Privacy Policy

1. Introduction and Data Controller

Zelly Sàrl, with its registered office in Lausanne (Switzerland), provides a personal-assistant service based on artificial intelligence, delivered via messaging platforms. This policy describes the personal data we process, why, with which providers, and what your rights are.

Data controller

Zelly Sàrl is the controller for the processing of your data. Full contact details: see the legal notice. Contact: social@zellyapp.me.

Representative in the European Union

For users residing in the EU/EEA, our representative within the meaning of Art. 27 GDPR is: [EU REPRESENTATIVE — to be designated before the commercial launch in the EU].

Technical status (Privacy by Design)

In accordance with the principle of data protection by design, each assistant runs in an isolated environment with a persistent volume dedicated to the Client, the content of which is not viewed, extracted or exploited by the Company. The processing described below (backups, long-term memory, notifications) is carried out in an automated manner, without human review of the content.

2. Data We Process

We limit collection to the data necessary for the Service:

• Account data: e-mail address and technical identifiers (via our authentication provider Supabase), language and notification preferences.
• Billing data: payment information and transaction history managed by Stripe. Zelly Sàrl does not store any bank details.
• Telegram data:the Client's numeric Telegram identifier (to reserve the assistant for its owner only), the identifier and username of the associated Telegram bot and, where the Client uses our Telegram mini-app, the initialisation data transmitted by Telegram (user identifier, language) as well as temporary single-use linking tokens.
• Infrastructure data: system logs related to deployment, environment status (healthchecks) and resource-usage metadata (usage volumes, without content).
• Integrations data (Skills): when you activate a Skill (for example Gmail), we keep the opaque connection identifier provided by our integrations orchestrator, the connection status (pending, active, expired, revoked) and the associated timestamps, as well as an audit log of each action triggered by your assistant: Skill name, action name, status, latency and timestamp. The content of the actions (e-mail text, calendar events, etc.) is never recorded. Where a Skill requires a personal access key (API key), it is transmitted directly to the orchestrator and is not stored by Zelly Sàrl.
• Connected-app notifications (watch): if you enable notifications for a connected app (for example being notified of a new e-mail or comment), we keep your activation choice and, for deduplication purposes, the technical identifiers of events already notified (without content). The content of the notification transits to Telegram without being stored by Zelly Sàrl.
• Long-term memory: where activated, lasting information extracted from your conversations (preferences, context, habits) is kept in a memory store dedicated to your assistant, isolated per account, encrypted at rest and hosted on our infrastructure (Fly.io). See section 3.
• Memory backups:backups of your assistant's workspace (memory and configuration files), encrypted at rest, are made periodically and kept for a maximum of ninety (90) days, for restoration purposes.

Note on conversation content:your conversations and files reside in your assistant's dedicated environment. Zelly Sàrl does not view, extract or exploit them for its own purposes; they are never used to train artificial-intelligence models. To generate the answers, messages transit through the interfaces of the AI-model providers (section 5); to reduce costs and latency, part of the conversation context may be temporarily cached by the model provider (Google) for a period in the order of ten (10) minutes, then deleted automatically.

3. Long-Term Memory

The long-term memory enables your assistant to remember lasting information you entrust to it, beyond the current conversation. How it works:

• lasting factual elements are automatically extracted from your conversations and kept in a memory store dedicated to your assistant (isolation per account, encryption at rest, hosting on our infrastructure);
• depending on what you entrust to your assistant, these elements may include information falling within sensitive categories (for example health information or beliefs). For this reason, for users residing in the EU/EEA, the activation of the long-term memory is based on your explicit consent, freely revocable at any time;
• you may at any time request the deactivation of the long-term memory and the erasure of your assistant's memories (via your assistant or by e-mail to our contact address);
• the memory store is permanently deleted when the account is deleted.

4. Purposes and Legal Bases

Your data is processed for:

• Contract performance(basis: contract — Art. 6 para. 1 lit. b GDPR for EU/EEA users): provisioning and maintaining your assistant's environment, billing, authentication, the assistant's answers, performing Actions on your connected services on your instruction, notifications you have enabled.
• Maintenance and security (basis: legitimate interest — Art. 6 para. 1 lit. f GDPR): technical monitoring (healthchecks), automatically restarting a healthy environment from the persistent volume in the event of an anomaly, backups, the Skills audit log, abuse prevention. Zelly Sàrl does not actively view content; any technical access by the hosting provider is governed by its own privacy policy.
• Long-term memory (basis for EU/EEA users: explicit consent — Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR): lasting personalisation of your assistant, as described in section 3.
• Business administration (basis: contract and legal obligations): billing, accounting, customer support related to service access, transactional communications.

We do not sell your data and do not use it for advertising purposes. No decision producing legal effects concerning you is made in a solely automated manner.

5. Processors and International Transfers

The Service relies on the following providers. The destination countries of the data are indicated for each:

• Infrastructure & hosting: Fly.io Inc. (USA — assistant environments, long-term memory; execution regions mainly in Europe), Supabase Inc. (USA/EU — database, authentication, backup storage), Vercel Inc. (USA — web application and technical proxy).
• Payments: Stripe, Inc. (USA).
• Artificial-intelligence models:Google LLC (USA) and Anthropic PBC (USA) — processing of messages to generate the assistant's answers, including the temporary caching described in section 2.
• Transactional e-mails: Resend, Inc. (USA).
• Skills orchestration: Sampark Inc. (Composio, USA) — authentication bridge between your assistant and the third-party services you connect.
• Communication channels: Telegram FZ-LLC (United Arab Emirates); WhatsApp/Meta Platforms Inc. (USA) planned in a future evolution of the Service.

