top of page

PLATO Privacy Policy

Last Updated: February 2025

Introduction 

Welcome to PLATO, an AI-powered educational software service (the “Service”) operated by ctcHealth, SARL (“ctcHealth,” “we,” “us,” or “our”). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, safeguard, and disclose information that results from your use of PLATO and any related services we may provide. 

This Privacy Policy is part of ctcHealth’s Layered Privacy Notice and applies to the data processing activities unique to PLATO. It does not cover processing by other ctcHealth services, third-party platforms, or integrated providers that have their own privacy notices. Please review any third-party privacy notices separately, as we are not responsible for their privacy practices. 

By using the Service, you acknowledge that you have read and understood this Privacy Policy, and that you agree to be bound by its terms. If you do not agree, you may not access or use the Service. 

1. DEFINITIONS

  • “Service” refers to PLATO, our AI-powered educational software, accessible via web application or other platforms we make available. 

  • “Personal Data” means any information relating to an identified or identifiable natural person. 

  • “Usage Data” refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself. 

  • “Cookies” are small files stored on your device (computer or mobile device). 

  • “Data Controller” is the natural or legal person who determines the purposes and means of processing Personal Data. For the purposes of this Privacy Policy, ctcHealth is the Data Controller of your Personal Data processed through PLATO. 

  • “Data Processor” (or “Service Provider”) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Providers to process your data more effectively. 

  • “Data Subject” is any living individual who is the subject of Personal Data. In this context, “you” are typically the Data Subject. 

  • “User” means the individual using our Service (the Data Subject). 

2. Data Controller Information

Organization Name: ctcHealth, SARL 

Address: Route de Chêne 5, 1207 Genève, Switzerland 

Data Protection Officer (DPO) 

Email: support@ctchealth.ch 

3. Personal Data We Process

We obtain explicit consent from users for the collection and processing of their data. Below is a summary of the data we process, along with the purpose and legal basis for processing. (References to “Legitimate Interest” pertain to Article 6(1)(f) of the GDPR, where applicable.) We collect only the data necessary to achieve the specified purposes, ensuring that no excessive or irrelevant data is gathered. 
 

1. SSO User ID and provider

  • Purpose: Authentication and authorization (verifying your identity and granting access).

  • Legal Basis: Legitimate interest (security & access). The organization has a valid reason to ensure only authorized users access the system.

  • Source: Received from the SSO provider during login (e.g., Google, Facebook, etc.).
     

2. User role ID

  • Purpose: Authorization and access control (determining what you can access based on your role).

  • Legal Basis: Legitimate interest (security & access). The organization needs to control access to different parts of the system.

  • Source: Assigned by PLATO based on your role.
     

3. Language preferences

  • Purpose: Personalization of service (displaying the system in your preferred language).

  • Legal Basis: Legitimate interest (user experience). Providing a user-friendly experience is a valid reason.

  • Source: Provided by you.
     

4. User last login timestamp

  • Purpose: Security monitoring and troubleshooting (tracking login times for security and problem-solving).

  • Legal Basis: Legitimate interest (security). Protecting the system and user data is a valid interest.

  • Source: Logged during your use of the Service.
     

5. Doctor selection info

  • Purpose: Personalization of interactions (tailoring interactions based on your chosen doctor).

  • Legal Basis: Legitimate interest (user experience). This improves the relevance of the service.

  • Source: Provided by you when selecting a doctor.
     

6. Interaction logs (chat contents, messages, audio recording, timestamps)

  • Purpose: Service improvement, quality assurance, feedback (analyzing conversations to improve the system).

  • Legal Basis: Legitimate interest (service improvement). Improving the service is a valid reason.

  • Source: Generated during your use of the Service.
     

7. Feedback on conversation performance (evaluations, attributes)

  • Purpose: Providing feedback, service improvement (using evaluations to improve conversation handling).

  • Legal Basis: Legitimate interest (service improvement).

  • Source: Generated by the system.
     

8. User feedback on call experience and evaluations

  • Purpose: Service improvement (using feedback to improve the call experience).

  • Legal Basis: Legitimate interest (service improvement).

  • Source: Provided by you.
     

9. Usage data (session IDs, timestamps, resource usage)

  • Purpose: Troubleshooting and support (using usage data to diagnose and fix problems).

  • Legal Basis: Legitimate interest (support). Providing support is a valid reason.

  • Source: Generated during your use of the Service.
     

10. User experience call scores and feedback text

  • Purpose: Service improvement, addressing user concerns (using feedback to improve the call service and resolve issues).

  • Legal Basis: Legitimate interest (service improvement).

  • Source: Provided by you.
     

11. User experience feedback on evaluations (scores, feedback text)

  • Purpose: Improving feedback mechanisms (using feedback to improve the feedback process itself).

  • Legal Basis: Legitimate interest (service improvement).

  • Source: Provided by you.

