This Privacy Policy explains how Donna Technologies Pty Ltd (ACN 691 287 457) (“Donna”, “we”, “us” or “our”) handles Personal Information in connection with the Donna platform, our websites at bydonna.ai, and our broader business operations. Donna is incorporated in Australia and trades as “Donna”.

At a glance

Donna is an AI-assisted legal collaboration platform used by law firms and the clients they invite into shared workspaces (“Spaces”). The information we handle is mostly entrusted to us by those firms. We host that information on Microsoft Azure in the region designated by Donna for the firm’s tenancy (Australia, the United States, or Europe). We do not sell Personal Information. We do not use Customer Data, Inputs or Outputs to train, fine-tune, or improve any AI model. You have rights over information about you, set out in section 10 below, and you can contact us at privacy@bydonna.ai at any time.

1.Applicability and scope

This policy applies to Personal Information that Donna handles in the course of operating the Platform, providing related services, marketing those services, recruiting personnel, and running our business as a going concern. It applies globally, with sub-sections that address divergences in Australian, European, United Kingdom, Swiss and United States law.

Where the Customer (typically a law firm) is the entity that determines the purposes and means of processing matter information in the Platform, that Customer's own privacy policy will be the primary statement applicable to End Clients invited into a Space. This policy applies to information about End Clients only to the extent that Donna handles it on its own account, for example where Donna communicates directly with an End Client to authenticate them, deliver service notices, or respond to a rights request.

In this policy, capitalised terms have the meanings given in the Donna Platform Agreement and Service Terms. “Personal Information” means information meeting the definition under the Privacy Act 1988 (Cth) (the “Privacy Act”) or “personal data” under the EU General Data Protection Regulation 2016/679 (“GDPR”) and the UK GDPR, as the context requires.

2.Our role in handling Personal Information

The Donna platform is two-sided. The same data sometimes appears in different legal characters depending on whose perspective you take. We try to be precise about that in this section, because it determines who answers your privacy questions and under what law.

Donna as a service provider to law firms

When a law firm uses the Platform, the firm decides what Customer Data to upload, who to invite into each Space, what queries to put to the AI, and how long to retain the workspace. In Australian terms, the firm is the “APP entity” that handles the Personal Information of its clients, opposing parties, witnesses, employees and other individuals named in those documents. In European terms, the firm is the controller and Donna acts as a processor. Donna handles Customer Data only on the firm's documented instructions, as set out in the Platform Agreement and the Data Processing Addendum.

Where this policy describes how Customer Data is handled, it does so to give Customers and End Clients a clear picture of Donna's downstream practices. It does not relieve the firm of its own obligations to publish and comply with its own privacy statement.

Donna as an APP entity and controller in its own right

Donna is also an APP entity and a controller in respect of certain Personal Information it determines the purposes and means of handling. This includes information about visitors to bydonna.ai, prospective customers, individual contacts at our Customers, personnel of our suppliers, job applicants, and our own staff. For that information, Donna is the entity accountable to you, and you should direct any requests to privacy@bydonna.ai.

End Clients invited into a Space

End Clients interact first with the inviting law firm under that firm's privacy policy. Donna processes information about End Clients on the firm's instructions, with the limited exception of operational information described in section 3 below (account credentials, sign-in events, security logs and the like), which we hold as a controller to operate the Platform safely.

3.Personal Information we collect

The categories of Personal Information that flow through the Platform fall broadly into four buckets. We describe each below. The exact items in any given case depend on how a firm configures its tenancy and what Customer Data it uploads.

Information you provide directly

When an Authorised User or End Client signs in, registers, contacts support, requests a demonstration, attends a Donna event, or otherwise engages with us, we may collect their name, work email address, position or title, employer, country of residence, telephone number, the contents of the messages they send us, and any preferences or consents they provide. When someone signs an order form or other contractual document, we collect signing-block information including signature and date.

Information from your law firm or Customer

Customers provide Donna with information about their Authorised Users (typically name, work email, job role and access permissions) so that we can provision accounts, route notifications and apply role-based access controls. Customers also upload Customer Data, which often contains Personal Information about third parties: the firm's clients, the parties to a contract, witnesses, beneficiaries, deceased persons, children mentioned in family-law matters, individuals named in regulatory disclosures, and any other person whose information appears in matter documents.

