Frequently Asked
Three concerns that Swiss decision-makers raise repeatedly — and how Turivus handles them concretely.
Lock-in & Handover
The most important purchase risk for any consulting and implementation project: what happens when we stop working with Turivus?
Who owns the code that Turivus builds for us? +
You do. Upon full payment, all work results — code, configuration, architecture documentation, runbook — transfer fully into your ownership. This is binding in our T&Cs, section 7. We retain only the right to use anonymised case studies.
How do we exit if we no longer want to work with you? +
On project termination, we hand over all artefacts (code, configuration, architecture documentation, runbook) to you or your new provider within 4 weeks — billed at the agreed day rate, without lock-in clauses. There are no proprietary platforms, no subscriptions that suddenly expire, no API keys that only we hold.
Where does the solution run — at your end or ours? +
By default in your infrastructure (cloud account, on-prem server, or hybrid). We have no account lock-in — everything we build deploys directly into your environment. On request we can also handle hosting in Switzerland, but that's optional.
Which frameworks and libraries do you use? Are they sustainable? +
We build primarily with established, open components: Python, FastAPI, Postgres, Ollama, LiteLLM, n8n, and Anthropic/OpenAI/Ollama as LLM providers. No proprietary agent frameworks, no LangChain vendor lock-in. Every architectural decision is documented with rationale — you know why what runs where.
Data Flow & Privacy
Compliance question number one: what happens to our data once it goes to an LLM?
Does our data leave Switzerland when we use cloud LLMs? +
That depends on your choice — and that's exactly the point of the Security Layer. Sensitive data (customer names, banking info, HR data) is routed to a local LLM (Ollama, running on your hardware or a CH/EU server). Non-critical tasks (code generation, general research) can go to cloud LLMs — Anthropic Claude (processing in EU/US, zero-retention available) or OpenAI. You define the routing rules; the code enforces them.
Will our data be used to train someone else's models? +
No. With Anthropic and OpenAI we use the Enterprise/API plans — there is contractually no training on your data. With local LLMs (Ollama) it's technically impossible because the data never leaves your infrastructure. For every implementation we explicitly document which data type goes to which provider and on what contractual basis.
What does "nDSG-compliant" mean concretely? +
Concretely: (1) data protection impact assessment per use case, (2) explicit data processing agreements with all third parties, (3) data flows documented and exportable, (4) audit log over every LLM call and every accessible data source, (5) role and access concept, (6) masking of sensitive fields before any external API call. We provide a data protection appendix that you can hand to your data protection officer.
What about the Swiss-US Data Privacy Framework? +
The DPF (in force since September 2024) is one of the legal bases on which we ground data transfers to the US — for example if you want to use OpenAI. Where possible we prefer EU infrastructure (Anthropic EU region, local Ollama). The choice is yours and is documented.
Liability & Risk
What if the LLM gets it wrong — wrong answer to a customer, wrong invoice approval, faulty HR output?
Who's responsible if an agent takes a wrong action? +
You as the operator carry the main responsibility — like with any production system. But we minimise the risk architecturally: every critical agent action (e.g. an approval above CHF X, external communication, an HR decision) goes through a human-in-the-loop step. By default agents act only within clearly defined limits. Anything beyond that escalates to a human owner.
How do we review what the agents do? +
Audit trail: every action is logged (who, when, what, with which data, which LLM provider, which tokens). Dashboards show volume, escalation rate, cost, and anomalies. You can trace every workflow in retrospect and, on request, repeatedly test in dry-run mode before activating it in production.
What's your liability in case of damage? +
Per T&Cs section 6, Turivus is liable for gross negligence and intent. Indirect damages, lost profits, and consequential damages are excluded to the extent permitted by law. For critical use cases we recommend negotiating additional SLAs and liability provisions explicitly in the project contract. Turivus carries professional indemnity insurance.
Do you have insurance against LLM hallucinations? +
Honest answer: a specific "LLM hallucination insurance" is not yet a standard product on the Swiss market. What exists is cyber insurance and professional indemnity — both can, when properly configured, cover LLM-related damages. We recommend clarifying this with your own insurer and compliance team before go-live, and we provide the architecture documentation you'll need for that.
Ready for an initial conversation?
In a 30-minute initial call we listen, assess your situation and give you an honest take on whether an AI agent makes sense here — or not.