Privacy Policy – Gjallarhorn Behavioral Observability Platform
Status: Live Last Updated: March 30, 2026 Jurisdiction: Swiss nDSG, GDPR (for EU customers)
1. Introduction and Controller
Gjallarhorn is an API-first behavioral observability and compliance audit platform designed for companies building AI automation tools. We process data in accordance with the Swiss Federal Data Protection Act (nDSG) and, for customers processing EU personal data, the EU General Data Protection Regulation (GDPR).
Data Controller:
- Name: Daniel Sidler
- Business form: Swiss Einzelunternehmen [or GmbH if applicable]
- Address: Parkweg 11, 5000 Aarau, Canton of Aargau, Switzerland
- Legal entity: Daniel Sidler (trading as Gjallarhorn)
- Email (Data Protection Contact): support@gjallarhorn.watch
2. What Data We Collect
Gjallarhorn processes the following data categories:
2.1 API Usage and Agent Telemetry
When you use Gjallarhorn to monitor your AI agents, we collect:
- Agent behavioral logs: decisions made, actions executed, instruction sets, timing patterns, error states
- Content transiting the API: Depending on your agent's function, this may include text, structured data, or references to external resources
- Metadata: Request timestamps, API endpoint called, response status, latency measurements
- Authentication tokens: For session management and audit trails
Nature: Primarily technical/operational data. May include personal data if your agents process data about natural persons (e.g., an email-processing agent handling recipient addresses, names, or identifiable information).
2.2 Account and Registration Data
- Name and email address
- Company name and sector (if registered)
- Billing address (for paid tiers)
- Phone number (optional, for enterprise support)
2.3 Billing and Payment Data
- Payment method information (processed by third-party payment provider; we retain transaction records only)
- Invoice history
- Subscription tier and renewal dates
2.4 Communication Data
- Support tickets and email correspondence
- In-product feedback or bug reports
- Chat logs (if you use in-app support features)
2.5 Technical Data (Minimal)
- IP address (logged for security and abuse prevention)
- Session tokens (temporary, for authentication)
- Browser or API client user-agent (for compatibility tracking)
Note: Gjallarhorn is API-first and does not use tracking cookies, advertising pixels, or third-party analytics trackers.
3. Legal Basis for Processing
We process your data under the following legal bases (GDPR Articles 6(1) and Swiss nDSG Article 6):
| Data Category | Legal Basis | Purpose |
|---|---|---|
| Agent behavioral telemetry | Art. 6(1)(f) – Legitimate interests | Behavioral analysis, compliance auditing, product optimization, security monitoring |
| API usage metrics | Art. 6(1)(f) – Legitimate interests | Service reliability, performance monitoring, abuse detection |
| Account and registration data | Art. 6(1)(b) – Contract performance | Delivery of Gjallarhorn service, account management |
| Billing and payment data | Art. 6(1)(b) – Contract performance | Invoicing, subscription management |
| Communication data | Art. 6(1)(f) – Legitimate interests | Customer support, product feedback, service improvements |
| Technical/security logs | Art. 6(1)(f) – Legitimate interests | System security, fraud prevention, legal compliance |
| Compliance audit logs | Art. 6(1)(c) – Legal obligation | EU AI Act Article 12 compliance, regulatory audits |
Legitimate Interest Assessment (Art. 6(1)(f)):
For behavioral telemetry and usage metrics, we rely on legitimate interests because:
- Service delivery & security: Monitoring agent behavior helps detect anomalies, abuse, and security breaches.
- Product improvement: Behavioral patterns inform feature development and optimization.
- Compliance support: Logs enable your organization to demonstrate AI governance and conformity with applicable regulations.
- Business operations: Platform stability, customer support, and contractual fulfillment require usage data.
We have balanced these interests against your privacy rights and concluded they are not outweighed by your reasonable expectations (especially in a B2B context where you are a company building AI tools, not a consumer).
4. Data Retention
4.1 Active Service Data
- Account information: Retained for the duration of your subscription + 30 days after termination.
- Agent behavioral telemetry and API logs:
- Free tier (Developer): 7-day retention only. The free tier is designed for evaluation and development. It is not suitable for regulatory compliance purposes. EU AI Act Article 12 compliance requires a minimum 6-month audit trail, which is available on paid tiers only.
- Paid tiers (Tool Supplier, Enterprise): Minimum 6 months (aligned with EU AI Act Article 12 audit requirements); maximum 24 months unless you request longer retention for compliance purposes.
- Billing and transaction records: Retained for 7 years (Swiss tax law requirement).
4.2 Communication and Support Data
- Support tickets and feedback: Retained for 3 years for dispute resolution and service improvement.
- Session tokens: Automatically deleted after 90 days of inactivity; active sessions cleared upon logout.
4.3 Technical Logs
- Security logs and IP addresses: Retained for 90 days; older logs anonymized.
- Error logs: Retained for 30 days then deleted.
