Legal
Privacy Policy
Last updated: April 12, 2026
1. Introduction
EnableMate AG (“EnableMate”, “we”, “us”, or “our”) is an AI-powered SaaS platform that helps sales and marketing teams create on-brand, locally relevant customer materials. We are headquartered in Switzerland and are committed to protecting the personal data of our users, customers, and anyone else whose information we process.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it. It applies to all users of the EnableMate platform and website (enablemate.ai).
We process personal data in accordance with the Swiss Federal Act on Data Protection (nFADP / DSG), in effect since 1 September 2023, and — where applicable to our EU customers — the EU General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for your personal data is:
EnableMate AG
Switzerland
Email: privacy@enablemate.ai
If you are located in the EU and have questions about how we process your data, you may also contact our EU representative at the same address above.
3. Data We Collect
We collect the following categories of personal data when you use EnableMate:
Account Data
- Full name and email address
- Password (stored as a one-way hash — never in plain text)
- Organization name and role
- Account creation date and profile preferences
Usage Data
- Documents and campaigns created
- Features accessed and actions taken within the platform
- Timestamps of activity
Content Data
- Brand guidelines, tone configuration, and campaign materials you upload or configure
- Documents generated by the platform on your behalf
- Knowledge base content and training sources you provide
Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Referring URLs and page views
Cookie Data
- Authentication session tokens required to keep you logged in
- Optional analytics and preference cookies (only with your consent — see our Cookie Policy)
4. How We Use Your Data
We use your personal data to:
- Provide and operate the platform — creating your account, authenticating you, and delivering the features you use
- Generate AI-powered content — processing your brand inputs and instructions to produce sales materials on your behalf
- Enforce brand compliance — checking generated outputs against your configured guardrails and brand rules
- Improve the platform — diagnosing bugs, analysing usage patterns, and developing new features
- Communicate with you — sending account-related notifications, product updates, and support responses
- Fulfil legal obligations — where we are required to retain or disclose data by applicable law
We do not use your content to train AI models, and we do not sell your personal data to third parties.
5. Legal Basis for Processing (GDPR Art. 6)
For users in the European Economic Area, we process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing necessary to provide the EnableMate service you have subscribed to, including account management, content generation, and storage of your documents
- Legitimate interest (Art. 6(1)(f)) — security monitoring, fraud prevention, platform analytics, and product improvement, where these interests are not overridden by your rights
- Consent (Art. 6(1)(a)) — optional cookies and marketing communications, where you have given clear and specific consent that you may withdraw at any time
- Legal obligation (Art. 6(1)(c)) — retaining or disclosing data where required by Swiss or EU law
Under the Swiss nFADP, we rely on equivalent grounds: legitimate purpose for contractual and operational processing, and your consent where required.
6. AI Data Processing
EnableMate uses third-party AI providers to generate and process content on your behalf. When you create a document, upload brand materials, or run a compliance check, relevant portions of your input are sent to these providers to fulfil your request.
The AI providers we use are:
- Anthropic (Claude) — text generation, compliance checking, and AI-assisted revision
- OpenAI — text embeddings for knowledge base retrieval and AI image generation
Your data is sent to these providers solely to fulfil your generation requests. Neither Anthropic nor OpenAI uses data submitted via their API to train their models under their enterprise and API data policies. We have reviewed and rely on these commitments as part of our sub-processor due diligence.
Generated outputs — documents, images, and campaign materials — are stored in your organisation’s workspace within EnableMate and are not shared with any other organisation.
7. Sub-Processors
We engage the following sub-processors to operate the platform. Each is bound by a data processing agreement and may only process your data for the purposes described:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Frankfurt) |
| Anthropic | Text generation, compliance checking | US |
| OpenAI | Text embeddings, image generation | US |
| Vercel | Application hosting, edge network | Global (EU primary) |
We review our sub-processors regularly and will update this list when changes are made. You may request the current list at any time by contacting privacy@enablemate.ai.
8. International Data Transfers
Some of our sub-processors (Anthropic, OpenAI) are based in the United States. When we send data to these providers for AI processing, an international data transfer occurs.
We ensure adequate safeguards are in place for all such transfers:
- Transfers to the US are covered by the Swiss-US Data Privacy Framework and the EU-US Data Privacy Framework, where applicable
- Standard Contractual Clauses (SCCs) are in place with all sub-processors who process data outside Switzerland or the EEA
- We conduct transfer impact assessments to verify that recipient countries offer an adequate level of protection for your data
- All transfers comply with GDPR Chapter V and nFADP Articles 16–17
9. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy or as required by law:
- Account data — retained while your account is active. Deleted within 30 days of account closure upon request
- Generated documents— retained while your organisation’s account is active
- Usage logs — retained for 12 months, then anonymised
- Backups — deleted within 90 days of the original data deletion
If you delete your account, we will purge your personal data from active systems within 30 days and from backups within 90 days.
10. Your Rights
Under the GDPR and the Swiss nFADP, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure— request deletion of your personal data (“right to be forgotten”), where no overriding legal obligation requires us to retain it
- Right to restrict processing — request that we limit how we use your data in certain circumstances
- Right to data portability — receive your personal data in a structured, commonly used, machine-readable format
- Right to object — object to processing based on legitimate interest, including profiling
- Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing
- Right to lodge a complaint — you may complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU, to your local supervisory authority
To exercise any of these rights, contact us at privacy@enablemate.ai. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Data Security
Protecting your data is fundamental to how we operate. For full details, see our Security page. In summary:
- All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption
- Access to production data is restricted by role-based access controls (RBAC) and audit logs
- We conduct regular security assessments and monitor for anomalous activity
- Passwords are hashed using industry-standard algorithms — we never store them in plain text
If we become aware of a data breach that affects your rights, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.
12. Children’s Privacy
EnableMate is a business-to-business platform and is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@enablemate.ai and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last updated” date at the top of this page indicates when the most recent changes were made.
For material changes — those that significantly affect your rights or how we use your data — we will notify you via email or an in-app notice at least 14 days before the changes take effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.
We encourage you to review this policy periodically to stay informed about how we protect your data.
14. Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
EnableMate AG
Switzerland
Email: privacy@enablemate.ai
You also have the right to contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) directly:
If you are located in the EU, you may also contact your local supervisory authority. A list of EU data protection authorities is available at the European Data Protection Board website: https://www.edpb.europa.eu.
Note: This document is provided for informational purposes and should be reviewed by qualified legal counsel before relying on it for compliance purposes. If you have questions, contact us at legal@enablemate.ai.