LEGAL
Privacy Policy
Last updated: March 2025
1. Who we are
PrivaGuard ("we", "us", "our") is a Swiss SaaS service that helps websites achieve compliance with the Swiss Federal Act on Data Protection (nDSG / nLPD). We are based in Geneva, Switzerland. As the operator of privaguard.ch, we are responsible for the processing of your personal data as described in this Privacy Policy.
2. What data we collect
We collect only the data necessary to provide our services:
- Account data: name and email address when you register
- Usage data: pages visited, features used, scan history β to improve our service
- Technical data: IP address, browser type, device information β for security and diagnostics
- Payment data: billing information processed via our payment provider (we do not store card details)
- Website scan data: URLs and cookie scan results you submit β to generate compliance reports
3. Cookies and tracking
We use strictly necessary cookies to operate our service (session management, security). We also use analytics cookies to understand usage patterns β you will be asked for consent before these are set.
In accordance with Art. 19 nDSG, we disclose all third-party services that may process your data: hosting infrastructure (Switzerland), payment processing (Stripe), and analytics (self-hosted, Switzerland).
4. Third parties and data transfers
We share your data only where necessary:
- Infrastructure providers: our servers are hosted in Switzerland. No data is transferred outside Switzerland for core services.
- Payment processing: Stripe Inc. processes payment data. Stripe is certified under the EU-US Data Privacy Framework.
- We do not sell your personal data to any third party, ever.
5. Data retention
We retain your personal data for as long as your account is active, plus 3 years for legal and audit purposes. Scan results are retained for 12 months unless you delete them earlier. You may request deletion at any time.
6. Your rights (Art. 24-25 nDSG)
Under the nDSG, you have the following rights:
- Right of access (Art. 25 nDSG): you may request a copy of all personal data we hold about you
- Right to rectification: you may request correction of inaccurate data
- Right to erasure: you may request deletion of your data
- Right to data portability: you may request your data in a machine-readable format
- Right to object: you may object to processing based on legitimate interests
To exercise your rights, contact us at contact@privaguard.ch. We will respond within 30 days. You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC / EDΓB).
7. Security
We implement appropriate technical and organisational measures to protect your data (Art. 8 nDSG). All data is encrypted in transit (TLS) and at rest (AES-256). Access to personal data is restricted to authorised personnel only.
8. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least 14 days before taking effect. Continued use of the service after that date constitutes acceptance.
9. Contact
For privacy-related requests or questions, please contact our data protection contact:
PrivaGuard
Genève, Switzerland
contact@privaguard.ch