Iprova Sàrl

Privacy Policy (Voyager)

Effective Date: 23rd February 2026

1. Introduction

This Privacy Policy describes how Iprova Sàrl (“Iprova”, “we”, “us”, or “our”) processes personal data in connection with the Voyager Microsoft Teams application (“Voyager” or the “App”).

Voyager is an enterprise application deployed within Microsoft Teams environments and made available exclusively to authorised users within customer organisations.

In providing Voyager, Iprova acts primarily as a Data Processor, processing personal data on behalf of the customer organisation, which acts as the Data Controller.

2. Scope

This Privacy Policy applies to personal data processed in connection with:

  • Use of Voyager within Microsoft Teams
  • User interactions with the App
  • Administrative, operational, and support activities

It does not apply to Microsoft’s independent processing of data within Microsoft 365 or Teams, which is governed by Microsoft’s own agreements and privacy policies.

3. Roles and Responsibilities

3.1 Customer as Data Controller

The organisation deploying Voyager determines:

  • The purposes for which Voyager is used
  • The categories of personal data entered into the App
  • Which users are authorised to access Voyager

3.2 Iprova as Data Processor

Iprova processes personal data:

  • Only on documented instructions from the Customer
  • In accordance with applicable data protection laws
    Under the terms of the applicable services agreement and Data Processing Agreement (DPA)

4. Categories of Personal Data Processed

Depending on how Voyager is used, the following categories of data may be processed:

4.1 User Account Information

  • Full name
  • Business email address
  • Job title
  • Organisation name
  • Microsoft Teams user identifier

4.2 User-Generated Content

  • Prompts, queries, and chat messages submitted within Voyager
  • Uploaded documents and files
  • Innovation concepts, project descriptions, or collaboration content
  • Comments and metadata associated with content

4.3 Technical and Usage Data

  • Log data (timestamps, actions performed)
  • Session information
  • Device and browser metadata
  • IP address (where technically required for security and logging)
  • Diagnostic and performance data

Voyager is not designed for the processing of special category (sensitive) personal data. Customers are responsible for ensuring that such data is not entered into the App unless explicitly agreed.

5. Purpose of Processing

Personal data is processed solely for the following purposes:

  • Providing Voyager functionality within Microsoft Teams
  • Generating AI-assisted outputs requested by authorised users
  • Supporting collaboration and innovation workflows
  • Maintaining system security, integrity, and performance
  • Providing technical support and troubleshooting
  • Fulfilling contractual obligations to Customers

Iprova does not:

  • Sell personal data
  • Use customer data for advertising
  • Use enterprise customer data to train public AI models

Data processed via Azure OpenAI is not used by Microsoft or Iprova to train foundation models.

6. Legal Basis for Processing

Voyager utilises Microsoft Azure OpenAI Service to provide AI-powered functionality.

6.1 Processing Locations

  • AI workload processing: Azure West Europe
  • Data storage and processing:
    • Azure West Europe
    • Azure North Europe
    • Azure Switzerland North

Customer environments determine the applicable region configuration.

6.2 Azure OpenAI Data Handling

Azure OpenAI Service operates under Microsoft’s enterprise data protection commitments. Prompts and completions:

  • Are processed within the configured Azure region
  • Are not used to train Microsoft or OpenAI foundation models
  • Are subject to Microsoft’s enterprise security and compliance framework

Microsoft acts as a sub-processor under applicable data protection agreements.

7. Data Retention

Where Iprova acts as a Data Processor, the legal basis for processing is determined by the Customer.

Iprova processes data in accordance with:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR (where applicable)
  • Swiss Federal Act on Data Protection (FADP)
  • Other applicable data protection legislation

Processing is carried out pursuant to Article 28 GDPR (Processor obligations).

8. Data Retention

Personal data processed within Voyager is retained:

  • For the duration of the customer contract, and
  • In accordance with Customer instructions

Upon termination of services, data will be deleted or returned as contractually agreed, subject to applicable legal retention requirements.

9. Security Measures

Iprova implements appropriate technical and organisational measures including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (where supported by Azure infrastructure)
  • Role-based access controls
  • Secure authentication via Microsoft identity services
  • Audit logging and monitoring
  • Secure software development lifecycle practices
  • Restricted access to production environments

Infrastructure is hosted in Microsoft Azure data centres meeting internationally recognised security standards.

10. Sub-Processors

Iprova may engage sub-processors to support delivery of Voyager services. These may include:

  • Microsoft Azure (cloud hosting and infrastructure)
  • Microsoft Azure OpenAI Service

All sub-processors are bound by contractual data protection obligations consistent with GDPR requirements.

A current list of sub-processors is available upon request or under the applicable DPA.

 

11. International Data Transfers

Voyager is hosted within EU and Swiss regions as specified above.

Where any personal data is transferred outside the EEA, UK, or Switzerland, appropriate safeguards are implemented, such as:

  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreement (IDTA)
  • Adequacy decisions where applicable

12. Data Subject Rights

As Customers act as Data Controllers, individuals wishing to exercise their data protection rights should contact their employer or organisation.

Iprova will assist Customers in fulfilling data subject rights requests as required by law.

13. Microsoft Integration

Voyager operates within Microsoft Teams and may interact with Microsoft 365 services.

Microsoft’s processing of data is governed by:

  • The customer’s agreement with Microsoft
  • Microsoft’s own privacy and data protection commitments

Iprova is not responsible for Microsoft’s independent data processing activities.

14. Changes to This Policy

Iprova may update this Privacy Policy from time to time. Updated versions will be made available through appropriate customer communication channels.

15. Contact Information

If you have any questions regarding this Privacy Policy or data protection matters, please contact:

Iprova SA
Building I
EPFL Innovation Park
CH-1015 Lausanne
Switzerland

Email: nadams@iprova.com