4. How We Use Your Personal Data 

We use your Personal Data for the following purposes: 

  1. Authentication & Access Management 
    a. Using SSO user ID and provider info to authenticate and authorize user access.
    b. Monitoring user role IDs to enforce appropriate access control. 
    c. Keeping track of last login timestamps for security and auditing. 

2. Service Personalization 

    a. Managing language preferences for tailored user experiences.  

    b. Processing doctor selection data to customize your interactions (e.g., specialized educational or conversational settings). 

3. Service Quality & Improvement 

    a. Logging interactions (chat contents, audio recording, timestamps) to enhance PLATO’s AI prompts models and user experience. 

    b. Collecting user feedback (call experiences, evaluations, performance scores) to refine our conversational and educational features. 

4. Technical Operations & Support 

    a. Monitoring usage data (session IDs, timestamps, resource usage) to troubleshoot technical  issues and support user inquiries. 

   b.Ensuring system performance and stability (e.g., preventing crashes, analyzing usage patterns). 

5. Quality Assurance & Evaluation 

    a. Processing feedback on conversation performance to generate evaluations and improve the Service. 

    b. Implementing quality control measures (e.g., analyzing conversation metrics for anomalies). 

6. Automated Decision-Making & Profiling 

   a. Employing AI-driven (LLM) evaluations for conversation performance. 

   b. Monitoring system usage for security (e.g., suspicious activity detection). 

   c. Enhancing or customizing the Service based on user interactions and feedback. 

 

All processing activities are based on our legitimate interests, contract performance, legal obligations, or user consent where required by law. We do not sell or rent your Personal Data. 

5. Retention of Data 

We will retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. 

  1. 90-Day Retention 
    a. All basic Personal Data listed above and interaction logs (chat contents, messages, timestamps), feedback on conversation performance, user feedback on call experience: 
    i. Retained 90 days since your last login and/or upon termination of contract. 
    ii. Purpose: Service improvement, quality assurance, user feedback, and security incident response.
     

  2. Extended Retention 
    a. Usage data (session IDs, resource usage, timestamps): 
    i. Retained for 1 year since your last login and/or upon termination of contract. 
    ii. Purpose: Troubleshooting, support, auditing system usage. 
     

  3. Security & Compliance 
    a. Certain data may be retained up to 90 days for detecting possible security violations and for Computer Security Incident Response. 
    b. We may also retain data longer to comply with legal obligations, resolve disputes, or enforce agreements. 

  4. Data Deletion 
    a. Personal Data is automatically deleted after the specified retention period. 
    b. You may request earlier deletion of your data as described in Section 9 (Your Rights).
    c.We may keep certain minimal data if required to comply with legal obligations or to ensure security audit trails. 

6. COOKIES & TRACKING TECHNOLOGIES

We may use cookies and similar technologies to collect information about how you use our Service. Cookies help us provide features such as remembering your preferences, analyzing traffic, and improving overall functionality. 

  • Session Cookies: Used to operate our Service. 

  • Preference Cookies: Store your settings and preferences. 

  • Security Cookies: Provide secure access. 

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. If you disable cookies, some parts of the Service may not function properly. 

7. International Transfers 

Your data may be transferred to and processed in countries outside of Switzerland or the European Union, where data protection laws may differ from those in Switzerland or the EU. In such cases, we will ensure that appropriate safeguards are in place to protect your data, such as using standard contractual clauses, binding corporate rules, or other legal mechanisms approved under applicable data protection laws. 
 

  • Data Processing Locations: Primary data processing occurs within ctcHealth’s secure virtual private cloud (VPC). However, we may integrate external services (e.g., OpenAI, Deepgram, ElevenLabs) that process data in other jurisdictions. 

  • Transfer Safeguards: We employ standard contractual clauses (SCCs) or other safeguards required by law. We also periodically review third-party security measures to ensure ongoing compliance with data protection regulations. 

8. Disclosure of Data 

We may share user data with third-party providers and partners only as necessary to deliver our services and fulfill the purpose outlined in these privacy terms. Access to your data will be granted to those parties on a need-to-know basis to perform the Services. All third parties are required to adhere to strict data protection standards. 
 

  1. Within ctcHealth 
    a. Our PLATO Service Support Team for troubleshooting and ensuring quality service. 
    b. Our PLATO Engineering Team for maintenance and feature development. 
    c. Our Security Team to investigate and respond to security incidents. 
    d. Our Data Privacy and Compliance Team to ensure adherence to applicable data protection laws. 

  2. To Third-Party Providers (Processors) 
    a. We rely on certain providers for authentication (SSO), language services, AI evaluation, or additional analytics. 
    b. Such providers may only process Personal Data under our instructions and must comply with data protection laws. 

  3. For Legal or Regulatory Reasons 
    a. If required by law or in response to valid requests by public authorities. 
    b. To protect the rights, property, or safety of ctcHealth or others if we believe disclosure is necessary or appropriate. 

  4. Business Transaction 
    a. If ctcHealth or its assets are acquired or merged with another entity, your Personal Data may be transferred. We will notify users as outlined in Section 12 (Changes to This Privacy Policy). 
     

