Privacy Policy

This Privacy Policy explains how BIGTIME Productions GmbH, Switzerland (“we”, “us”) processes personal data in connection with Pasto AI, including our website www.pastoai.com and mobile applications.

We comply with the Swiss Federal Data Protection Act (revDSG), the EU GDPR, and applicable international laws (e.g., CCPA/CPRA in the US).

1. Controller
BIGTIME Productions GmbH Aeneas Silvius-Strasse 21 4059 Basel, Switzerland
E-Mail: pastoai@pastoai.com

2. Data We Collect
We collect the following types of data to provide our services:
Basic data: Name and email address (when signing up or contacting support).
Device data: IP address, operating system, device type, and language.
Usage data: App interactions, crash logs, and session duration.
Transaction data: Payments via Stripe (we do not store card details).
Cookies/Tracking (Website): For functionality, analytics, and security.
AI Usage Data: User inputs, prompts, uploaded files, and chat history for the purpose of improving our AI models. This data is used in an anonymized and aggregated form whenever possible.

3. Purposes of Data Processing
We use your data for the following purposes:
To provide and operate the app and website: To give you access to our services.
To improve and develop our AI models: Your usage data, especially your interactions with the AI, is used to train and refine our algorithms. This is crucial for improving the performance of Pasto AI and developing new features.
To process payments and fulfill contracts: To handle payments through our payment service provider, Stripe.
To analyze and improve services: To understand how you use the app to optimize the user experience.
For security and abuse prevention: To protect our services and users from fraudulent or harmful activities.
To communicate with users: To respond to support requests, send updates, and newsletters (with your consent).

4. Third-Party Providers and Data Sharing
We collaborate with selected third-party providers. Data is only shared to the extent necessary to provide our services.
Firebase (Google LLC, US/Ireland): We use Firebase for authentication, realtime databases, analytics, push notifications, and crash reporting (Crashlytics). Firebase collects data on our behalf, such as device IDs, app usage, app-level location data, and crash logs, to monitor and improve our app's performance.
Stripe (Stripe Inc., US/EU): Stripe is our payment service provider. To process transactions, Stripe processes your payment data and also collects information like your IP address, device information, and location to detect and prevent fraud.
Hostpoint (CH): Hostpoint is our website hosting provider and acts as our data processor in this context. Personal data you submit via the website is stored on Hostpoint's servers in Switzerland.
Sharing of AI Usage Data: We may share your anonymized AI usage data (such as prompts or inputs) with our partners who provide us with the AI models to improve the models.

5. Legal Bases
We process your data based on the following legal grounds:
Switzerland (revDSG): Consent, performance of a contract, and legitimate interest.
EU (GDPR): Art. 6(1)(a) consent, Art. 6(1)(b) performance of a contract, and Art. 6(1)(f) legitimate interest.
USA (CCPA/CPRA): Your rights to access, delete, and opt out of the sale or sharing of your data.

6. International Data Transfers
Your data may be transferred to countries outside Switzerland or the EU, in particular to the US. To protect your data, we use the following safeguards:
Standard Contractual Clauses (SCCs): With our partners who are located outside the EU/Switzerland.
Adequacy Decisions: Switzerland has recognized the adequacy of the Swiss-U.S. Data Privacy Framework. U.S. companies that participate in this framework are considered safe recipients.

7. Your User Rights
You have the right to:
Request access, correction, and deletion of your personal data.
Request the restriction of processing or to object to it.
Receive your data in a machine-readable format (data portability).
Withdraw your consent at any time.
File a complaint with a supervisory authority.
For California Users (CCPA/CPRA): You have the right to opt out of the "sale" or "sharing" of your personal information to third parties. We provide a clear and conspicuous link titled "Do Not Sell or Share My Personal Information" on our website and within the app.
You can exercise your rights by contacting us at pastoai@pastoai.com.

8. Data Retention
We keep personal data only as long as necessary for the purposes for which it was collected or to comply with legal obligations.

9. Security
We protect your data with technical and organizational measures such as TLS encryption, restricted access, and data minimization.

10. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected such data, we will delete it immediately.

11. Changes to this Policy
We may update this policy to reflect changes in our data practices. The latest version is always available at www.pastoai.com/privacypolicy.