email address
  • phone number, if provided
  • organization or clinic, if provided
  • role
  • product or service involved
  • case ID, report ID, or reference number, if provided and not patient-identifying
  • whether the reference number is unknown or not available
  • date the issue occurred or was noticed
  • country where the situation or complaint originated, if provided
  • issue description
  • whether anyone was or could have been harmed
  • clinical or operational impact category
  • whether the issue is ongoing
  • complaint investigation contact agreement
  • privacy acknowledgement record
  • reCAPTCHA response token and related anti-spam metadata
  • date and time of submission
  • technical metadata needed to operate and secure the form

3.8 Anti-Spam and Abuse Prevention Data

We use Google reCAPTCHA on feedback and complaint forms to protect the website and form systems from spam, abuse, and automated submissions. Google reCAPTCHA may process:

  • IP address
  • device and browser information
  • referrer and request information
  • user interaction or behavior signals used for risk analysis
  • cookies or similar technical storage, including the _GRECAPTCHA cookie
  • challenge responses and reCAPTCHA tokens
  • date and time of anti-spam checks

If reCAPTCHA cannot verify that a submission is legitimate, the form may not be accepted.

3.9 Newsletter Data

If you subscribe to our newsletter or marketing updates, we may process:

  • email address
  • audience or role selected in the subscription form
  • subscription consent record
  • subscription date and time
  • anti-CSRF or form security fields
  • confirmation status
  • unsubscribe status
  • delivery, bounce, and suppression information
  • email engagement information, such as opens or clicks, where used by the newsletter provider
  • technical delivery information, depending on the newsletter provider

4. Sensitive Data and Public Forms

Do not include patient data, health information, EEG/ECG files, diagnoses, symptoms, medical history, patient identifiers, or urgent medical requests in website forms.

If a complaint or feedback submission requires patient-specific or case-related information, submit the public form without patient identifiers. DeepPsy may request any required case-specific information later through an appropriate secure channel.

If sensitive health or patient-identifying information is submitted through a public website form despite these instructions, we will limit processing to what is necessary to secure, route, delete, or respond to the submission, or to comply with legal, regulatory, safety, or compliance obligations.

We process personal data for the following purposes:

PurposeData categoriesLegal basis
Operating, delivering, maintaining, and securing the websiteWebsite operation, logs, and security data; web font delivery dataLegitimate interests in operating, maintaining, securing, and presenting the website
Understanding website performance and content effectivenessAggregated website analytics dataLegitimate interests in improving the website, where analytics are privacy-friendly and do not use cookies or persistent visitor profiles
Understanding search visibility and indexingSearch visibility dataLegitimate interests in monitoring how the website appears in public search results and resolving indexing issues
Responding to contact requestsContact form dataLegitimate interests in responding to business or informational enquiries; pre-contractual steps where the request relates to potential services or collaboration
Handling feedbackFeedback form dataLegitimate interests in reviewing service feedback, improving website and service information, following up where appropriate, and maintaining records
Handling complaints, product concerns, safety concerns, privacy concerns, and service failuresComplaint form dataLegitimate interests in investigating and resolving complaints; legal obligations where applicable; compliance, safety, or regulatory interests where applicable
Preventing spam, abuse, automated submissions, and misuse of formsAnti-spam and abuse prevention dataLegitimate interests in protecting the website, forms, service providers, and users from spam, abuse, and security risks
Sending newsletters or marketing updatesNewsletter dataConsent, where required
Maintaining consent, acknowledgement, unsubscribe, complaint, and compliance recordsForm records, newsletter records, security records, and related metadataLegal obligations or legitimate interests, depending on the record

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect processing that occurred before withdrawal.

Where processing is based on legitimate interests, those interests include operating and securing the website, responding to submissions, protecting forms from abuse, improving public website content, and maintaining appropriate business, safety, legal, and compliance records.

6. Required and Optional Information

Some form fields are required so that we can process your request, feedback, complaint, or newsletter subscription. Required fields are marked in the relevant form.

If you do not provide required information, we may be unable to accept the form, respond to your request, investigate a complaint, or provide the requested newsletter subscription.

Optional fields help us understand and respond to your submission but are not required unless the form says otherwise.

7. Website Analytics

We use Plausible Analytics to understand how visitors use our website. Plausible is a privacy-focused analytics service that does not use cookies and does not create persistent visitor profiles.

Plausible helps us understand aggregated information such as which pages are visited, which referrers bring visitors to the website, which countries or regions visitors come from, and which public calls to action are used. We use this information to improve website performance, content, usability, and marketing effectiveness.

We do not send names, email addresses, patient data, health information, form contents, or other sensitive information to Plausible.

8. Google Search Console

We use Google Search Console to understand how the website appears in Google Search. Search Console provides aggregated information about search visibility, such as search queries, impressions, clicks, search result position, and indexing issues.

Google Search Console does not require us to place visitor-tracking cookies on the website.

9. Google reCAPTCHA

We use Google reCAPTCHA on feedback and complaint forms to help distinguish legitimate submissions from automated or abusive submissions.

reCAPTCHA uses technical and interaction signals to provide a risk analysis or challenge. It may set a necessary _GRECAPTCHA cookie and may process information such as IP address, browser and device information, referrer, interaction data, challenge responses, and reCAPTCHA tokens.

reCAPTCHA is used for security and abuse prevention. We do not use reCAPTCHA data for advertising or marketing profiling.

