AskMeWhy AG | Last updated: April 2026
This Privacy Policy describes the principles according to which AskMeWhy AG (hereinafter “AskMeWhy”, “we” or “the Controller”) processes Personal Data collected via:
our websites and platforms (askmewhy.com, seamlesswork.com, docs.seamlesswork.com, admin.seamlesswork.com, admin-preview.seamlesswork.com, portal.seamlesswork.com — collectively the “Website”);
our Teams app Seamless (accessed via teams.seamlesswork.com and teams-preview.seamlesswork.com — the “App”);
or otherwise in connection with our services in relation to Seamless.
In particular, it informs you about: what Personal Data we collect; the purposes for which it is processed; to whom it may be disclosed; how long we keep it; and what rights and options you have regarding your Personal Data.
Personal Data means any information relating to an identified or identifiable natural person, such as name, address, email address, online identifier, or telephone number. Processing refers to any handling of Personal Data, such as obtaining, saving, storing, disclosing, or deleting.
Where AskMeWhy processes Personal Data as a Processor on behalf of a Customer (i.e. as a data processor under the Terms), the Data Processing Agreement (which forms part of our Terms) applies in addition to this Privacy Policy.
The legal entity responsible for the processing of Personal Data is:
| Legal entity | AskMeWhy AG |
|---|---|
| Address | Industriestrasse 47, 8152 Glattbrugg, Switzerland |
| Email (data protection) | help@askmewhy.com |
| Website | www.askmewhy.com |
All Personal Data collected by AskMeWhy is processed in accordance with the provisions of the revised Swiss Federal Act on Data Protection (revFADP, SR 235.1) and, where applicable, the European General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).
We collect and process Personal Data carefully and for the purposes described in this Privacy Policy. We make reasonable efforts to collect information in anonymous or pseudonymous form whenever possible, ensuring that individuals cannot be directly identified.
When you visit our Website or use our App, your browser automatically transmits information that we store in server log files, including: browser type and version, operating system, referrer URL, IP address, date and time of the request, and amount of data transferred. This data is deleted within six months and is processed on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR; Art. 31 revFADP) to operate and secure our services.
When you contact us by email, phone, or other means, we collect the information you provide (name, company, email, your message). This is used to respond to your request and is processed on the basis of legitimate interests and, where applicable, pre-contractual obligations (Art. 6 para. 1 lit. b and f GDPR).
When you purchase our services, we collect and process the following data:
Account data: email address, subscription status (start and end date), and system-generated user IDs.
Address data: company name, contact person, address, country, telephone, email, language, currency, position.
Communication data: email correspondence, written communications.
Contract data: contract initiation and conclusion details.
Billing data: billing address and invoicing information. Note: for customers purchasing via Azure Marketplace or Microsoft Marketplace, payment is processed directly by Microsoft and AskMeWhy AG does not receive payment card or bank account data. For Scale Plan customers billed via direct invoice, billing address and invoice details are processed via Harvest (see Section 5).
Marketplace transaction data: for customers purchasing via the Microsoft Marketplace, Microsoft may share contact information (such as name, email address, and organisation) and transaction details (such as subscription status and plan information) with AskMeWhy AG in accordance with Microsoft’s Commercial Marketplace Terms of Use. This data is used for account provisioning, licence management, and customer support.
Processing is based on contractual obligations (Art. 6 para. 1 lit. b GDPR) and legal requirements (Art. 6 para. 1 lit. c GDPR).
We process Personal Data for internal business operations including customer data management, document retention, communication, support request management, website and app hosting, and newsletter management. This processing is based on legitimate interests (Art. 6 para. 1 lit. f GDPR) and contractual obligations.
For user account registration we collect: name, company, email, phone, language, username, IP address, and time of user actions. User accounts are not public and cannot be indexed by search engines. Processing is based on legitimate interests and contractual obligations.
When using the Seamless Teams App, we collect and process:
Microsoft Entra ID User ID (Object ID) for telemetry purposes.
Optionally provided user and group object IDs for tenant configuration.
Audit logs (authentication against Seamless services), retained for 30 days.
Activity logs for troubleshooting and diagnostic purposes, retained for a maximum of 90 days.
This data is primarily stored in Switzerland (Microsoft Azure Switzerland North). AI-assisted features may process personal data (in particular email addresses) via Microsoft Azure AI Foundry hosted in Sweden, within the European Economic Area. Static, non-personal assets are delivered globally via Microsoft Azure CDN. Processing is limited to support and operational purposes.
When using the Seamless Admin Center (admin.seamlesswork.com and admin-preview.seamlesswork.com), we collect:
Microsoft Entra ID Tenant ID
Display name of the Global Admin
Consent date
Contact email address of the Seamless Admin (requested during the onboarding process if not automatically available from Microsoft Entra ID)
This information enables the use of the Admin Center and supports compliance with legal and regulatory requirements. Where a user’s email address is not available from Microsoft Entra ID, the Admin is asked to provide a contact email during onboarding; this is necessary for account activation, support communications, and important service notifications. Seamless configuration data (governance policies, templates, workflows) is stored until deleted by the Customer via the Admin Center or until termination of the service.
If you sign up for our newsletter or show interest in our products, we will send you marketing communications including emails about our services, event announcements, promotions, and surveys. You can unsubscribe at any time. This processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
When you submit a job application, we collect: name, address, email, phone, CV, qualifications, employment certificates, interview information, and publicly available professional data. Application data is deleted within three months unless you consent to retention for future vacancies.
