Privacy Policy
1. Controller and Contact
The controller responsible for the processing of personal data in connection with this website and the SaaS platform “agency-atelier” is:
Marcel Heiniger
Ipsachstrasse 1
2563 Ipsach, Switzerland
Email: hello@agency-atelier.com
The controller acts as a sole proprietor under the brand “agency-atelier”. No company has been incorporated as of the date of this statement; the natural person named above is the relevant entity.
For data protection enquiries, please contact us at the email address above.
2. Scope
This Privacy Policy applies to the website at agency-atelier.ch and the associated web-based SaaS platform (hereinafter collectively “Platform”). It describes what personal data we process, for what purposes, and what rights you have.
The revised Swiss Federal Act on Data Protection (revFADP) and its implementing ordinance are the primary applicable framework. Where the EU General Data Protection Regulation (GDPR) applies — for instance for customers based in the EU — we additionally observe its requirements.
3. Personal Data We Process
We process the following categories of personal data:
Account and registration data. Upon registration and use of the Platform: name, company, address, email address, login credentials (username, encrypted password) and details of the selected subscription.
Usage data and logs. Technical data generated when accessing the website and Platform: IP address, date and time of access, pages visited, browser and operating system used. This data is used for the secure and stable operation of the Platform and for error analysis.
Payment data. Information related to payment processing (e.g. invoice amount, payment status, subscription term). Credit card data is stored exclusively with our payment service provider Payrexx AG (Switzerland) and is not stored by us (see clause 6).
Customer-entered content (customer data). Content you enter as a customer into the Platform — in particular accounting data, invoices and QR invoices, quotes, project and time data, and information about your own business partners. Where such content includes personal data of third parties, we process it exclusively as a data processor on your behalf (see clause 7).
4. Purposes and Legal Bases
We process personal data for the following purposes:
- Contract performance: Provision, operation and maintenance of the Platform, management of your account and subscription, support.
- Billing: Processing of the 14-day credit card trial period and recurring billing.
- Security and operations: Ensuring IT security, stability, error detection and abuse prevention.
- Communication: Responding to enquiries and operational notifications (e.g. invoices, subscription notices).
- Compliance with legal obligations: In particular, commercial and tax law retention requirements.
Under the revFADP, processing is permissible where a justification exists — in particular contract performance, an overriding legitimate interest or a legal obligation. Where the GDPR applies, we base processing on Art. 6(1)(b) (contract), (c) (legal obligation) or (f) (legitimate interests) respectively.
5. Cookies and Tracking
The website and Platform use technically necessary and functional cookies required for operation and in particular for login (session).
To improve our service, we use a self-hosted web analytics solution, Matomo, operated exclusively on our own Swiss infrastructure. The usage data collected (e.g. pages visited, approximate origin, browser used) is not shared with third parties and is not used for advertising purposes. IP addresses are truncated and anonymised. This analytics solution operates without cookies and without cross-device tracking.
We do not use third-party marketing tracking (e.g. Google Analytics, Meta Pixel) or advertising cookies.
6. Disclosure to Third Parties / Data Processors
To provide our services, we engage carefully selected service providers acting as data processors exclusively on our instructions and under contractual obligation. Our entire infrastructure is located in Switzerland.
| Service Provider | Function | Data Processed | Location |
|---|---|---|---|
| Infomaniak Network SA | Hosting, object storage, database | Account and usage data, logs, customer data | Switzerland |
| Metanet AG | Email delivery | Email addresses, content of operational emails | Switzerland |
| Payrexx AG | Payment processing (payment service provider) | Payment and credit card data | Switzerland |
All named service providers operate their services in Switzerland. We deliberately use no US-based service providers (in particular no US email or cloud providers). Personal data is not disclosed to recipients in countries without an adequate level of data protection.
Personal data is disclosed to further third parties only where required by law or necessary to enforce our rights.
7. Data Processing on Behalf of Customers
Where you as a customer enter content into the Platform that includes personal data of third parties (e.g. data about your own clients in invoices, quotes or accounting records), you are the controller within the meaning of data protection law. We process such data exclusively as a data processor on your behalf, in accordance with your instructions and for the purposes agreed in the contract.
We engage sub-processors (see clause 6) only within the described framework and bind them to an equivalent data protection standard. A data processing agreement (DPA) is available upon request.
8. Retention and Deletion
We retain personal data only for as long as necessary for the stated purposes or as required by statutory retention obligations.
- Account and usage data is processed for the duration of the contractual relationship and deleted upon its termination, unless a retention obligation applies.
- Business records and accounting documents (in particular invoices) are subject to the statutory retention obligation of 10 years under the Swiss Code of Obligations (Art. 958f CO) and the Ordinance on Commercial Bookkeeping (OBE).
- Log data is retained only for a limited period for security and operational purposes and subsequently deleted.
Upon termination of the contract, we will provide or delete the content you have entered upon request, provided no statutory retention obligation applies.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include in particular:
- Encryption of data transmission (TLS/HTTPS) and encryption of sensitive data at rest;
- regular backups;
- operation in Swiss data centres (Infomaniak);
- access controls and security of login credentials.
10. Rights of Data Subjects
Under applicable data protection law, you have the following rights:
- Access to the personal data being processed;
- Rectification of inaccurate data;
- Erasure of data, to the extent no retention obligation applies;
- Delivery or transfer of your data in a common format (data portability);
- Objection to certain processing activities and restriction of processing.
To exercise these rights, a notification to the contact address in clause 1 is sufficient. For security purposes, we may require proof of identity.
You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). Where the GDPR applies, a right to lodge a complaint with the competent supervisory authority exists.
11. International Disclosure
Your personal data remains in Switzerland as a rule. All service providers we use operate their infrastructure in Switzerland (see clause 6). Disclosure of personal data abroad is not foreseen. Should a transfer to another country exceptionally become necessary, it will only occur in compliance with the applicable legal requirements (in particular an adequate level of data protection or appropriate safeguards).
12. Amendments to this Privacy Policy
We may amend this Privacy Policy at any time, for example in response to changes in our services or legal requirements. The version currently published on this page is authoritative. We recommend reviewing this policy from time to time.
13. Date
This Privacy Policy is dated: 15 June 2026