Last updated: July 2026
aidX AG, Bachtelstrasse 57, 8330 Pfäffikon ZH, Switzerland. Email: privacy@aidx.ch
Before any clinical content is transmitted, a pseudonymisation process runs automatically in your browser: names, locations, dates and other personal identifiers are detected and replaced with neutral placeholders — so that patient data never reaches our servers or the AI in identifiable form. All clinical content is then encrypted client-side with keys derived from your device. Our servers cannot access the plaintext content of your sessions.
Payments are processed by Stripe, Inc. (stripe.com), a PCI DSS Level 1 certified payment service provider. When you subscribe, Stripe collects and processes your payment information under their own Privacy Policy (stripe.com/privacy). We receive only subscription status from Stripe — no full payment details are stored on our servers. aidX AG acts as the contracting party for your subscription.
AI processing runs on our own infrastructure in Switzerland and on a small number of vetted sub-processors bound by data-processing agreements: clinical transcription is performed in Switzerland (Infomaniak), and clinical text analysis on Google Cloud Vertex AI within the European Union. Because clinical content is pseudonymised in your browser before it leaves your device (see Zero-Knowledge Encryption Policy), directly identifying patient data is not transmitted to these providers. Your content is not used to train third-party AI models.
Core infrastructure, databases and stored transcripts are hosted by Infomaniak Network SA in Switzerland. Some clinical text analysis is processed transiently on Google Cloud Vertex AI within the European Union (EU data region); no clinical data is stored outside Switzerland.
If you connect a Zoom account, we access only what is needed to record and transcribe meetings you host. During a live session we receive the meeting audio via Zoom Real-Time Media Streams (RTMS), after the host has started the session and Zoom has shown its data-sharing notice to participants; this audio is relayed only in memory, converted to text, and never stored as raw audio — only the encrypted transcript is retained. Meeting metadata (such as the meeting identifier and join URL) is used solely to set up and join the session. Your Zoom OAuth tokens are stored encrypted, are never exposed to your browser, and are revoked and deleted immediately when you disconnect Zoom. We only ever act on meetings created, started or hosted by your own account. Zoom's own processing of your data is governed by Zoom's privacy policy.
We rely on a small number of vetted sub-processors, each bound by a data-processing agreement, and only where they actually receive personal data:
You have the right to:
To exercise your rights: privacy@aidx.ch
We use only technically necessary cookies for session management. No tracking or advertising cookies.
We implement ISO 27001-aligned security practices including client-side encryption, encryption in transit and at rest, access controls, and regular security reviews.
We will notify you of material changes via email or in-app notice.
aidX AG · Bachtelstrasse 57 · 8330 Pfäffikon ZH privacy@aidx.ch