Transfer safeguards

The United States is listed in Annex 1 of the Swiss Data Protection Ordinance (DPO) as a country providing an adequate level of protection where the receiving entity is certified under the Swiss-U.S. Data Privacy Framework (DPF). Currently certified under the Swiss-U.S. DPF (and its EU equivalent): Stripe, Google, Vercel and Fly.io. For US providers not certified under the Swiss leg of the DPF (Anthropic, Supabase, Resend, Sampark/Composio), and as an additional safeguard for all providers, transfers are governed by Standard Contractual Clauses (SCCs) recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the European Commission, provided for in the respective data-processing agreements. Transfers to Telegram FZ-LLC (United Arab Emirates, a country without an adequacy decision) are necessary for the performance of the contract: delivering the assistant via Telegram is the very object of the Service (Art. 17 para. 1 lit. a Swiss FADP; Art. 49 para. 1 lit. b GDPR).

Sub-processors

Each of these providers itself uses technical sub-processors (for example underlying cloud providers). The list of Sampark/Composio sub-processors can be consulted on their trust portal trust.composio.dev. By activating a Skill, the Client accepts this processing chain.

6. Third-Party Services

The Client interacts directly with third-party services (AI models and messaging), which are subject to their own privacy policies (Google, Anthropic, Telegram, Meta). Zelly Sàrl is not responsible for their own processing practices.

Skills (third-party integrations)

When the Client activates a Skill (for example Gmail), they expressly authorise, via the authentication mechanism of the provider concerned, their assistant to act on that service on their behalf. The content accessible through this authorisation (e-mails, events, files, etc.) remains hosted by the third-party provider; Zelly Sàrl neither stores nor copies it. The Client acknowledges that:

• they warrant that they only activate a Skill for accounts belonging to them or for which they have valid authorisation;
• the Actions performed by their assistant on their connected services are deemed to have been carried out by the Client themselves and engage their own responsibility towards the third-party provider and recipients;
• the third-party provider may at any time suspend, restrict or revoke access; Zelly Sàrl cannot be held liable for such a decision.

The Client may revoke a Skill at any time from the Skills page of their account. The revocation is propagated to the provider within a maximum of twenty-four (24) hours by our daily verification task.

7. Retention Periods

• Active account: account and billing data are kept for the duration of the contract.
• Dormant state (30 days):in the event of termination or non-payment, the assistant's environment (including the persistent volume and the long-term memory) and the associated account data are kept for thirty (30) days, then irreversibly deleted.
• Active Skills: connection records (opaque identifier, status, timestamps) are kept for as long as the Skill remains active. Revocation results in the deletion of the record and the corresponding revocation with the integrations orchestrator.
• Skills audit log: the metadata of performed actions (without content) is kept for twelve (12) months, then deleted automatically.
• Notifications (watch): the technical deduplication identifiers of notified events (without content) are kept for a maximum of twelve (12) months, then deleted automatically.
• Memory backups: a maximum of ninety (90) rolling days.
• Conversation cache (model provider): in the order of ten (10) minutes, deleted automatically.
• Accounting exception: billing data (name, address, amounts) is subject to the statutory accounting retention obligation of ten (10) years under art. 958f of the Swiss Code of Obligations. This retention is limited to strict accounting data and does not extend to content.

8. Security and Data Breaches

We implement appropriate technical and organisational measures: per-account environment isolation, encryption in transit and at rest, strict access control, two-factor authentication for administrative access, logging. In the event of a data-security breach likely to result in a risk to your rights, we notify the Swiss Federal Commissioner (FDPIC) in accordance with art. 24 Swiss FADP and, for EU/EEA users, the competent supervisory authority within the deadlines of Art. 33 GDPR (72 hours), as well as the persons concerned where the law so requires.

9. Your Rights

In accordance with the Swiss FADP and, for users residing in the EU/EEA, the GDPR, you have the following rights:

• Right of access and rectification of your data.
• Right to erasure of your data and your assistant (self-service account deletion from the settings).
• Right to portability: the right to receive your data in a structured, machine-readable format (JSON), including your account data, the Skills records, the associated audit log and the memories of the long-term memory.
• Right to object and to restriction: the right to object to certain processing or to request its restriction.
• Right to withdraw your consent at any time, without affecting the lawfulness of prior processing (in particular for the long-term memory).
• Right to revoke Skills and notifications: at any time, without reasons and free of charge, from the dedicated pages of your account.
• Right to lodge a complaint: for EU/EEA users, with the supervisory authority of your state of residence; for Switzerland, with the FDPIC.

Exercising your rights: any request may be sent to social@zellyapp.me. We respond within a maximum of thirty (30) days.

10. Changes to This Policy

We may update this policy to reflect changes in the Service or in regulation. Any substantial change — in particular the addition of new processing purposes — is actively notified to you (by e-mail) before it takes effect. The current version is published on this page with its update date.