Donna does not select or curate that content. It enters the Platform because the firm has placed it there in order to do legal work. Donna handles it on the firm's instructions and stores it in the firm's tenant.

Information collected automatically

When you use the Platform or visit bydonna.ai, our infrastructure records technical information necessary to operate, secure and improve the service. This includes IP address, device and browser type, operating system, language preference, referrer URL, pages and features accessed, session identifiers, error and crash reports, time stamps, and similar technical metadata. Some of this is collected through cookies and similar technologies, which are described in section 12 below.

Within the Platform, we record audit-log information about actions taken in a Space, so that the Customer can demonstrate who did what and when. This is a feature of the service, not optional analytics, and it is part of the security posture firms rely on.

Information from public and third-party sources

Where lawful, we may obtain Personal Information from public sources or third parties. Examples include professional networking platforms used to verify a job applicant, ABN and ACN registers used to verify a corporate counterparty, sanctions and politically exposed person screening databases used for know-your-customer checks on prospective Customers, and limited contact information obtained from business-to-business marketing lists for outreach to law-firm decision makers.

4.How we use Personal Information

We use Personal Information for the purposes set out below. The table maps each purpose to the categories of Personal Information involved and to the legal basis under Australian Privacy Principle 6 and, where the GDPR or UK GDPR applies, Article 6.

Purpose	Information categories	Legal basis (AU APP 6 / EU GDPR Art. 6)
Providing the Platform: provisioning accounts, hosting Spaces, enabling AI features, generating Outputs in response to Inputs, exporting and deleting workspaces.	Authorised User account data, Customer Data, Inputs, Outputs, audit logs.	AU: primary purpose of collection (APP 6.1). EU/UK: performance of the contract with the Customer under Art. 6(1)(b), and legitimate interests in operating and securing the Platform under Art. 6(1)(f).
Authentication, account security, fraud prevention, abuse and misuse detection, audit-trail integrity.	Sign-in records, IP and device metadata, access logs, security events.	AU: primary purpose; secondary purpose of related security under APP 6.2(a). EU/UK: contract under Art. 6(1)(b); legitimate interests in security under Art. 6(1)(f); compliance with legal obligation under Art. 6(1)(c).
Customer support, troubleshooting, account management, billing and invoicing.	Contact details, support correspondence, billing data, account configuration.	AU: primary purpose. EU/UK: contract under Art. 6(1)(b); legitimate interests under Art. 6(1)(f).
Service improvement, capacity planning, error analysis, debugging, in each case using telemetry and aggregated metadata, not Customer Data, Inputs or Outputs.	Telemetry, performance metrics, error reports, aggregated usage statistics.	AU: secondary purpose related to primary under APP 6.2(a). EU/UK: legitimate interests under Art. 6(1)(f).
Marketing the Donna platform to existing and prospective business customers, including newsletters, product announcements and event invitations.	Business contact details, role, employer, expressed preferences and consents.	AU: APP 7 with consent and an unsubscribe mechanism, in compliance with the Spam Act 2003 (Cth). EU/UK: consent under Art. 6(1)(a) where required by ePrivacy rules; otherwise legitimate interests under Art. 6(1)(f) for B2B contacts.
Recruiting personnel, evaluating candidates, contacting referees.	Application materials, interview notes, assessment results, referee feedback.	AU: primary purpose. EU/UK: pre-contractual measures under Art. 6(1)(b); legitimate interests under Art. 6(1)(f); special category processing under Art. 9(2) where applicable, with appropriate safeguards.
Complying with legal obligations, responding to lawful regulatory or law-enforcement requests, exercising or defending legal rights, conducting due diligence in connection with corporate transactions.	Any category, as required.	AU: required or authorised by or under an Australian law (APP 6.2(b)). EU/UK: legal obligation under Art. 6(1)(c); legitimate interests under Art. 6(1)(f).

Where we rely on consent, you may withdraw it at any time by contacting privacy@bydonna.ai. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5.Personal Information and AI processing

The Platform uses large language models and related AI systems to assist legal work. We treat AI processing as a privacy-sensitive operation and have engineered the Platform accordingly.