10. Google Fonts

We use Google Fonts to deliver website fonts. When fonts are loaded from Google servers, your browser sends technical request information to Google, including IP address, requested URL, HTTP headers, browser and operating system information, and referrer.

Google states that Google Fonts does not set or log cookies and does not use Google Fonts data to create end-user profiles or for targeted advertising.

11. Cookies and Similar Technologies

Our website is intended to operate without non-essential analytics or marketing cookies.

Plausible Analytics does not use cookies. Google Fonts does not set cookies for font delivery. Google reCAPTCHA may set the necessary _GRECAPTCHA cookie for risk analysis and abuse prevention when you use forms protected by reCAPTCHA.

If we introduce non-essential cookies, advertising pixels, embedded third-party media, session replay tools, or similar tracking technologies in the future, we will update this Privacy Policy and, where required, request consent before those technologies are used.

12. Newsletter and Marketing Communications

If you subscribe to our newsletter, we will use your email address and related subscription information to send you DeepPsy news, updates, and related information.

You can unsubscribe at any time by using the unsubscribe link in the email or contacting us at info@deeppsy.io.

13. Recipients, Processors, and Service Providers

We may share personal data with service providers that help us operate the website and related communications. Depending on the service and processing context, these providers may act as processors, subprocessors, or independent controllers for parts of their processing.

Current key providers include:

ProviderPurposeData that may be processed
Amazon Web Services (AWS)Website hosting and infrastructureWebsite assets, server logs, IP addresses, request metadata, security logs, and infrastructure data
Plausible AnalyticsWebsite analyticsAggregated website usage data, page URL, referrer, browser, operating system, device type, location derived from IP address, and campaign parameters
Google Search ConsoleSearch visibility and indexing informationAggregated search query, impression, click, position, URL, and indexing information
FormsparkContact, feedback, and complaint form handlingForm fields, message content, consent and acknowledgement records, submission timestamps, technical metadata, and anti-spam metadata
MailerLiteNewsletter signup, subscriber management, and marketing email deliveryEmail address, audience or role, consent records, subscription status, unsubscribe status, delivery information, and email engagement information where used
Google reCAPTCHASpam, abuse, and bot prevention on feedback and complaint formsIP address, browser and device information, referrer, interaction signals, cookies or similar technical storage, challenge responses, and reCAPTCHA tokens
Google FontsWeb font deliveryIP address, requested Google Fonts URLs, HTTP headers, browser and operating system information, and referrer

We may also share personal data with professional advisers, authorities, courts, regulators, or other parties where necessary for legal, regulatory, safety, compliance, or dispute-resolution purposes.

14. International Transfers

Some service providers may process personal data outside Switzerland, the European Union, or the European Economic Area.

Where personal data is transferred internationally, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual data protection commitments, recognized transfer frameworks where valid and applicable, or equivalent safeguards under applicable law.

You may contact us for more information about the safeguards used for international transfers.

15. Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Typical retention periods are:

  • website analytics data: according to the retention settings in Plausible
  • server, security, and hosting logs: up to 180 days, unless longer retention is needed to investigate security or technical issues
  • contact enquiries: up to 24 months after the last interaction, unless longer retention is needed for a business, legal, or compliance reason
  • feedback submissions: up to 24 months after the last interaction, unless longer retention is needed for a business, legal, safety, or compliance reason
  • complaint submissions: up to 24 months after the last interaction, unless longer retention is needed to investigate, resolve, defend, or document the complaint, or for a legal, regulatory, safety, or compliance reason
  • newsletter data: until you unsubscribe or we stop sending the newsletter, plus a limited record of unsubscribe or consent status where needed
  • reCAPTCHA, anti-spam, and form security metadata: according to the relevant provider settings and only as long as needed for security, troubleshooting, or abuse prevention

16. Your Rights

Depending on applicable law and your location, you may have rights to:

  • request information about how we process your personal data
  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request deletion of your personal data
  • request restriction of processing
  • object to processing, including processing based on legitimate interests
  • withdraw consent where processing is based on consent
  • request data portability where applicable
  • lodge a complaint with a competent data protection authority

To exercise your rights, contact us at info@deeppsy.io or mateo.debardeci@deeppsy.io.

We may need to verify your identity before responding to a request.

You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if the GDPR applies to your situation, with your local EU or EEA data protection supervisory authority.

17. No Automated Decision-Making

We do not use website data for automated decision-making that produces legal effects or similarly significant effects on individuals.

Google reCAPTCHA performs automated risk analysis to help protect forms from spam and abuse. This may affect whether a form submission is accepted, but we do not use this for legal, clinical, employment, insurance, credit, or similarly significant decisions.

18. Children

This website is not directed to children. We do not knowingly collect personal data from children through the website.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on this page with an updated effective date.

20. Contact

For privacy questions or requests, contact:

DeepPsy AG
Forchstrasse 154
8125 Zollikon, Switzerland
Email: info@deeppsy.io
Data protection contact: mateo.debardeci@deeppsy.io