Effective Date: 25 March 2026

Privacy Policy

Data Controller: Alexandre Bianchi, Rue de l'Ecluse 66A, 2000 Neuchâtel, Switzerland

Contact: privacy@gaeld.ch

Services Covered: the website gaeld.ch and any web or mobile application linking to this Policy ("Services").

1) Purpose & Identity

This Policy explains how Gäld ("we", "our", "us") collects, uses, shares, and protects personal data within the Services and outlines your rights under the Swiss nFADP, the EU/UK GDPR, and other applicable privacy laws. In case of conflict, Swiss law prevails except where foreign mandatory provisions are more protective.

2) Categories of Data Processed

  • Account & Profile: name, email, user ID, hashed password (bcrypt/argon2id or equivalent), language preference, two-factor authentication and passkey credentials (if enabled).
  • Business Data: customers, suppliers (name, email, phone, address, IBAN — encrypted at rest, VAT number), invoices, expenses, bank accounts, and accounting entries you create in the platform.
  • Usage & Device: IP address, device ID, OS/browser type & version, language, visited pages, actions, logs and diagnostics (retained ≤ 12 months).
  • Billing & Transactions: plan details, invoices, payment status, timestamps. Payment card data is processed only by Stripe.
  • Communications: emails and support messages.
  • Cookies / Trackers: identifiers from strictly necessary cookies (see Section 8).
  • Sensitive Data: we do not intentionally collect special categories of data. Please do not upload such information.

3) Sources

  • Directly from you (sign-up, usage, support).
  • Automatically from your device (cookies, logs).
  • From service providers strictly necessary to operate, secure, and improve the Services (see Section 9).

4) Purposes & Legal Bases (EU/UK GDPR)

PurposeLegal Basis
Provide and support ServicesContract
Security and fraud preventionLegitimate interests / Legal obligation
Analytics and product improvementLegitimate interests (right to object)
Service communicationsLegitimate interests / Contract
Transactional emailsLegitimate interests / Contract
Billing and accounting via StripeContract / Legal obligation
Compliance and defense of rightsLegal obligation / Legitimate interests

Withdrawing consent does not affect lawfulness of processing before withdrawal.

5) Children

We do not knowingly collect data from children under 16 (or lower age as defined by local law). Please contact us to delete such data.

6) Your Choices

  • Cookies: manage them via your browser settings.
  • Account: request access, rectification, erasure, restriction, portability, or objection (see Section 12).

Certain requests (e.g., erasure) may lead to account deletion.

7) Retention

  • Account & content: kept for the life of the account; upon verified request, deleted or irreversibly anonymized within 30 days (backups may take longer).
  • Logs & security: retained for ≤ 12 months.
  • Accounting records: retained as required by Swiss law.
  • Data may be retained longer to defend legal claims.

8) Cookies & Similar Technologies

Gäld uses only strictly necessary cookies. No tracking, analytics, or advertising cookies are used.

Essential (authentication, security, session).

  • Session cookie — maintains your authenticated session. Secure, HttpOnly, SameSite.
  • XSRF-TOKEN — protects against cross-site request forgery attacks.
  • NEXT_LOCALE — remembers your language preference.

Blocking cookies may impact certain features.

9) Sharing & Recipients

We do not sell personal data. We share only with the following processors under binding contracts and appropriate safeguards:

  • Stripe — Payments & billing (EU/US)
  • SMTP email provider — Transactional emails (EU/CH)
  • Server infrastructure — Hosting & storage (Switzerland/EU)

Additional recipients: professional advisers (legal/accounting), public authorities (if required by law), and corporate transactions (with notice and adequate safeguards).

10) International Transfers

When transferring data outside Switzerland/EEA/UK, we use either adequacy decisions or the EU Standard Contractual Clauses (2021/914) with supplementary measures where needed.

11) Security

We apply administrative, technical, and organizational measures appropriate to risk (encryption in transit and at rest, hashed passwords, IBAN encryption, access control, least privilege, monitoring). No system is 100 % secure.

12) Your Rights (EU/UK/CH) & How to Exercise

You may request access, rectification, erasure, restriction, portability, objection (for legitimate-interest processing) and withdraw consent at any time.

Requests → privacy@gaeld.ch (ID verification may be required).

Complaints may be lodged with:

  • EU/EEA: your national Data Protection Authority.
  • UK: Information Commissioner's Office (ICO).
  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC).

13) Do Not Track & GPC

We do not respond to browser DNT signals due to lack of standardization. We honor Global Privacy Control (GPC) signals where supported.

14) Automated Decisions

We do not use automated decision-making that produces legal or similarly significant effects.

15) Changes

We may update this Policy; the "Effective Date" will be revised accordingly. If material changes occur, we will post a notice. Continued use of the Services constitutes acceptance.

16) Contact

Email: contact@gaeld.ch / privacy@gaeld.ch

Address: Alexandre Bianchi, Rue de l'Ecluse 66A, 2000 Neuchâtel, Switzerland