Privacy · Version 2026-04-a

Privacy Policy.

How SwissFlow processes personal data under the revised Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and the Ordinance to the Swiss Federal Act on Data Protection (revFADPO). SwissFlow offers its service exclusively to professional-services firms established in Switzerland.

Data controller

SwissFlow — Andreas Clermont & Giuseppe de Padova Jara, Höhenweg 76, 6314 Unterägeri, Kanton Zug, Switzerland.
Email: [email protected]
Phone: +41 78 900 46 00

Scope of this policy, and our two capacities

SwissFlow processes personal data in two distinct capacities:

As controller — for personal data of website visitors, prospects who contact us, and invoicing / accounting records of active Clients. For this category, SwissFlow determines the purposes and means of processing and is fully responsible under Article 5 lit. j revFADP.
As processor — for personal data that passes through a workflow deployed on behalf of a Client (end-users of the Client). For this category, the Client is the controller and SwissFlow processes the data only on the Client's documented instructions under a Data Processing Agreement (Auftragsverarbeitungsvertrag / DPA). The specifics for each deployment are set out in the DPA signed with that Client.

What data we process

Website visitors

When you browse swissflow.org we collect minimal technical data: IP address, browser user agent, referring URL, and page request times. We do not use analytics trackers, advertising networks, or cross-site tracking cookies. Aggregated server logs are retained for 30 days.

Audit / contact requests

When you request an audit or contact us by email we receive: your name, email address, business name, and whatever you choose to write to us. This data is used solely to respond to your request and to prepare the audit. It is stored in our internal CRM and deleted upon request or after 24 months of inactivity.

Active clients (workflow processing)

When SwissFlow operates a deployed workflow on a Client's behalf, we process the data the Client's workflow handles — typically client names, email addresses, document filenames, deadlines, and communication metadata. The scope and purpose of that processing is governed by the DPA signed with each Client. SwissFlow acts as a processor; the Client remains the controller.

Particularly sensitive personal data

For Clients operating in healthcare or legal sectors, the data processed by the workflow may include "particularly sensitive personal data" within the meaning of Article 5 lit. c revFADP — in particular health data (for clinics, dental practices, therapists) and data on administrative and criminal proceedings (for law firms). For these Clients SwissFlow applies the additional safeguards defined in the DPA: all processing stays inside Switzerland, sub-processors with access to such data are contracted for Swiss-territory operation only, and SwissFlow accepts its role as auxiliary person ("Hilfsperson") under Article 321 of the Swiss Criminal Code (see also Impressum paragraph 7).

Where data is stored

The workflow engine runs on Exoscale in Geneva, Switzerland. Document storage depends on the Client's sector and the Client's existing infrastructure:

For Clients not bound by a sector-specific data-residency requirement, documents may be stored in the Client's own Google Workspace tenant. Google Workspace is a multi-region service; the Client selects the data-residency region (EU region or Global) in the Workspace admin console and SwissFlow respects whatever choice the Client has made.
For Clients subject to a Swiss-territory requirement (notably law firms, healthcare providers, and other Berufsgeheimnis-bound sectors), documents are stored in Nextcloud hosted by Infomaniak in Geneva. This is mandatory for Regulated-tier Clients and cannot be substituted.

Sub-processors

SwissFlow currently uses the following sub-processors to deliver the Service. The complete list — including addresses, processing purpose, and territory — is set out in the DPA signed with each Client. Material changes are communicated to active Clients with at least 30 days' prior written notice; see Impressum paragraph 8.

Exoscale AG (Switzerland) — workflow engine, database, n8n hosting
Infomaniak Network SA (Geneva, Switzerland) — Nextcloud document storage (where selected)
Swisscom AG (Zurich, Switzerland) — Swisscom AI Service, where the Client's sector requires Swiss-territory AI processing
Cloudflare, Inc. — content delivery and DDoS protection for swissflow.org (no Client workflow data passes through Cloudflare)

A copy of the SwissFlow DPA template is available on request at [email protected] before a pilot begins.

Automated decision-making

SwissFlow uses automated processing to personalise reminder content, choose escalation tone, and select the timing of follow-up messages to the Client's end-users. These are not fully automated individual decisions within the meaning of Article 21 revFADP, because:

The Client approves the escalation tiers, tone policies, and message templates in writing during onboarding;
The Client may pause an entire reminder sequence for any individual end-user via the admin dashboard at any time before the next scheduled send;
Every outgoing reminder is logged with a unique identifier, and end-users who are affected by a reminder may request, through the Client, that a natural person review the decision and that a replacement message be sent manually.

The scope of human oversight is documented per deployment in the DPA. Where a regulator requires a stricter human-in-the-loop configuration (for example for clinical-sector Clients), SwissFlow configures the workflow accordingly before go-live.

Legal basis for processing

For website visitors and contact requests, processing is based on SwissFlow's legitimate interest in operating the website and responding to enquiries, and on your consent where required (Art. 31 revFADP). For Client-deployed workflows, processing is based on the contract with the Client (Art. 31 revFADP) and, where applicable, the Client's separate legal basis for processing their end-users' data.

Your rights

Under revFADP you have the right to access, correct, and delete personal data we hold about you, to restrict or object to specific processing, and to receive a copy of your data in a commonly used electronic format. To exercise any of these rights, write to [email protected]. We respond within 30 days and confirm in writing. You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Bern.

Cookies and third-party resources

swissflow.org does not set first-party cookies for analytics, advertising, or cross-site tracking. Technically necessary cookies may be set by Cloudflare (for example __cf_bm for bot management and cf_clearance for challenge-based DDoS protection); these are scoped to the current session or a short validity window and are not used for profiling. The site loads Google Fonts from fonts.googleapis.com; Google may log the requesting IP address for the duration of the HTTP request in the usual course of CDN operation.

Security

Data in transit is protected with TLS 1.3. Data at rest in our managed infrastructure is encrypted with AES-256. Access to production systems requires hardware-backed multi-factor authentication. We apply the principle of least privilege across all sub-processor relationships.

Data breach notification

Security incidents affecting personal data are notified (a) to affected Clients without undue delay and in any event within 72 hours of SwissFlow becoming aware of the breach, including the nature of the breach, the categories and approximate number of persons concerned, likely consequences, and mitigating measures taken; and (b) to the FDPIC where the conditions of Article 24 revFADP are met.

Retention

Server logs: 30 days.
Contact records: 24 months from last contact.
Active Client workflow data: as defined per Client DPA, typically the active contract term plus 12 months, retained to enable defence against potential contractual claims during the one-year relative limitation period under Article 60 of the Swiss Code of Obligations and the ten-year absolute limitation period where applicable.
Tax and accounting records: 10 years (Swiss legal requirement, Article 958f OR).

Changes to this policy

We may update this Privacy Policy. Material changes are communicated to active Clients in writing with at least 30 days' notice. The current version is always published at this URL with the version identifier and date indicated below.

Last updated: April 2026. Version 2026-04-a.

← Back to SwissFlow