Privacy Policy

1. Controller and Contact

The controller responsible for the processing of personal data in connection with this website and the SaaS platform “agency-atelier” is:

Marcel Heiniger
Ipsachstrasse 1
2563 Ipsach, Switzerland
Email: hello@agency-atelier.com

The controller acts as a sole proprietor under the brand “agency-atelier”. No company has been incorporated as of the date of this statement; the natural person named above is the relevant entity.

For data protection enquiries, please contact us at the email address above.

2. Scope

This Privacy Policy applies to the website at agency-atelier.ch and the associated web-based SaaS platform (hereinafter collectively “Platform”). It describes what personal data we process, for what purposes, and what rights you have.

The revised Swiss Federal Act on Data Protection (revFADP) and its implementing ordinance are the primary applicable framework. Where the EU General Data Protection Regulation (GDPR) applies — for instance for customers based in the EU — we additionally observe its requirements.

3. Personal Data We Process

We process the following categories of personal data:

Account and registration data. Upon registration and use of the Platform: name, company, address, email address, login credentials (username, encrypted password) and details of the selected subscription.

Usage data and logs. Technical data generated when accessing the website and Platform: IP address, date and time of access, pages visited, browser and operating system used. This data is used for the secure and stable operation of the Platform and for error analysis.

Payment data. Information related to payment processing (e.g. invoice amount, payment status, subscription term). Credit card data is stored exclusively with our payment service provider Payrexx AG (Switzerland) and is not stored by us (see clause 6).

Customer-entered content (customer data). Content you enter as a customer into the Platform — in particular accounting data, invoices and QR invoices, quotes, project and time data, and information about your own business partners. Where such content includes personal data of third parties, we process it exclusively as a data processor on your behalf (see clause 7).

4. Purposes and Legal Bases

We process personal data for the following purposes:

Under the revFADP, processing is permissible where a justification exists — in particular contract performance, an overriding legitimate interest or a legal obligation. Where the GDPR applies, we base processing on Art. 6(1)(b) (contract), (c) (legal obligation) or (f) (legitimate interests) respectively.

5. Cookies and Tracking

The website and Platform use technically necessary and functional cookies required for operation and in particular for login (session).

To improve our service, we use a self-hosted web analytics solution, Matomo, operated exclusively on our own Swiss infrastructure. The usage data collected (e.g. pages visited, approximate origin, browser used) is not shared with third parties and is not used for advertising purposes. IP addresses are truncated and anonymised. This analytics solution operates without cookies and without cross-device tracking.

We do not use third-party marketing tracking (e.g. Google Analytics, Meta Pixel) or advertising cookies.

6. Disclosure to Third Parties / Data Processors

To provide our services, we engage carefully selected service providers acting as data processors exclusively on our instructions and under contractual obligation. Our entire infrastructure is located in Switzerland.

Service ProviderFunctionData ProcessedLocation
Infomaniak Network SAHosting, object storage, databaseAccount and usage data, logs, customer dataSwitzerland
Metanet AGEmail deliveryEmail addresses, content of operational emailsSwitzerland
Payrexx AGPayment processing (payment service provider)Payment and credit card dataSwitzerland

All named service providers operate their services in Switzerland. We deliberately use no US-based service providers (in particular no US email or cloud providers). Personal data is not disclosed to recipients in countries without an adequate level of data protection.

Personal data is disclosed to further third parties only where required by law or necessary to enforce our rights.

7. Data Processing on Behalf of Customers

Where you as a customer enter content into the Platform that includes personal data of third parties (e.g. data about your own clients in invoices, quotes or accounting records), you are the controller within the meaning of data protection law. We process such data exclusively as a data processor on your behalf, in accordance with your instructions and for the purposes agreed in the contract.

We engage sub-processors (see clause 6) only within the described framework and bind them to an equivalent data protection standard. A data processing agreement (DPA) is available upon request.

8. Retention and Deletion

We retain personal data only for as long as necessary for the stated purposes or as required by statutory retention obligations.

Upon termination of the contract, we will provide or delete the content you have entered upon request, provided no statutory retention obligation applies.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include in particular:

10. Rights of Data Subjects

Under applicable data protection law, you have the following rights:

To exercise these rights, a notification to the contact address in clause 1 is sufficient. For security purposes, we may require proof of identity.

You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). Where the GDPR applies, a right to lodge a complaint with the competent supervisory authority exists.

11. International Disclosure

Your personal data remains in Switzerland as a rule. All service providers we use operate their infrastructure in Switzerland (see clause 6). Disclosure of personal data abroad is not foreseen. Should a transfer to another country exceptionally become necessary, it will only occur in compliance with the applicable legal requirements (in particular an adequate level of data protection or appropriate safeguards).

12. Amendments to this Privacy Policy

We may amend this Privacy Policy at any time, for example in response to changes in our services or legal requirements. The version currently published on this page is authoritative. We recommend reviewing this policy from time to time.

13. Date

This Privacy Policy is dated: 15 June 2026

The Swiss business platform for freelancers and SMEs. Accounting, invoices, quotes and projects — all in one place.

100% Swiss Infrastructure

© 2026 agency-atelier · Marcel Heiniger. All rights reserved.