Privacy Policy
Effective Date: March 3, 2026
1. Introduction
ZEVEN AG ("ZEVEN", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and protect information when you use our website, mobile application or any related services (the "Services").
We comply with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU and UK General Data Protection Regulation (GDPR/UK GDPR).
Contact:
ZEVEN AG
Grafenauweg 8, 6300 Zug, Switzerland
Email: privacy@zeven.ai
2. Data We Collect
2.1 Information You Provide
When you use our Services, you may provide:
- Account information (name, email, login credentials)
- Profile details and preferences
- Training activities, notes, and files you upload
- Communications with us
2.2 Newsletter and Sign-Up Data
When you sign up for our newsletter or early access, we collect:
- Name and email address
- Sport and country
- Marketing communication preferences
This data is stored securely on Amazon Web Services (AWS) infrastructure.
2.3 Chat and AI Interactions
Our website features an AI-powered chat for product demonstration purposes. When you use the chat, your messages are sent to OpenAI, Inc. for processing. We retain only the last five messages per session to generate responses. Chat messages are not stored persistently after your session ends.
2.4 Data from Connected Services
If you connect third-party fitness platforms or devices, we may receive activity and performance data you authorize us to access. You control these connections and can disconnect them at any time through your account settings.
Connections to third-party fitness platforms and wearable devices are facilitated through Terra (Terra Enabling Developers Ltd.), which acts as our data integration provider enabling connections to external fitness platforms and devices. For more information on how Terra handles your data, please refer to Terra's End User Privacy Policy.
2.5 Technical Data
We automatically collect limited technical information necessary for our Services to function, including IP address, browser type, device information, and usage data. Your approximate location (country) is determined via server headers to apply the appropriate cookie consent settings for your region.
2.6 Health and Fitness Data
Through connected devices and uploaded activities, we may process health-related data such as heart rate, training metrics, and performance indicators. This constitutes special category data under applicable law and is processed based on your explicit consent for providing personalized performance and coaching insights.
3. How We Use Your Data
We use your data to:
- Provide and improve our Services
- Process AI chat interactions for product demonstration
- Send marketing communications (with your consent)
- Analyze website usage to improve our platform
- Communicate with you about your account and our Services
- Ensure security and prevent misuse
- Comply with legal obligations
Legal Basis:
- Contract performance (to provide Services)
- Legitimate interests (to improve and secure our platform)
- Consent (for marketing communications, analytics cookies, AI chat, and special category health data)
- Legal obligations
4. Data Sharing
We do not sell your personal data.
We share data only with:
- Amazon Web Services (AWS) — hosting, email delivery (SES), and database services for our platform infrastructure
- Google LLC — website analytics (Google Analytics 4) and tag management (Google Tag Manager)
- Contentsquare (Hotjar) — session analytics and heatmaps to understand user interactions
- OpenAI, Inc. — AI chat processing for product demonstration
- Terra Enabling Developers Ltd. — integration provider enabling us to connect to wearable devices and third-party fitness platforms and receive activity and health-related data you authorize us to access.
- Connected platforms (e.g. Garmin, Wahoo) you choose to integrate with via Terra.
- Legal authorities when required by law
All service providers are contractually obligated to protect your data and use it only as instructed. Analytics services are loaded only after you provide consent (in the EU and Switzerland) or until you opt out (in other regions).
5. International Data Transfers
Our primary infrastructure is hosted on AWS in the EU (Frankfurt). However, some data may be transferred to the United States through our service providers:
- Google LLC and Contentsquare (Hotjar) — analytics data, on the basis of EU Standard Contractual Clauses (SCCs)
- OpenAI, Inc. — chat messages for AI processing, on the basis of SCCs
- Terra Enabling Developers Ltd. — wearable and fitness device integration. Terra is based in the United Kingdom, which benefits from adequacy decisions under EU and Swiss data protection law. Where Terra transfers data outside these jurisdictions, appropriate safeguards such as Standard Contractual Clauses are applied.
Where we transfer data outside Switzerland or the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are in place.
6. Data Retention
We retain your data only as long as necessary:
- Active account data while your account exists
- Deleted account data for 30 days (for recovery)
- Newsletter and sign-up data while your subscription is active and for 30 days after you unsubscribe
- Chat messages are not stored persistently — only kept in your browser session
- Analytics data as configured by the respective providers (Google Analytics: up to 14 months; Hotjar: up to 365 days)
- Legal and financial records as required by law (typically up to 7 years)
- Cookie consent preferences for 182 days
- Health data processed through Terra is transmitted to our platform and retained by Terra only for the time necessary to facilitate data transfer and processing, after which it is deleted in accordance with Terra's retention policies.
After these periods, data is deleted or anonymized.
7. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data
- Export your data in a portable format
- Withdraw consent
- Object to processing based on legitimate interests
- Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority
To exercise your rights: Contact us at privacy@zeven.ai or use your account privacy settings at zeven.ai/account/privacy.
8. Security
We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and secure hosting. While we use industry-standard security practices, no system is completely secure.
9. Cookies and Tracking
9.1 Cookie Consent
We use a cookie consent tool to let you manage your preferences. When you visit our website, you can accept or decline non-essential cookies. In the EU and Switzerland, analytics cookies require your explicit opt-in consent. In other regions, analytics cookies are active by default but you can opt out at any time.
You can change your preferences at any time by clicking "Privacy Choices" in the website footer.
9.2 Necessary Cookies
These cookies are required for the website to function and cannot be disabled:
| Cookie | Provider | Purpose | Expiry |
|---|---|---|---|
cc_cookie | ZEVEN AG | Stores your cookie consent preferences | 182 days |
9.3 Analytics Cookies
These cookies are set only with your consent (EU/Switzerland) or until you opt out (other regions):
Google Analytics 4 (Google LLC):
| Cookie | Purpose | Expiry |
|---|---|---|
_ga | Distinguishes unique visitors | 2 years |
_ga_* | Persists session state across page loads | 2 years |
_gid | Identifies visitors within a 24-hour window | 24 hours |
_gcl_* | Stores conversion and click information | 90 days |
GA4 anonymizes IP addresses by default.
Hotjar (Contentsquare):
| Cookie | Purpose | Expiry |
|---|---|---|
_hjSessionUser_* | Assigns a unique user ID across sessions | 1 year |
_hjSession_* | Stores current session data | 30 minutes |
_hjAbsoluteSessionInProgress | Detects first page view of a session | 30 minutes |
_hjIncludedInSessionSample_* | Determines session recording inclusion | 30 minutes |
Hotjar may also use Local Storage and Session Storage for UI state such as dismissed surveys and feedback widgets. Hotjar suppresses keystroke data in form fields.
Data from Google Analytics and Hotjar may be transferred to servers in the United States on the basis of EU Standard Contractual Clauses (SCCs).
9.5 Local and Session Storage
We use browser storage for functional purposes only:
| Key | Type | Purpose |
|---|---|---|
hp-anim | Session Storage | Remembers if the homepage animation has played |
banner-dismissed | Session Storage | Remembers if you dismissed the announcement banner |
These values are not used for tracking and are cleared when you close your browser tab.
10. Children's Privacy
Our Services are not intended for individuals under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately.
11. Updates to This Policy
We may update this Policy as our Services evolve. Material changes will be communicated by email or in-app notification at least 30 days before taking effect.
The latest version is always available at: zeven.ai/legal/privacy
12. Contact Us
For questions or requests regarding this Privacy Policy:
ZEVEN AG
Grafenauweg 8, 6300 Zug, Switzerland
Email: privacy@zeven.ai
Version: 1.1
Last Updated: March 3, 2026