Privacy Policy

Last updated: June 2026 · TennoTenRyu Inh. Cesarano · CHE-272.196.618

1. Data Controller

TennoTenRyu Inh. Cesarano, Baarerstrasse 87, 6300 Zug, Switzerland (CHE-272.196.618) is the data controller for personal data processed via APEX Governance OS.

2. Data We Collect

Contact data: Email address, organisation name, sector.
AI system descriptions: Text descriptions of AI systems submitted for assessment. Processed to generate compliance outputs, not retained beyond 90 days without an active subscription.
Usage data: Assessment count and timestamps for service quality.
Payment data: Processed exclusively by Stripe. We do not store card details.

3. Legal Basis

Contract performance (Art. 6(1)(b) GDPR / nDSG §31): Delivering assessments.
Legitimate interests (Art. 6(1)(f) GDPR): Service improvement, fraud prevention.
Consent (Art. 6(1)(a) GDPR): Marketing communications via DOI only.

4. Data Retention

Assessment inputs and outputs retained for 90 days. Subscriber contact data retained for subscription period plus 24 months.

5. Third-Party Processors

Stripe: Payment processing
Resend: Transactional email
OpenAI / Anthropic / Google: AI inference (no training retention per DPA)

6. Your Rights

Access, correction, deletion, restriction, portability. Contact: info@cesaranogilbert.com