No training on Customer Data, Inputs or Outputs

We do not use Customer Data, Inputs or Outputs to train, fine-tune, or improve any AI model, whether ours or a Subprocessor's. This restriction is set out in our agreements with Customers and is contractually flowed down to each AI Subprocessor we engage. Where a Subprocessor offers a zero-data-retention configuration, we adopt it. Where retention is unavoidable for abuse-monitoring or safety purposes, we contract for the shortest available retention window and prohibit any training, model improvement or human review of Customer Data outside the strict abuse-monitoring purpose.

AI Subprocessors

We currently engage the following AI Subprocessors. The current list is published at /legal/subprocessors.

Microsoft Corporation, in connection with Microsoft Azure and Azure OpenAI Service. Customer Data is processed in the Azure region designated by Donna for the firm’s tenancy.
OpenAI, L.L.C., United States, providing access to OpenAI models on an enterprise basis with no training on inputs or outputs.
Anthropic, PBC, United States, providing access to Anthropic models on an enterprise basis with no training on inputs or outputs.
Mistral AI SAS, France, providing access to Mistral models on an enterprise basis with no training on inputs or outputs.

Explainability and human oversight

The Platform produces drafts, summaries, comparisons and references intended to assist a qualified lawyer. A lawyer remains in the loop. Outputs are not legal advice on their own and are not used by Donna to make decisions that have legal or similarly significant effects on individuals. Section 16 explains our position on automated decision-making in more detail.

Forward-looking transparency under APP 1.7

From December 2026, APP 1.7 will require APP entities that use Personal Information in substantially automated decisions to disclose that fact in their privacy policies. Even though the Platform is not designed to make solely-automated decisions about individuals, we will keep this section under review and update it before APP 1.7 commences if our practices ever bring us within scope.

6.When we disclose Personal Information

Donna does not sell Personal Information. We disclose Personal Information only in the following circumstances.

To Subprocessors we engage to host, secure and operate the Platform, including infrastructure, AI inference, email delivery, customer support tooling, payment processing and analytics. Subprocessors act only on our documented instructions, are bound by written contracts with terms no less protective than those we accept under our agreements with Customers, and are listed at /legal/subprocessors.
To other entities in the Donna corporate group, where applicable, on terms consistent with this policy and the protections required by the Privacy Act and equivalent law.
To regulators, courts and law-enforcement agencies where required by a law that binds us, by a court or tribunal order, or by an enforceable government request. We assess each request for validity and scope and challenge requests we consider overbroad, unlawful or made under foreign law that does not bind us. Where permitted, we notify the affected Customer before disclosing Customer Data.
In connection with a corporate transaction, including a financing, merger, acquisition, reorganisation, sale of assets or insolvency event, in which case we will require any successor entity to honour the protections set out in this policy.
To professional advisers, including external lawyers, accountants, auditors and insurers, under duties of confidence and only as reasonably necessary.
With your consent or otherwise as we describe to you when collecting the information.

7.Cross-border disclosure

The Platform runs on Microsoft Azure regions designated by Donna for each Customer’s tenancy. The Customer does not elect, and Donna does not represent that the Customer may elect, the region in which its tenancy resides. Donna determines the region having regard to the Customer’s principal place of business, applicable data-protection law and operational considerations. AI inference may be routed to AI Subprocessors located in other jurisdictions, on terms that prohibit training on Customer Data and that contain appropriate cross-border safeguards. The following table sets out the recipient countries to which Personal Information is, or may be, disclosed in the ordinary operation of the Platform.

Country	Recipient	Purpose	Safeguard
Australia	Microsoft Azure (Australia East / Australia Southeast).	Hosting Customer Data for Customers allocated to Australian residency by Donna.	Domestic processing. APP 11 security obligations.
United States	Microsoft Corporation, OpenAI L.L.C., Anthropic, PBC.	Hosting in Azure US regions where Donna allocates US residency to the tenancy. AI inference for tenancies whose configuration includes US-based models.	APP 8 reasonable steps and s 16C accountability for overseas recipients. Service-provider commitments under the CCPA for California-origin Personal Information. Supplementary measures including encryption in transit and at rest, customer-managed keys where offered, and contractual prohibitions on training and onward transfer.
France	Mistral AI SAS.	AI inference for tenancies whose configuration includes Mistral models.	APP 8 reasonable steps for Australian-origin data. EU SCCs Module 3 in the unusual case described in the Data Transfers Addendum.

