Privacy

Privacy Policy

This policy explains how Vutler and Starbox Group GmbH collect, use, store, and protect personal data when you visit the public site, create an account, or use the Vutler platform.

Last updated: April 1, 2026
Controller: Starbox Group GmbH
Location: Geneva, Switzerland

1. Scope

This Privacy Policy applies to Vutler, including the public website at vutler.ai, the authenticated application at app.vutler.ai, support interactions, and related communications.

Where a customer uses Vutler for its own business purposes, that customer may act as the controller of workspace content and end-user data processed through the service. In those cases, Starbox Group GmbH generally acts as a processor or service provider for that customer.

2. Data we collect

  • Account and contact information, such as name, email address, company details, billing contact details, and support correspondence.
  • Workspace and usage data, such as workspace identifiers, configuration choices, plan information, feature flags, logs, and audit events.
  • Content submitted to the service, including agent prompts, messages, tasks, drive metadata, email routing settings, and files or snippets intentionally uploaded or connected by users.
  • Technical and security data, such as IP address, browser or device information, authentication events, error diagnostics, and anti-abuse signals.
  • Optional analytics data on the public site only if you consent to analytics under our Cookie Policy.

3. How we use personal data

  • To provide, secure, maintain, and improve the service.
  • To authenticate users, manage workspaces, enforce plan limits, and operate routing, storage, and real-time features.
  • To respond to support requests, legal requests, and security incidents.
  • To process payments, invoices, and commercial requests where applicable.
  • To generate aggregated service analytics and reliability metrics.

4. Legal bases

Depending on the context, we rely on contractual necessity, legitimate interests, compliance with legal obligations, and consent where required. We use consent specifically for optional analytics or other optional tracking technologies on the public site.

5. AI providers, integrations, and subprocessors

Vutler routes AI requests through provider integrations selected or enabled within the platform. This may include external model providers and infrastructure partners that receive prompts, files, or context strictly as needed to perform the requested service.

We also use infrastructure, storage, email, and support vendors to operate the platform. Where required, we put contractual safeguards in place with those vendors and limit access to the minimum needed to deliver the service.

Customers should avoid sending personal data or regulated data to third-party providers unless that use is permitted by their own policies, contracts, and applicable law.

6. Cookies and similar technologies

We use essential cookies for authentication, security, and workspace state. Optional analytics is disabled by default until you choose otherwise. See the Cookie Policy for details.

7. Retention

We keep personal data only for as long as necessary for the purposes described in this policy, to comply with legal obligations, resolve disputes, enforce agreements, and maintain security records. Retention periods may vary depending on account status, workspace settings, and the type of data involved.

8. International transfers

Because customers can enable third-party providers and integrations, personal data may be processed outside Switzerland or the European Economic Area. Where required, we rely on appropriate transfer mechanisms, contractual protections, or adequacy decisions.

9. Customer controller and processor roles

For account management, security, billing, and direct service operations, Vutler generally acts as controller of the personal data it needs to run the service. For customer workspace content processed on behalf of the customer, Vutler generally acts as processor or service provider, depending on the applicable legal framework and contract.

If you are an end user interacting with a customer-configured agent or workflow, your organization may be the primary controller for that interaction and should be your first point of contact for rights requests relating to that workspace context.

10. Your rights

  • Request access to the personal data we hold about you.
  • Request correction, deletion, or restriction where applicable.
  • Object to certain processing based on legitimate interests.
  • Withdraw consent for optional analytics at any time through Cookie Settings.
  • Request data portability where the law provides that right.
  • Lodge a complaint with the competent supervisory authority.

11. Minors and sensitive uses

The service is designed for business and professional use and is not directed to children. Customers are responsible for assessing whether they may use the service for special-category, highly confidential, regulated, employment, health, or other sensitive workflows and for applying appropriate contractual and technical safeguards before doing so.

12. Security

We use technical and organizational measures designed to protect confidentiality, integrity, and availability, including access controls, encrypted transport, and operational monitoring. No system can guarantee absolute security, but we continuously review controls as the platform evolves.

13. Contact

Privacy requests can be sent to privacy@starbox-group.com. General inquiries can be sent to info@starbox-group.com.