PRIVACY POLICY
Last Updated: May 16, 2026
Enimerai is operated by a Swiss-based solo developer in Lausanne, Switzerland. This Privacy Policy explains how Enimerai (“we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you use our mobile application and related services (the “Service”). We are the data controller for the personal data described below. We are committed to protecting your privacy and ensuring transparency in how we handle data, particularly in the context of Artificial Intelligence (AI) and automated data processing.
This Policy is designed to comply with the Swiss revised Federal Act on Data Protection (revFADP), the EU General Data Protection Regulation (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 where they apply, and equivalent regimes. References to “GDPR” in this Policy should be read as including the UK GDPR for users in the United Kingdom.
BY ACCESSING OR USING THE SERVICE, YOU CONSENT TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS POLICY.
1. INFORMATION WE COLLECT
We collect information that you provide directly to us, information we collect automatically when you use the Service, and information from third-party sources.
1.1 Information You Provide
- Account Data: When you register via Firebase (Email or Google), we collect your name, email address, and authentication identifiers.
- User Inputs (Prompts): We collect the natural-language text, alerts, and queries you input into the Service.
- Preferences: We collect your alert settings, notification preferences, and watched topics.
- Communications: If you contact support, we collect the content of your message and any attachments.
1.2 Information Collected Automatically
- Usage Data: We collect service activity needed to operate the app, such as alert creation, notification delivery, and feedback on notification quality.
- Device & Connection Information: We collect your IP address (exposed by network requests), device type (e.g., Android model), operating system version, and unique installation identifiers issued by Firebase (such as the Firebase Installation ID and Firebase Cloud Messaging token used to deliver push notifications).
- Crash Diagnostics: When the app crashes, we collect diagnostic information through Firebase Crashlytics, including the crash stack trace, device model, operating system version, app version, app state at the time of the crash, and the Firebase Installation ID. We do not include the content of your alerts or prompts in crash reports. You can turn off crash reporting at any time in the app’s Settings.
- Local Storage: We use local storage on your device to maintain your session and store local preferences.
We do not use Firebase Analytics or any other behavioural analytics SDK. Firebase Analytics collection is disabled in the application manifest.
1.3 Information from Third-Party Sources
- Financial, Weather, and News Data: We ingest public data from providers like Finnhub, Open-Meteo, and Exa to evaluate alert conditions. We do not use this data or your feedback to build advertising or behavioral profiles.
2. HOW WE USE YOUR INFORMATION
We process your data for the following purposes and lawful bases:
| Purpose | Lawful basis (GDPR Art. 6) |
|---|---|
| Creating your account and delivering the Service (alerts, summaries, notifications) | Performance of a contract with you (Art. 6(1)(b)) |
| Transmitting your inputs to Large Language Models to generate insights | Performance of the contract |
| Security, fraud prevention, abuse monitoring | Our legitimate interests in protecting the Service (Art. 6(1)(f)) |
| Crash reporting (Firebase Crashlytics) to diagnose and fix application crashes | Our legitimate interests in service reliability (Art. 6(1)(f)); you may opt out in Settings at any time |
| Customer support and responding to your inquiries | Performance of the contract / legitimate interests |
You may object to processing based on legitimate interests at any time by contacting us (see Section 11).
3. ARTIFICIAL INTELLIGENCE & DATA PROCESSING
3.1 Third-Party AI Providers
Your User Inputs are processed by third-party AI providers, primarily Google (Gemini API) and Exa Labs.
- Training Disclosure: We use the paid Gemini API tier under Google’s Data Processing Addendum. Under that agreement, your User Inputs are not used by Google to train its foundation models. We do not route user data through free or experimental tiers that would permit training use.
- Automated Processing. The Service uses AI to filter and summarize public news and data. This processing does not produce legal or similarly significant effects on you within the meaning of GDPR Article 22, and no rights under that article are engaged.
3.2 Sensitive Information Warning
Do not enter sensitive data. Your prompts are transmitted to third-party AI providers. Because of the nature of AI processing, we cannot guarantee that specific facts contained in a prompt can later be selectively “forgotten” from a model’s working context within a session. You agree not to input personal identifiers of third parties, trade secrets, material non-public information, health information, or any data you are legally or contractually required to keep confidential. You bear sole responsibility for any such data you choose to submit.