Where Donna discloses Personal Information to an overseas recipient, section 16C of the Privacy Act treats acts and practices of that recipient as our acts and practices for the purposes of the Australian Privacy Principles, subject to limited statutory exceptions. Further detail on cross-border safeguards, including the relevant transfer mechanisms and supplementary measures, is set out in the Data Transfers Addendum.

8.How we secure Personal Information

We take the steps that are reasonable in the circumstances to protect Personal Information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our technical and organisational measures include:

encryption of Customer Data in transit using TLS 1.2 or higher and at rest using AES-256, with customer-managed keys available on supported plans;
tenant isolation and role-based access controls, with least-privilege defaults and mandatory multi-factor authentication for Donna personnel;
private networking, identity-based service-to-service authentication using managed identities, and a no-stored-secrets posture for the Platform's production infrastructure;
continuous logging, monitoring, vulnerability management and threat detection, with documented incident response procedures;
personnel training, background screening to the extent permitted by local law, written confidentiality undertakings, and segregation of duties; and
regular review and testing, including independent assessments where appropriate, with findings tracked through to remediation.

Further detail is published at /security. No system is impenetrable, and we encourage Authorised Users to choose strong unique passwords, enable multi-factor authentication, and report any suspected compromise to security@bydonna.ai.

9.Retention and destruction

We retain Personal Information only for as long as we need it to provide the Platform, to satisfy the purposes described in section 4, or to comply with our legal, regulatory, accounting or audit obligations.

For Customer Data, the relevant retention period is set by the Customer. The firm controls when Spaces are deleted, when accounts are deactivated, and when matters are archived. On termination of the Customer's subscription, Donna will return or delete Customer Data in accordance with the Platform Agreement and the Data Processing Addendum, subject to limited retention required by law.

For information that Donna controls in its own right, we apply retention schedules calibrated to purpose. Account and contractual records are typically retained for the duration of the relationship and for a further seven years to satisfy Australian taxation, corporations and limitation-period requirements. Marketing contact information is retained until the contact unsubscribes or objects, and is reviewed periodically for ongoing relevance. Recruitment records are retained for up to two years after a decision unless the candidate consents to a longer hold.

Where Personal Information is no longer needed for any permitted purpose, we destroy it or de-identify it by reasonable means, in line with APP 11.2 and any equivalent obligation under foreign law.

10.Your rights and choices

Your rights depend on where you are and which law applies. The sub-sections below set out the principal rights available to you and how to exercise them. To make a request, contact privacy@bydonna.ai. We will verify your identity, route your request to the right place if a Customer is the controller, and respond within the period required by the applicable law.

Where Donna processes Personal Information on behalf of a Customer (typically all Customer Data within a Space), we will refer your request to that Customer and assist them in responding. Where Donna is the controller, we will respond directly.

Australia

Under the Privacy Act, you have the right to:

request access to the Personal Information we hold about you, under APP 12, subject to limited statutory exceptions;
request correction of Personal Information that is inaccurate, out of date, incomplete, irrelevant or misleading, under APP 13;
opt out of receiving direct marketing communications, under APP 7 and the Spam Act 2003 (Cth);
be told how we collected your Personal Information and to whom we have disclosed it, and
complain about our handling of your Personal Information, first to us and then to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

We do not generally charge for access requests. Where a request is manifestly excessive or repetitive, we may charge a reasonable cost-recovery fee, which we will tell you about before incurring the cost.

Other jurisdictions

Donna’s standard service today is offered to Customers in Australia and the United States. Where Personal Information of data subjects in another jurisdiction (for example, the European Economic Area, the United Kingdom or Switzerland) reaches Donna in the case described in the Data Transfers Addendum, the rights conferred on those data subjects by the GDPR, the UK GDPR or the Swiss FADP apply, and Donna will honour them through the Customer-controller of the relevant Personal Information. A data subject may also contact us directly at privacy@bydonna.ai and we will refer the request to the Customer or respond as the case requires.

