Privacy notice

The data controller is the alpflo sole proprietor (the "Provider"), domiciled in Switzerland, operating alpflo.dev/property. Contact details for data- protection matters are published at alpflo.dev/property.

The Provider processes personal data under the revised Swiss Federal Act on Data Protection (revFADP). Where the Service is offered to users in the European Union, the EU General Data Protection Regulation (GDPR) also applies to those users. This notice is written to satisfy both.

• The address you submit — to resolve the parcel and assemble your brief. This is the core of performing the contract with you. A submitted address can itself be personal data where it is a person's residence.
• Payment data — to take payment. Card details are entered directly with our payment processor (Stripe); the Provider does not receive or store full card numbers. We receive a confirmation of payment and limited transaction metadata.
• Account / contact data (such as an email address, where you provide one) — to deliver your brief and respond to support requests.
• Technical and usage data — minimal server logs and diagnostics needed to operate, secure, and debug the Service. The legal basis is the Provider's legitimate interest in a secure, working service.

Where consent is the basis for any processing, you may withdraw it at any time with effect for the future.

Payments are processed by Stripe (Stripe Payments Europe, Ltd. and affiliated Stripe entities). When you pay, the data you enter on the payment form is collected and processed by Stripe as a processor on the Provider's behalf, under a data-processing agreement (DPA) and Stripe's own privacy policy. Stripe may process and store payment data outside Switzerland and the EU; such transfers are covered by appropriate safeguards (including standard contractual clauses). See Stripe's privacy policy for details of its processing.

To assemble a brief, alpflo queries public Swiss registers and open geodata — GeoAdmin / swisstopo, the Federal Statistical Office (GWR), the cantonal ÖREB cadastres, and similar open services. The address you submit is sent to these services to resolve the parcel. alpflo caches results to respect each provider's fair-use limits; the same address is not re-sent unnecessarily.

Besides Stripe, the Provider uses hosting and storage infrastructure to run the Service. Service hosting and brief storage are planned to be located in Switzerland. Each processor acts only on the Provider's instructions under a data-processing agreement.

Briefs and the data needed to deliver them are kept only as long as necessary to provide the Service and to meet Swiss legal retention duties (for example, accounting records must be retained for ten years). Cached register results are kept for a limited period to respect provider fair-use limits, then expire. Data no longer needed is deleted or anonymised.

Subject to the conditions in the revFADP and, where applicable, the GDPR, you have the right to access your personal data, to have inaccurate data corrected, to have data deleted, to restrict or object to certain processing, and to data portability. To exercise a right, contact the Provider at the address published at alpflo.dev/property. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) — or, for EU users, with your local supervisory authority.

Some processors (notably Stripe) may process data outside Switzerland and the EU. Where data is transferred to a country without an adequate level of protection, the Provider relies on appropriate safeguards such as the European Commission's standard contractual clauses and the corresponding Swiss addendum.

The Provider may update this notice as the Service evolves. The current version is always published here.