We do not sell, rent, or share Personal Data for monetary or direct marketing purposes. 

9. Your Rights 

Under the GDPR and other applicable data protection laws, you have the following rights with respect to your Personal Data: 

  1. Right to Access 
    a. You can request details of the Personal Data we hold about you and receive a copy in a commonly used format. 

  2. Right to Rectification 
    a. You can request correction of any inaccurate or incomplete Personal Data. 

  3. Right to Erasure (Right to be Forgotten) 
    a. You can request deletion of your Personal Data where processing is no longer necessary or lawful. Certain exceptions apply (e.g., legal requirements). 

  4. Right to Restrict Processing 
    a. You can ask us to suspend processing under specific circumstances, such as if you contest the accuracy of your data. 

  5. Right to Object 
    a. You can object to processing based on legitimate interests, particularly automated decision-making and profiling. 

  6. Right to Data Portability 
    a. You can request a copy of your Personal Data in a structured, machine-readable format, and request its transfer to another controller where technically feasible. 

  7. Right to Withdraw Consent 
    a. If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal. 

  8. How to Exercise Your Rights 
    a. Contact Methods: 
    i. Email: support@ctchealth.ch 
    ii. Written request: Address your request to our mailing address above. 
    b. Response Time: Within one month (or up to three months for complex requests). 
    c. Verification: We may ask for proof of identity. 
    d. Complaints: If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. 

10. Data Security Measures 

We implement robust security measures to protect user data, including encryption, access controls, staff training and regular security audits to maintain a high level of data security. Despite these efforts, no method of data transmission or storage is completely secure, and we cannot guarantee absolute security. 
 

  1. Infrastructure Security 
    a. All data is processed and stored in a secure virtual private cloud (VPC) environment. 
    b. Monitoring of network activity and real-time threat detection. 

  2. Encryption
    a. All data in transit (e.g., between your device and our servers) and at rest is encrypted using industry-standard protocols. 

  3. Access Controls 
    a. Strict role-based access to systems and data. 
    b. Regular reviews of permissions and activity logs. 

  4. Incident Response
    a. Established procedures to identify, investigate, and respond to security incidents. 
    b. In the event of a data breach, we will notify affected individuals and supervisory authorities as required by law. 

11. Automated Decision Making 

PLATO employs certain forms of automated processing to improve user experience and maintain service quality: 

  1. Conversation Evaluation 
    a. AI-based (LLM) systems evaluate conversations for performance metrics and feedback. 

  2. Security Monitoring
    a. Automated checks for anomalous activity or policy violations to prevent abuse. 

  3. Service Enhancement
    a.Profiling user interactions to suggest improvements, optimize resources, or adjust educational content. 

  4. Your Rights 
    a. You may object to automated decision-making. 
    b. You can request human intervention, express your views, or contest significant decisions made by the system. 

12. Children’s Privacy 

Our Services are not intended for use by children under the age of 13 (“Children”). 


We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers. 

13. Changes to This Privacy Policy 

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
 

We will let you know via email and/or a prominent notice on our Service, about any changes. 

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. 

14. GOVERNING LAW 

The terms of this Privacy Policy and any disputes relating to the processing of your personal data shall be governed by and construed in accordance with the laws of Switzerland, without regard to its conflict of law principles. 

 

Notwithstanding the foregoing, if your personal data is processed in the European Union, the General Data Protection Regulation (GDPR) may apply in addition to Swiss law, and you retain all rights under the GDPR with respect to your personal data. 

15. DISPUTE RESOLUTION 

The Parties agree to attempt to resolve any disputes, claims, or controversies arising out of or in connection with this Privacy Policy, including any questions regarding its existence, validity, or termination through mediation in accordance with the mediation rules of the Swiss Arbitration Centre. If mediation fails, the dispute shall be referred to and finally resolved by the courts of Geneva, Switzerland." 

16. FORCE MAJEURE

Neither party shall be liable for any failure or delay in performance of its obligations under this Privacy Policy to the extent such failure or delay is caused by events beyond the party's reasonable control, including but not limited to acts of God, war, terrorism, natural disasters, strikes, or government regulations. 

17. ENTIRE AGREEMENT

This Privacy Policy, together with any other legal notices or agreements published by us on the platform, constitutes the entire agreement between you and us concerning the processing of your personal data and supersedes all prior agreements, understandings, or communications regarding this matter. 

18. SEVERABILITY 

Severability: Should any provision of this Privacy Policy be or become invalid or unenforceable, the validity of the remaining provisions shall not be affected. In place of the invalid or unenforceable provision, a valid and enforceable provision shall be deemed to have been agreed upon that comes closest to the intended purpose of the invalid or unenforceable provision. 

19. Contact Us 

If you have any questions or concerns regarding this Privacy Policy or your Personal Data, please contact us at: 

  • ctcHealth, SARL 

  • Address: Route de Chêne 5, 1207 Genève, Switzerland 

bottom of page