Privacy Policy.
How SwissFlow processes personal data under the revised Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and the EU General Data Protection Regulation (GDPR) where applicable.
Data controller
SwissFlow — Andreas Clermont, Kanton Zug, Switzerland. Email: info@swissflow.org.
What data we process
Website visitors
When you browse swissflow.org we collect minimal technical data: IP address, browser user agent, referring URL, and page request times. We do not use third-party analytics, advertising trackers, or cross-site tracking cookies. Aggregated server logs are retained for 30 days.
Audit / contact requests
When you request a free audit or contact us by email we receive: your name, email address, business name, and whatever you choose to write to us. This data is used solely to respond to your request and prepare the audit. It is stored in our internal CRM (Google Workspace, EU region) and deleted upon request or after 24 months of inactivity.
Active clients (workflow processing)
When SwissFlow operates a deployed workflow on your behalf, we process the data your workflow handles — typically client names, email addresses, document filenames, deadlines, communication metadata. The scope and purpose of that processing is governed by the Data Processing Agreement (Auftragsverarbeitungsvertrag) signed with each Client. We act as a processor; the Client remains the controller of their end-user data.
Where data is stored
SwissFlow operates two hosting tiers; the choice is the Client's:
- Standard tier. Workflow engine and database run on Exoscale (Geneva, Switzerland). Document storage uses Google Workspace in Google's EU region (under Google's standard DPA, signed by us). AI model calls go to Google Gemini's EU edge with personally identifying information stripped upstream by an anonymisation step. Suitable for most accounting and construction firms.
- Regulated tier. All processing — including the large-language-model call — stays inside Switzerland. AI runs on the Swisscom AI Service (Mistral models hosted in Zurich) or on self-hosted Llama instances on Exoscale. Document storage uses Nextcloud on Infomaniak (Geneva) or the Client's own Workspace tenant. Suitable for clinics, law firms, FINMA-touched entities, and any Client whose regulator requires data residency inside the Swiss perimeter.
Sub-processors
We use the following sub-processors. The complete list is updated in the Data Processing Agreement signed with each Client; material changes are communicated with at least 30 days' notice.
- Exoscale (Switzerland) — compute, database, n8n hosting
- Cloudflare (Zurich PoP) — CDN, DDoS protection
- Google LLC (EU region) — Workspace, Gemini API (Standard tier only)
- Swisscom AG (Zurich) — Swisscom AI Service (Regulated tier only)
- Infomaniak (Geneva) — Nextcloud (Regulated tier only)
Legal basis for processing
For website visitors and contact requests: our legitimate interest in operating the website and responding to enquiries (revFADP Art. 31, GDPR Art. 6(1)(f)), and your consent where required.
For Client-deployed workflows: the contract with the Client (revFADP Art. 31, GDPR Art. 6(1)(b)) and, where applicable, the Client's separate legal basis for processing their end-users' data.
Your rights
Under revFADP and GDPR you have the right to access, correct, delete, and port your personal data, and to object to certain processing. To exercise any of these rights, write to info@swissflow.org. We respond within 30 days and confirm in writing.
You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland or, if applicable, your national EU data protection authority.
Cookies
This website uses no third-party cookies. No advertising trackers, no analytics. The site uses no first-party cookies for state management either; all preferences live in your browser's local storage and never leave your device.
International data transfers
On the Standard tier, AI inference may be processed by Google Gemini in Google's EU region under Standard Contractual Clauses (SCCs) and Google's adequacy framework. On the Regulated tier, no Client data leaves Switzerland. The choice is contractually documented per Client.
Security
Data in transit is protected with TLS 1.3. Data at rest in our managed infrastructure is encrypted with AES-256. Access to production systems requires hardware-backed multi-factor authentication. We follow the principle of least privilege for all sub-processor relationships. Security incidents are notified to affected Clients without undue delay and to the FDPIC where revFADP requires it.
Retention
Server logs: 30 days.
Contact records: 24 months from last contact.
Active Client workflow data: as defined per Client DPA, typically the
active contract term plus 12 months.
Tax and accounting records: 10 years (Swiss legal requirement).
Changes to this policy
We may update this Privacy Policy. Material changes are communicated to active Clients in writing with at least 30 days' notice. The current version is always published at this URL with an updated date below.
Last updated: April 2026.