Depending on the applicable law, we process your Personal Data on the following legal bases:
Your consent, which may be withdrawn at any time (Art. 6 para. 1 lit. a GDPR);
Performance of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR);
Compliance with a legal obligation (Art. 6 para. 1 lit. c GDPR);
Protection of vital interests (Art. 6 para. 1 lit. d GDPR);
Our legitimate interests, including operating and improving our services, preventing fraud, and defending legal claims (Art. 6 para. 1 lit. f GDPR).
If processing is based on your consent or our legitimate interests, you may withdraw consent or object at any time by contacting help@askmewhy.com. Withdrawal does not affect the lawfulness of prior processing.
We share Personal Data only to the extent necessary and with appropriate safeguards. Recipients may include:
Service providers (processors) acting on our instructions, including IT and hosting providers, our CRM provider, email delivery provider, and invoicing tool (see below);
Payment service providers and financial institutions (for direct billing customers);
Customers, partners, suppliers, and other business partners;
Courts, regulators, attorneys, and law enforcement where required by law.
Our current key processors include:
| Processor | Purpose |
|---|---|
| Microsoft Ireland Operations Limited | Cloud infrastructure (Azure), identity management (Entra ID), Microsoft 365 platform integration, AI-assisted processing via Azure AI Foundry (Sweden), global content delivery via Azure CDN, Commercial Marketplace transaction processing and billing for Enterprise Plans (including disclosure of customer contact information and transaction details to AskMeWhy as publisher). |
| HubSpot Ireland Limited | Customer relationship management (CRM), support tracking, marketing automation. |
| Resend Inc. | Transactional email delivery (onboarding notifications, system alerts, product communications). |
| Harvest | Time tracking and invoicing for Scale Plans billed via direct invoice. |
| Google Ireland Limited | Website analytics (Google Analytics). |
A complete and up-to-date list of our sub-processors is available in Annex 3 to the Data Processing Agreement (which forms part of our Terms).
Personal Data is primarily stored in Switzerland and the EU. Where transfers outside the EEA or Switzerland are necessary (e.g. in connection with US-based service providers such as Resend or Harvest), we ensure adequate protection through:
Standard Contractual Clauses (EU SCCs) pursuant to Implementing Decision (EU) 2021/914;
Equivalent safeguards under the revFADP.
We draw your attention to the fact that in the USA, surveillance measures by US authorities may apply to data transferred there. We ensure contractual protections are in place with all US-based processors. For more information, please contact help@askmewhy.com.
We retain Personal Data only as long as necessary for the purposes described in this Privacy Policy, and subject to applicable legal retention obligations.
| Category | In-system retention | Total retention |
|---|---|---|
| Audit Logs (App) | 30 days | 30 days |
| Application Telemetry (App) | 90 days | 90 days |
| Application Settings / Configuration | Until deleted by Customer or termination of the agreement | Until deleted by Customer or termination of the agreement |
| Marketplace transaction data | For the duration of the subscription | 11 years after termination (accounting) |
| Server log files (Website/App) | 6 months | 6 months |
| Electronic correspondence | 5 years | 5 years |
| Physical correspondence | 1 year | 1 year or 10 years (legal requirement) |
| Accounting and contract records | Duration of contract | 11 years after termination |
| Job applications (unsuccessful) | 3 months | 3 months |
We use the following categories of cookies on our websites:
Necessary cookies: Required for the operation of the website (e.g. sign-in, security).
Functional cookies: Remember your preferences and enhance your experience.
Performance cookies: Collect information about how the website is used to improve performance.
Marketing and personalisation cookies: Used for tracking user behaviour and displaying personalised content.
We use Google Analytics (operated by Google Ireland Limited, Dublin, Ireland) to analyse website usage. IP anonymisation is activated. You can opt out via Google’s opt-out tool.
You can manage or refuse cookies via the cookie banner on our website or by adjusting your browser settings. For a detailed overview of the cookies we use, please refer to our Cookie Policy.
We do not make decisions about you based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.
We implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Our measures include:
Encryption of data at rest (AES-256) and in transit (TLS 1.2 or higher);
Role-based access control and multi-factor authentication for administrative access;
Primary infrastructure hosted on ISO 27001-certified Microsoft Azure data centres in Switzerland; AI-assisted features processed via Microsoft Azure AI Foundry in Sweden (within the EEA); static, non-personal assets delivered globally via Microsoft Azure CDN;
Regular security monitoring and incident response procedures;
Data minimisation and privacy-by-design principles.
Despite these measures, internet transmission cannot be guaranteed to be completely secure. Transmission of information by email without encryption is at your own risk.
This Privacy Policy applies only to the Website and the App. We are not responsible for the privacy practices of third-party websites linked from our platforms. We encourage you to read the privacy policies of any third-party websites you visit.
Subject to applicable law, you have the following rights regarding your Personal Data:
Right of access: Request information about whether and how we process your Personal Data.
Right to rectification: Request correction of inaccurate Personal Data.
Right to erasure: Request deletion of Personal Data, subject to legal retention obligations.
Right to restriction: Request restriction of processing in certain circumstances.
Right to data portability: Receive Personal Data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Withdraw consent at any time without affecting prior lawful processing.
To exercise your rights, please contact us at help@askmewhy.com. We may verify your identity before processing your request. If you are not satisfied with our response, you may lodge a complaint with the competent supervisory authority:
Switzerland: Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch
EU: Your national data protection authority (list available at edpb.europa.eu).
This Privacy Policy may be updated from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes as appropriate. The current version is always available on our website. Your rights as a data subject remain unaffected by such changes.
Test all Seamless features for 30 days for free.