4.4 Your Right to Deletion
You may request deletion of behavioral telemetry logs at any time (subject to legal holds for regulatory compliance). See Section 6 for details.
5. Data Sharing and Sub-processors
5.1 Sub-processors
Gjallarhorn uses the following service providers who may access your data:
| Provider | Service | Data Category | Location |
|---|---|---|---|
| Infomaniak SA (CH-0763.856.159), Route de la Glâne 135, 1752 Villars-sur-Glâne, Switzerland | Cloud hosting, data storage, network infrastructure | All data including agent behavioral telemetry | Switzerland (EU adequate) |
| Infomaniak SA — AI Inference (same entity) | LLM inference for instruction extraction feature (Gemini 3.1 Pro — google/gemini-3.1-pro-preview, accessed via Infomaniak AI infrastructure) | Customer system prompts (instruction monitor users only) | Switzerland (EU adequate) |
| Paddle.com Market Ltd | Payment processing | Billing data only — no agent telemetry | UK/Ireland (SCCs) |
Sub-processor Agreements: All sub-processors are bound by data processing agreements that implement GDPR and nDSG obligations, including confidentiality, security, and data subject rights support.
Note on AI Model Providers: For instruction extraction, Gjallarhorn uses Gemini 3.1 Pro (google/gemini-3.1-pro-preview) accessed via Infomaniak's AI infrastructure (Switzerland). This model runs on Swiss infrastructure and data does not leave Switzerland. Anthropic Claude is used by the Gjallarhorn operator for internal development work only and does not process customer telemetry. Gjallarhorn will not use US-based AI model providers to process customer telemetry without explicit written amendment to the applicable Data Processing Agreement and 30 days advance notice.
System Prompt Processing (Instruction Monitor Feature)
When you use the instruction monitoring feature, the full text of your agent's system prompt is transmitted to our LLM inference sub-processor (Infomaniak SA, Switzerland) for rule extraction. This data is:
- Transmitted over TLS 1.3
- Processed by Infomaniak's AI inference service within Switzerland (EU adequacy status — no SCCs required)
- Not retained by Infomaniak beyond the duration of the API request (per Infomaniak's Data Processing Agreement)
- Stored by Gjallarhorn in encrypted form for the duration of your subscription or 90 days, whichever is shorter, after which the raw system prompt text is automatically anonymised to
[ANONYMISED — 90-day retention policy]while extracted rule structures are retained for audit continuity
Immediate vs. automatic anonymisation: System prompts submitted to the instruction monitor are stored for up to 90 days to support ongoing instruction adherence monitoring. Two erasure paths are available:
- Immediate erasure on request: Call
DELETE /v1/deployments/:deployment_id/erasureat any time to immediately anonymise your system prompt (the raw text is replaced with[ERASED — GDPR Art. 17]). - Automatic anonymisation: If no erasure request is made, the raw system prompt text is automatically anonymised after 90 days. Extracted rule structures (which contain no personal data) are retained for audit continuity.
GDPR Article 17 requests submitted via our privacy contact email will be fulfilled by calling the erasure endpoint on your behalf within 30 days.
Immediate erasure: You may request immediate anonymisation of your stored system prompt at any time by calling DELETE /v1/deployments/:deployment_id/erasure. This anonymises the source_prompt field and simultaneously soft-deletes the pseudonymisation salt for that deployment, satisfying GDPR Article 17.
5.2 No Third-Party Marketing or Data Sales
Gjallarhorn does not sell, rent, or share your data with marketing partners, data brokers, or advertisers. Behavioral telemetry is never used to profile natural persons for behavioral advertising or discrimination.
5.3 Government and Legal Requests
We will disclose your data to government or law enforcement only when:
- Required by valid legal process (court order, subpoena, or similar)
- Necessary to protect the safety of persons or security of the platform
- Compliance is required by Swiss law or applicable regulations
We will provide advance notice whenever legally permitted to do so.
6. Your Data Subject Rights
6.1 Right of Access (Art. 15 GDPR / Art. 22 nDSG)
You have the right to request a copy of all personal data we process about you. We will provide this in a structured, commonly used, machine-readable format within 30 days.
6.2 Right to Rectification (Art. 16 GDPR / Art. 23 nDSG)
You may correct incomplete or inaccurate account data at any time via your account dashboard or by contacting us.
6.3 Right to Erasure (Art. 17 GDPR / Art. 24 nDSG)
You may request deletion of account data and associated logs, subject to:
- Completion of any ongoing audit or compliance requirement
- Retention obligations under law (e.g., tax records, 7 years)
We will delete your data within 30 days unless a legal hold applies, in which case we will inform you.
6.4 Right to Data Portability (Art. 20 GDPR / Art. 25 nDSG)
You may export your agent telemetry, account data, and any other personal data in a standard format (JSON, CSV) via the API or by request.