United States

Several US states grant individuals privacy rights similar to those in Europe. Under the California Consumer Privacy Act as amended (the “CCPA”) you have the right to:

know what categories of Personal Information we collect, the sources, the purposes for which we use them, and the categories of third parties with whom we share them;
request a copy of the specific pieces of Personal Information we have collected about you in the preceding twelve months (or longer where you so request and we have the data);
request deletion of Personal Information, subject to statutory exceptions;
request correction of inaccurate Personal Information;
opt out of any “sale” or “sharing” of Personal Information. Donna does not sell Personal Information and does not share Personal Information for cross-context behavioural advertising as those terms are defined in the CCPA;
limit the use and disclosure of sensitive personal information to that necessary to provide the goods or services requested; and
not be subject to unlawful discrimination for exercising your rights.

Substantially similar rights are available under the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), and the Oregon Consumer Privacy Act (OCPA), with state-specific differences in scope, thresholds, and appeal rights. We extend the core CCPA-style rights to residents of those states. Where a state law grants a right to appeal a denial, we will explain that mechanism in our response.

Authorised agents acting on your behalf may submit requests with proof of authority. We will verify both your identity and the agent's authority.

11.Direct marketing and electronic communications

We send marketing communications to business contacts about the Donna platform, our events, and product updates. We rely on consent or, where permitted, on the business-to-business basis applicable in the relevant jurisdiction.

Every commercial electronic message we send to an Australian recipient complies with the Spam Act 2003 (Cth) by including clear sender identification, a functional unsubscribe facility, and (where required) consent or an inferred-consent basis. Recipients in the European Union and United Kingdom may rely on the rights set out in Article 21 GDPR and the Privacy and Electronic Communications Regulations. Recipients in the United States may rely on the rights set out in the CAN-SPAM Act and applicable state laws.

You can unsubscribe at any time by using the link in any marketing email or by contacting privacy@bydonna.ai. Unsubscribing from marketing does not stop us from sending operational messages relating to your account, your Customer's subscription, security incidents, or changes to this policy.

12.Cookies and similar technologies

We use cookies and similar technologies (such as pixels, software development kits and local storage) on bydonna.ai and within parts of the Platform. Cookies are small data files placed on your device that allow us to recognise your browser. First-party cookies are set by Donna; third-party cookies are set by other providers we engage.

Categories we use

We group cookies into four categories, following the conventions of the European Data Protection Board, the French CNIL and the United Kingdom Information Commissioner’s Office.

Strictly necessary. First-party cookies set by Donna to keep you signed in to the Platform, to confirm that requests originate from a page we served (cross-site request forgery protection), and to record your cookie banner choices. Without these cookies the service would not function. They are not subject to consent.
Functional. First-party cookies set by Donna to remember non-essential preferences such as language, region and dismissed in-product banners.
Performance and analytics. Used on bydonna.ai to count visits and measure traffic sources in aggregate. Where deployed, we use a self-hosted Plausible Analytics instance operated by Donna that does not set cross-site identifiers and does not build profiles of individual visitors. On limited occasions we may use Google Analytics 4 (provided by Google LLC) on the marketing site only, configured with IP truncation and without cross-site advertising signals. The Platform itself does not run analytics cookies in this category.
Marketing. We may set the LinkedIn Insight Tag (provided by LinkedIn Ireland Unlimited Company) on bydonna.ai only, to measure the performance of advertising aimed at law-firm decision makers and to suppress further outreach where you have already engaged with us. We do not run marketing cookies inside the Platform.

Managing your preferences

We present a cookie banner on bydonna.ai. You can accept all categories, reject all non-essential categories, or customise your choice category by category. Strictly necessary cookies are always set because the service cannot function without them. You can change your preferences at any time through the “Cookie preferences” link in the website footer. You can also manage cookies in your browser settings. Rejecting non-essential cookies will not block your access to the Platform or to bydonna.ai, but some functionality may be limited.

