Datenschutz

This privacy notice explains how we process personal data when you use this website and application, in accordance with the Swiss Federal Act on Data Protection (nDSG / revDSG, in force since 1 September 2023).

Data controller

Philipp Leu

Email: [email protected]

For privacy-related requests, please contact the data controller at the email address above.

Categories of personal data

Depending on how you use the service, we may process in particular:

• Account data (e.g. email address, display name, language, timezone)
• Team and planning data you enter (members, events, assignments, settings)
• Technical access data (e.g. IP address, timestamp, browser type) in server logs
• Session and authentication data (session cookies, login tokens)
• Communication data (e.g. email addresses used for magic-link login or team invites)

Purposes and legal bases

We process personal data to provide and secure the service, manage user accounts and teams, deliver transactional emails, and comply with legal obligations. Processing is based on performance of a contract or steps prior to entering a contract, your consent where required, and our legitimate interest in operating a secure and reliable service.

Hosting and server logs

When you visit this website, our servers automatically record technical access data in log files. This is necessary to deliver the service, ensure stability, and protect against misuse. Log data is retained only as long as needed for these purposes and is then deleted or anonymised.

Cookies and sessions

We use technically necessary session cookies to keep you signed in and to remember your language preference. These cookies are required for the service. We do not use marketing or analytics cookies on this application. Session data is deleted when you log out or when the session expires.

Account and planning data

If you register, we store the information you provide to operate your account and team plans. Planning data is visible to members of your team according to their role. You can update or delete much of this data in the application; account deletion is available in your settings.

Email communication

We send transactional emails for magic-link login, team invitations, and account-related notices. Your email address is used only to operate the service. If email delivery is handled by an external mail server, the provider processes recipient addresses and message metadata on our behalf.

Recipients and data processors

Personal data is processed primarily on infrastructure we operate. Where we use external providers (for example for email delivery), they process data only on our instructions and solely to provide the contracted service.

Retention

We retain personal data only as long as necessary for the purposes described above, to comply with legal obligations, or to resolve disputes. Server logs and session data are kept for a limited period. Account and planning data remain stored until you delete them or your account is deleted, subject to any statutory retention duties.

Security

We apply appropriate technical and organisational measures, including encrypted transmission (HTTPS), access controls, and privacy-friendly default settings, to protect personal data against unauthorised access, loss, or misuse.

Your rights

Under the nDSG, you have in particular the right to:

• Request information about whether we process personal data about you
• Request a copy of personal data concerning you
• Request correction of inaccurate data
• Request deletion of data where the legal requirements are met
• Request surrender or transfer of certain data in a common electronic format
• Object to data processing in certain cases

To exercise your rights, contact the data controller above. You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

Visitors from the EU/EEA

If you access this service from the European Union or EEA, the EU General Data Protection Regulation (GDPR) may additionally apply. In that case, you also have the rights provided under the GDPR and may contact a supervisory authority in your country of residence.

Last updated: when the operator publishes or changes this notice on the live system.