Skip to main content

Discover how Squirro's Generative Employee Agents empower 900 Client Advisors in Asset Management! Read Our Case Study

Data Protection

Protecting your privacy is important to us. This data protection declaration informs you about the type, scope and purpose of the collection and use of personal data in our product SquirroGPT and Squirro Insight Engine as well as its various applications as well as on our website (hereinafter “Squirro”) by Squirro AG (hereinafter “we” or “us”) and provides information about the rights to which you are entitled.

We collect and process your personal data carefully, only for the purposes described in this data protection declaration and only to the extent necessary and within the framework of the applicable legal regulations. We only retain your personal data to the extent and for as long as is necessary to provide our services or as required by law. In close cooperation with our hosting providers, we do everything we can to protect the databases from unauthorized access, loss, misuse or forgery.

This data protection declaration is particularly geared towards the EU General Data Protection Regulation (GDPR). Although the GDPR is a European Union regulation, it is important to us. The Swiss Data Protection Act (DSG) is heavily influenced by EU law, and companies outside the European Union or EEA must comply with the GDPR under certain circumstances.

The Person Responsible for Data Processing for Squirro and the Contact Person for Data Protection Concerns Is:

Squirro AG
Attn. Data Protection Officer>
Mühlebachstrasse 70
8008 Zurich

Purpose of Data Processing

We use the personal data we collect to provide our services. We process personal data to the extent permitted and deemed appropriate to us for the following purposes in which we have a legitimate interest corresponding to the purpose:

    • Warranties and further development of our offerings and other platforms;
    • Examination and optimization of procedures for needs analysis for the purpose of direct customer contact as well as collection of personal data from publicly accessible sources for the purpose of customer acquisition;
    • Advertising and marketing (including the organization of events), unless you have objected to the use of your data (if we send you advertising as an existing customer, you can object to this at any time and we will then put you on a blocking list against further advertising);

Data Collection in our Product and on our Website

    • Log files
      The product is hosted by third parties (host providers). These are mentioned in the order form / order placement.

    • In order to optimize and maintain our website, we log technical errors that may occur when accessing our website. Furthermore, when you use this website, information is automatically collected that the browser of your device transmits to our host provider. These are:

      • IP address and operating system of your device, browser type, version, language
      • Date and time of the server request, file accessed,
      • the website from which access was made (referrer URL), the status code (e.g. 404) and
      • the transmission protocol used (e.g. HTTP/2).
    • This data is collected and stored by our host provider in order to be able to optimize processes and procedures, particularly in connection with the use of our website and the security and stability of the computer system.


This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Contact Form

If you use our contact form, your details from the inquiry form will be processed by us to process the inquiry and in case of follow-up questions. We generally require the following information:

  • First and Last Name, Company
  • Email Address, Phone Number, Subject Message, Content

We use the data you provide to respond to your request. If the GDPR is applicable, the basis for this data processing is Art. 6 Para. 1 lit. f GDPR.


We use cookies in our product. Cookies are small files that are stored on your device and that your browser saves. Some of the cookies we use are automatically deleted when you leave our product/website. Other cookies remain stored on your device until you delete them or until they expire. These cookies make it possible to recognize your browser the next time you visit our website.
You can set your browser so that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or in general, or whether cookies are prevented completely. This may limit the functionality of the website.

Cookies that are necessary for the electronic communication process or functions you want or that optimize your user experience are stored – if the GDPR is applicable – on the basis of Art. 6 Para. 1 lit. f GDPR.


We offer a newsletter that you can subscribe to. If you register for the newsletter, we will collect at least your email address. Our external newsletter service provider may collect further data; We refer to its data protection declaration (see below).

We use your email address to send you the newsletter by email. If the GDPR is applicable, the basis for data processing is Art. 6 Para. 1 lit. f GDPR.

Newsletter analytics: We use an analysis service to measure the reach of our newsletter. What is measured is how often the newsletter is opened and which links the recipient follows. If the GDPR is applicable, the basis for data processing is Art. 6 Para. 1 lit. f GDPR.


When you open an account in our product/website, the information you enter is saved. We collect the following information:

  • First and Last Name, Company
  • Email Address, Address, Telephone Number

We use the data to provide you with the account. If the GDPR is applicable, the basis for this data processing is Article 6 Paragraph 1 lit b and f GDPR.

External Services

We use various third-party services in our product/on our website. Below we explain in detail what services these are, what we use them for and what data is collected.

External Services: Please go to for a constantly updated list.

If the GDPR is applicable, the basis for data processing is Article 6 Paragraph 1 lit a GDPR or Article 6 Paragraph 1 lit b GDPR or Article 6 Paragraph 1 lit f GDPR.


In our product/on our website you will find links to third-party sites. We are not responsible for the content and data protection measures on external websites that you can access via the links. Please find out more about data protection directly on the relevant websites.

Transfer of Data to Third Parties

So that we can offer you the information on our website, we work with various service providers, namely IT service providers, in order to be able to offer you a modern website. They only use your data as part of order processing for us.

With the exception of the provisions in Section 3.4 of this data protection declaration, we will only transfer data to locations outside Switzerland and the European Union (third country) without your consent if this is necessary according to the respective contract, to fulfil legal obligations or to protect our legitimate interests.

Duration of Storage

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or for other purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as in accordance with the legal retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidentiary and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized as far as possible. For operational data (e.g. system logs, logs), shorter retention periods of twelve months or less apply.

Compliance with Regulations

Squirro undertakes to promptly and properly respond to all reasonable requests from the customer relating to processing within the framework of applicable data protection laws. Squirro grants the customer the right to carry out an audit once every twelve months at his own expense with the aim of checking and complying with the regulations. The customer can carry out the audit himself or hire an independent auditor at his own expense.

Any review and request for information shall be limited to the information necessary for the purposes of this Privacy Policy and shall have due regard to Squirro’s confidentiality obligations and its legitimate interest in protecting trade secrets.

Squirro and the Customer will provide the information referred to in this clause, including the results of any audits, to the relevant supervisory authority upon request if and to the extent required by applicable data protection laws.

Reporting Personal Data Breaches

Squirro will inform authorities and those affected within 48 hours of discovering a data breach in accordance with the following provisions.

Squirro is obliged, in particular, to assist in obtaining information that must be provided in the notification of data protection violations in accordance with the applicable data protection laws (GDPR, or e.g. Article 24 Paragraph 2 DSG). Our notice will contain the information required by law, in particular details of a contact point from whom further information about the personal data breach can be obtained, a description of the nature of the breach (including, where possible, the categories and the approximate number of those affected individuals and data sets), their likely consequences and the measures that have been taken or will be taken to mitigate their possible adverse effects. If it is not possible to provide all information at the same time, the initial notice will include the information available at that time and further information will be provided without undue delay as it becomes available.

Squirro works in good faith with those affected and authorities and supports them in any way necessary, in particular to notify affected persons and to comply with obligations regarding data protection impact assessment.

Your Rights

Within the scope of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR or DSG), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing and other legitimate interests in processing and releasing certain personal data for the purpose of transferring it to another location (so-called data portability).

Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on it) or use it for the purposes of this need to assert claims. If you incur any costs, we will inform you in advance.

Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already contractually stipulated.

The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by providing a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 2.

Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (

Currentness and Changes to This Data Protection Declaration

We may change or adapt this privacy policy at any time. The current privacy policy can be accessed on ( )