3.3 Service Reliability and Use Limits
Enimerai is an informational monitoring tool. AI-generated summaries, extracted facts, and notifications may be inaccurate, incomplete, misleading, or delayed. You should independently verify important information before relying on it. The Service is not financial, investment, legal, medical, tax, compliance, or other professional advice, and it is not designed for emergency, life-safety, or time-critical warnings.
4. SHARING YOUR INFORMATION
We do not sell your personal information and we do not share it for cross-context behavioral advertising. We share your data only in the following circumstances:
- With Service Providers (Processors): Including Google Cloud (hosting), Firebase (authentication, push messaging, and Crashlytics crash reporting), Google Gemini API (AI processing), Exa Labs (search), and Finnhub (finance data). These providers act on our instructions under contractual data-processing terms.
- For Legal Reasons: If required by law, subpoena, or to protect the rights and safety of Enimerai or our users.
- Business Transfers: In connection with a merger, sale of assets, or acquisition.
4.1 International Data Transfers
Your personal data is processed by service providers that operate outside Switzerland and the European Economic Area, including in the United States. This includes our hosting and authentication providers (Google Cloud, Firebase, Google Cloud Storage), our AI provider (Google Gemini API), and our search provider (Exa Labs). The country in which your data is processed will depend on the region in which each provider operates the relevant service.
The United States and certain other destination countries do not have data-protection laws equivalent to those of Switzerland, the EEA, or the United Kingdom. Where required by law, such transfers are protected by appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement or the UK Addendum to the SCCs issued by the UK Information Commissioner’s Office, the Swiss-equivalent transfer mechanism issued by the Swiss Federal Data Protection and Information Commissioner (FDPIC), and — where the recipient is certified — the EU-US Data Privacy Framework together with its UK Extension and Swiss extension. Google LLC and its affiliates that operate Google Cloud, Firebase, and the Gemini API are certified under the EU-US Data Privacy Framework, including its UK Extension.
By using the Service, you understand that your personal data may be transferred to, stored, and processed in these countries. You may request information about the safeguards applied by contacting us at the address in Section 11.
5. DATA RETENTION AND DELETION
We retain personal data only as long as needed for the purposes set out in Section 2.
- Account data and alerts: Retained while your account is active.
- Inactive accounts: Accounts inactive for twenty-four (24) consecutive months may be deleted.
- Prompts: We do not retain copies of your prompts beyond the operational lifetime of the request, except prompts that you explicitly attach to notification-quality feedback. Those are retained to improve alert matching and are reviewed approximately every thirty (30) days to remove content that appears to contain personal data.
- Logs and diagnostics: Retained for up to thirty (30) days, then deleted or anonymized.
- Account deletion on request: You may delete your account from the app settings or by contacting us. Personal data tied to your account is deleted within thirty (30) days of the request, except where we are legally required to retain it (e.g., billing records). Backup copies are overwritten in the normal course of our backup rotation.
- Aggregated, non-identifying statistics: May be retained indefinitely as they are not personal data.
6. YOUR RIGHTS
Subject to applicable law, you may have the following rights with respect to your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct factual personal data that is inaccurate.
- Erasure — ask us to delete your personal data, subject to legal exceptions.
- Restriction — ask us to limit how we process your data in certain cases.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Objection — object to processing based on our legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint — you may lodge a complaint with a data protection supervisory authority. For Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch). EU residents may complain to their national authority. UK residents may complain to the Information Commissioner’s Office (ICO, ico.org.uk).
To exercise these rights, please contact us at the email in Section 11. We will respond within the time periods required by applicable law (typically one month under GDPR and revFADP). We do not discriminate against users for exercising their rights.
6.1 California Residents
This Section 6.1 applies to California residents and is intended to provide notice under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, “CCPA”), if and to the extent the CCPA applies to Enimerai. Even if Enimerai does not currently meet all statutory thresholds for a covered “business,” we provide the following disclosures as a privacy-protective measure.