6.5 Right to Object (Art. 21 GDPR / Art. 26 nDSG)
You may object to processing based on legitimate interests (Section 3). We will cease processing unless we demonstrate a compelling legitimate interest that overrides your rights, or unless the processing is necessary for legal compliance.
6.6 Right to Restrict Processing (Art. 18 GDPR / Art. 27 nDSG)
You may request that we restrict processing of your data while we verify accuracy or assess your objection.
6.7 Exercising Your Rights
To exercise any of these rights, contact us at:
Email: support@gjallarhorn.watch Mail: Parkweg 11, 5000 Aarau, Canton of Aargau, Switzerland
We will respond within 30 days. If we deny your request, we will explain the legal basis for denial.
7. International Data Transfers
7.1 Swiss-EU Transfer
Data is primarily stored in Switzerland (Infomaniak VPS). Switzerland has been determined by the European Commission to have adequate data protection laws (adequacy decision, 2000; reaffirmed in Swiss nDSG modernization). No additional transfer mechanism is required for EU-Switzerland transfers.
7.2 Transfers to Non-EU Sub-processors
If we use AI model providers or other sub-processors located outside the EU/EEA (e.g., USA), we rely on:
- Standard Contractual Clauses (SCCs): Where available and validated by supervisory authorities
- Adequacy decisions: For jurisdictions with equivalent data protection (if applicable)
- Your consent: Explicitly for specific processing (detailed in your Data Processing Agreement or service agreement)
You will be notified if we engage sub-processors in high-risk jurisdictions, and you may object or request deletion before such processing begins.
7.3 Supplementary Safeguards
We implement additional technical and organizational measures (encryption, pseudonymization) to protect data transiting outside Switzerland/EU.
8. Security and Data Protection Measures
We implement the following technical and organizational measures (TOMs) to protect your data:
- Encryption in transit: TLS 1.3 for all API connections
- Encryption at rest: AES-256 for data stored on Infomaniak infrastructure
- Data processing: Gjallarhorn processes telemetry data to provide the contracted behavioral analysis services. Customer telemetry is not used for training AI models, is not shared with third parties except as specified in the sub-processor list, and is not accessed by Gjallarhorn personnel except for the purpose of debugging confirmed technical incidents with customer consent.
- Access controls: Role-based access; multi-factor authentication for administrative accounts
- Audit logging: All data access is logged and monitored
- Network isolation: Data stored on isolated VPS; no public exposure
- Regular security reviews: Annual penetration testing and vulnerability assessments
- Incident response plan: Data breach notification within 72 hours (GDPR Article 33)
9. Data Breach Notification
In the event of a confirmed data breach affecting your personal data, we will:
- Notify you within 72 hours (as required by GDPR Article 33)
- Inform relevant supervisory authorities if the breach poses a high risk
- Provide details about the breach, affected data, likely consequences, and mitigation measures
- Offer support (e.g., credit monitoring, identity protection services) where applicable
10. Cookie Policy and Tracking
Gjallarhorn is API-first and uses minimal cookies and tracking:
- Session tokens: Stored as HTTP-only, secure cookies; used only for authentication (90-day expiration)
- No tracking pixels: We do not use Google Analytics, advertising trackers, or third-party analytics
- No persistent identifiers: We do not assign persistent device IDs or fingerprints for cross-platform tracking
If you disable cookies, Gjallarhorn API authentication may not function (you can instead use API keys).
11. Children and Vulnerable Persons
Gjallarhorn is not intended for use by individuals under 18 years old. We do not knowingly process data of minors. If we become aware that a child's data has been collected, we will delete it immediately.
12. Changes to This Privacy Policy
We may update this policy to reflect changes in law, our services, or operational practices. We will:
- Post the updated policy with a new "Last Updated" date
- Notify you by email of material changes at least 30 days before they take effect
- Require your consent for any changes that materially reduce your rights
Your continued use of Gjallarhorn constitutes acceptance of the updated policy.
13. Contact and Supervisory Authority
For questions about this policy or to exercise your rights:
- Email: support@gjallarhorn.watch
- Mailing Address: Parkweg 11, 5000 Aarau, Canton of Aargau, Switzerland
- Response time: Within 30 days
If you are an EU resident and believe we have violated your rights, you may file a complaint with your local data protection authority:
- Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC)
- Website: www.edoeb.admin.ch
- EU: Your national Data Protection Authority (DPA)
End of Privacy Policy
Appendix: AI Act Article 12 Audit Log Compliance
Gjallarhorn retains behavioral telemetry logs for a minimum of 6 months to support customer compliance with EU AI Act Article 12 (documentation and record-keeping). These logs enable your organization to demonstrate:
- Decision provenance (what the AI agent decided and why)
- Input data (what the agent was given)
- Output and action taken
- Timing and sequencing of decisions
You are responsible for ensuring your use of Gjallarhorn and the AI agents you monitor comply with applicable AI governance requirements. Gjallarhorn is a tool for compliance, not a compliance guarantee.