Privacy notice
How alpflo handles personal data, under the revised Swiss Federal Act on Data Protection (nDSG/revFADP).
Last updated 2026-07-17
1 · Data controller
The controller responsible for the personal data processed through alpflo is:
Nariman MaddahTödistrasse 56
8810 Horgen, CH
info@alpflo.ch
2 · What data we collect
- Property address submitted — to resolve the parcel and assemble your brief. A submitted address can itself be personal data where it is a person's residence.
- Payment data — processed by Stripe; no card details are stored by the Provider.
alpflo uses no marketing analytics and no third-party trackers: there are no advertising trackers and no third-party cookies. The Service is server-rendered. alpflo sets one functional first-party cookie (an opaque, randomly generated visitor id) to understand product usage — how a single visit moves from search to result — as first-party analytics. This cookie stores no personal data, is never shared or used for advertising, and is not a service or free-tier gate: clearing or blocking it changes nothing you can access, because access and the free tier are enforced on the server, not by the cookie. Once you confirm an email to view a brief, alpflo may remember that email server-side against this cookie's opaque id — never the email inside the cookie itself — for up to 120 days, purely so a return visit pre-fills the email field; clearing the cookie stops this recognition.
For the public marketing site (www.alpflo.ch), alpflo uses Google Search Console and Bing Webmaster Tools to diagnose organic search — index coverage and the search terms that lead people to alpflo. Both are verified by a DNS record, set no cookies and add no client-side tracker, and report only aggregate, server-observed search data. They apply to the marketing site, not to the Service itself.
3 · Why we process it (legal basis — nDSG Art. 13)
- Address — contractual necessity (to deliver the brief you ordered).
- Payment — contractual necessity (to take payment for the brief).
- Usage / analytics — legitimate interest (nDSG Art. 31): first-party product analytics via the functional visitor cookie, kept de-identified (an opaque visitor id and public canton only — never your address, email, or a parcel identifier) so alpflo can understand and improve how the Service is used. No advertising or profiling. Minimal operational server logs are also kept to run and secure the Service (see retention below).
4 · Retention
Briefs are delivered as immutable, dated order records. The payment record for an order is kept for 10 years to meet Swiss accounting-retention duties (OR Art. 958f); it is held against a surrogate customer identifier, not your email, so it remains even after your personal data is deleted. Cached register lookups expire after a limited period.
The personal parts of an order — the property address you searched, your billing email, and the stored brief document (which contains the address and building identifier) — are pruned automatically one year after the order, leaving the payment record without them. The same automatic one-year prune also removes your email from our internal usage-analytics records, so those records keep only de-identified aggregates afterwards. You can also ask us to delete them sooner (see Your rights below).
Operational diagnostic logs are retained for 30 days; key-management audit logs for 90 days. De-identified product analytics carry no personal data and are retained only in aggregate. The functional visitor cookie expires after up to two years or when you clear it. A server-side remembered email (see above) expires after up to 120 days, refreshed each time you confirm it again.
5 · Sharing
The Provider shares personal data only with the processors needed to run the Service, each acting on the Provider's instructions under a data-processing agreement:
- Stripe Payments Europe, Ltd. — payment processing; may transfer data outside Switzerland under standard contractual clauses (nDSG Art. 16).
- Microsoft Azure — hosting, brief storage, and diagnostics, located in the Switzerland North region (in-country, not a cross-border transfer). This includes Azure Communication Services, which sends your order-confirmation email from within the same Swiss Azure tenant (Switzerland data location), so that email is not a cross-border transfer.
- Infomaniak Network SA — DNS and inbound email routing, operated in Switzerland (not a cross-border transfer).
We do not sell your data.
6 · Cross-border transfers (nDSG Art. 16)
Stripe is US-headquartered; transfers to it are protected by standard contractual clauses recognised under Swiss law. DNS and inbound email routing are handled by Infomaniak Network SA in Switzerland, and Microsoft Azure hosting and brief storage are in the Switzerland North region — both stay in Switzerland and are not cross-border transfers.
7 · Your rights (nDSG Art. 25)
You have the right to access your personal data, to have it corrected, to have it deleted, and to object to its processing. To exercise a right, contact the Provider at info@alpflo.ch; we respond within 30 days.
We honour these requests with a real mechanism, not just a promise. On a verified access request we compile what we hold about your email — your orders, the briefs delivered to you, and your event counts. On a verified deletion request we irreversibly remove the personal parts — your order addresses, your billing email, your stored brief documents, and your search history — and strip the identifier from our de-identified usage records, keeping only the anonymised payment record the law requires us to retain (see Retention above).
8 · Complaints
You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), fdpic.ch.