Categories of Personal Information
In the past twelve (12) months, we have collected and disclosed the following categories of personal information for the business purposes described in this Policy:
| CCPA category | Examples we may collect | Sources | Business purposes | Disclosed to |
|---|---|---|---|---|
| Identifiers | Name, email address, Firebase user ID, authentication identifiers, IP address, device identifiers, Firebase Cloud Messaging token | You, your device, Firebase/Google sign-in | Account creation, authentication, notifications, security, support | Hosting, authentication, notification, security, and support service providers |
| Customer records information | Account profile details and contact information you provide | You, Firebase authentication | Account administration, support, legal compliance | Hosting, authentication, and support service providers |
| Internet or electronic network activity | App activity, alert creation and delivery events, notification feedback, crash reports (when crash reporting is enabled) | Your device, our app, Firebase SDKs | Operating the Service, abuse prevention, service reliability, product improvement | Hosting, crash reporting (Firebase Crashlytics), and security service providers |
| Commercial information | Subscription tier, purchase status, billing status, and related transaction metadata, if paid features are used | You, app stores, payment processors | Billing, subscription management, fraud prevention, accounting | App stores, payment processors, hosting, and accounting/support providers |
| User content and inferences | Alerts, watched topics, prompts, AI-generated summaries, feedback, and inferred alert-matching preferences | You, the Service, AI processing providers | Providing alerts, generating summaries, improving alert quality, support | Hosting, AI processing, search, and data providers |
| Approximate location | Approximate location inferred from IP address or device/network information | Your device, service providers | Security, abuse prevention, regional compliance, diagnostics | Hosting, analytics, crash reporting, and security service providers |
| Sensitive personal information | Account login credentials handled by Firebase; any sensitive content you choose to include in prompts despite our prohibition | You, Firebase authentication | Authentication, security, and providing the Service | Authentication, hosting, AI processing, and security service providers as needed |
We do not intentionally collect precise geolocation, biometric identifiers, government identifiers, health information, or information about race, religion, sexual orientation, union membership, or citizenship status. You must not include sensitive personal information in prompts or alerts.
Sale, Sharing, and Advertising
We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of children under 16. Because we do not sell or share personal information, we do not provide a “Do Not Sell or Share My Personal Information” link. If this changes, we will update this Policy and provide the required opt-out mechanism.
We do not use or disclose sensitive personal information for purposes other than those reasonably necessary to provide the Service, maintain account security, prevent abuse, comply with law, or other purposes permitted by the CCPA. We do not use sensitive personal information to infer characteristics about you.
California Privacy Rights
Subject to applicable law and verification, California residents may request to:
- Know/Access: Request the categories and specific pieces of personal information we collected about you, the categories of sources, the purposes of collection, and the categories of third parties to whom we disclose information.
- Delete: Request deletion of personal information we collected from you, subject to legal exceptions.
- Correct: Request correction of inaccurate personal information.
- Opt Out: Opt out of sale or sharing of personal information. We do not currently sell or share personal information.
- Limit Sensitive Personal Information: Limit certain uses of sensitive personal information. We do not use sensitive personal information for purposes that require a separate limitation right.
- Non-Discrimination: We will not discriminate against you for exercising privacy rights, including by denying service, charging a different price, or providing a different quality of service, except where permitted by law and reasonably related to the value or functionality of the data.
We do not offer financial incentives or loyalty programs in exchange for personal information.
Verification and Authorized Agents
To exercise California privacy rights, contact us using the details in Section 11. We may need to verify your identity before fulfilling a request, for example by asking you to contact us from the email address associated with your Enimerai account or by confirming account-specific information. Information collected for verification will be used only to verify and respond to your request.
You may use an authorized agent to submit a request on your behalf. We may require the agent to provide proof of written authorization and may require you to verify your identity directly with us or confirm that you authorized the request, unless the agent has a valid power of attorney or other legal authority under applicable law.
We aim to respond to verified California privacy requests within forty-five (45) days, or within any longer period permitted by law after notice to you.
7. HARDWARE & PERFORMANCE DISCLOSURES
- Background activity: The app performs background activity (including push-notification handling and periodic fetches) to keep your alerts updated. This activity may consume device battery and mobile data.
- Data costs: Monitoring public data feeds and receiving notifications may consume cellular data. We recommend connecting to Wi-Fi for extended use. We are not responsible for any cellular data costs you incur.
8. SECURITY
We implement industry-standard security measures, including encryption at rest and in transit. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. CHILDREN’S PRIVACY
The Service is not directed to, and is not intended for use by, persons under the age of 18. We do not knowingly collect personal information from persons under 18. If we learn that we have collected such data, we will delete it.
10. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last Updated” date.
11. CONTACT US
If you have any questions or concerns about this Privacy Policy or our data practices, or to exercise any of your rights, please contact us at:
Enimerai Email: support@enimerai.com Postal address: [Case postale to be added — La Poste, Lausanne, Switzerland]
Enimerai is operated by a Swiss-based solo developer in Lausanne, Switzerland. We are the data controller for the personal data described in this Policy.