Legal basis and signals we honour

For visitors located in the European Economic Area, the United Kingdom or Switzerland, we obtain prior consent before any non-essential cookie is set, as required by the ePrivacy Directive 2002/58/EC, the Privacy and Electronic Communications Regulations 2003 (UK) and the Swiss FADP. For visitors located in Australia, we present the same banner for prudence and consistency, although a banner is not required by Australian statute. For visitors located in the United States, we honour the Global Privacy Control signal where presented by your browser. We do not currently respond to the legacy Do Not Track signal.

13.Children's data

The Platform is a business tool designed for legal professionals and their clients. It is not directed at children, and we do not knowingly collect Personal Information from children under 18 as Authorised Users. The minimum age for registering as an Authorised User is 18.

End Clients who are minors may, occasionally, be invited into a Space by a Customer (for example a parent or guardian acting in a family-law matter on behalf of a child). The Customer is responsible for determining whether to do so, for obtaining any required consent, and for ensuring that the involvement is appropriate. If you believe a child has been added to a Space without proper authority, please contact privacy@bydonna.ai and we will work with the Customer to investigate and remediate.

14.Notifiable data breaches

Donna operates an incident response programme designed to detect, contain, assess and report security incidents promptly. The programme is described in our security documentation at /security and is supported by contractual commitments in our agreements with Customers and Subprocessors.

If we suspect that an incident may amount to an “eligible data breach” under Part IIIC of the Privacy Act, we conduct an expeditious assessment, completing it within 30 days as required by the Notifiable Data Breaches scheme. If the assessment confirms an eligible data breach, we notify the Office of the Australian Information Commissioner and affected individuals as soon as practicable, providing the information required by the Act.

Where we act as processor and the controller is a Customer, our practical commitment is tighter than the statutory floor. We will notify the affected Customer without undue delay and, in any event, no later than 48 hours after we become aware of a personal data breach affecting Customer Data. Our notification will provide the information needed for the Customer to comply with its own obligations, including under Article 33 GDPR. Further detail is set out in the Data Processing Addendum.

Where Donna is the controller and the GDPR or UK GDPR applies, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a personal data breach, except where the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will notify affected individuals where the breach is likely to result in a high risk to those rights and freedoms.

15.Automated decision-making

Donna does not use Personal Information to make solely-automated decisions that produce legal effects concerning individuals or that similarly significantly affect them. The Platform produces drafts and analytical Outputs that are reviewed by qualified lawyers before any external use. The lawyer is the principal; the Platform is the silent hand.

From December 2026, APP 1.7 will require APP entities that use Personal Information in substantially automated decisions of a kind covered by the rule to disclose specified information in their privacy policies. We will keep this section under review, and where our practices change so that APP 1.7 applies, we will update this policy before the rule commences.

Under Article 22 GDPR and Article 22 UK GDPR, individuals have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects them. Donna does not engage in such processing on its own account. Where a Customer configures the Platform to support a decision of that kind, the Customer is the controller responsible for compliance with Article 22 and for ensuring meaningful human involvement.

16.Changes to this policy

We may update this policy from time to time to reflect changes in our practices, in the law, or in the Platform. When we do, we will revise the “Last updated” date at the top. Where the change is material, we will give prior notice through the Platform or by email to Customers, and we will record an archive of prior versions on request.

Continued use of the Platform after a change becomes effective constitutes acceptance of the updated policy, to the extent that acceptance is required and permitted by law.

17.How to contact us

If you have a question, concern or complaint about this policy or about our handling of Personal Information, please contact us first. We take complaints seriously and will investigate promptly. We aim to acknowledge complaints within five business days and to respond substantively within 30 days, or sooner where required by law.

Privacy Officer (Australia)

Privacy Officer, Donna Technologies Pty Ltd
Email: privacy@bydonna.ai
Security incidents: security@bydonna.ai
Legal: legal@bydonna.ai

Office of the Australian Information Commissioner

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au or by post to GPO Box 5288, Sydney NSW 2001.

Other supervisory authorities

You may also contact the supervisory authority in your country of residence, workplace, or the place of the alleged infringement. In the United Kingdom, the Information Commissioner's Office at ico.org.uk. In Switzerland, the Federal Data Protection and Information Commissioner at edoeb.admin.ch. In California, the California Privacy Protection Agency at cppa.ca.gov.