Privacy Policy

Effective Date: November 1, 2025 (nFADP Compliant)

1. Introduction

Software Foundry Sàgl ("we," "us," or "our") is committed to protecting the privacy of our clients and website visitors. This Privacy Policy explains how we collect, use, and safeguard personal data in accordance with the revised Swiss Federal Act on Data Protection (nFADP).

2. Data Controller

Software Foundry Sàgl
Via Crocicchio di Cortogna 6
6900 Lugano, Switzerland
UID: CHE-170.183.751
Email: privacy@softwarefoundry.ch

3. Data We Collect

3.1 Client Engagement Data

When you engage our services, we collect:

  • Contact information (name, email, phone number, company)
  • Billing and payment information
  • Technical and architectural documentation related to your systems
  • Communication records (emails, meeting notes, deliverables)

3.2 Website Analytics & Technical Logs

We prioritize privacy and do not use intrusive advertising trackers or sell your data.

To ensure our website functions correctly and to improve user experience, we use privacy-focused analytics tools. These tools help us understand aggregate usage patterns (e.g., which pages are visited most often) without building personal profiles.

  • We do not track your browsing history across other websites.
  • We configure our tools to mask IP addresses or avoid collecting them where possible.

Additionally, our hosting infrastructure automatically logs technical requests (Server Logs) for security purposes, such as preventing DDoS attacks and ensuring system availability.

4. How We Use Your Data

We use personal data solely for the following purposes:

  • Service Delivery: To perform consulting engagements as outlined in Statements of Work.
  • Billing and Invoicing: To process payments and maintain financial records.
  • Optimization: To analyze website performance and improve our digital services.
  • Communication: To respond to inquiries and provide updates on engagements.
  • Legal Compliance: To meet obligations under Swiss law, including tax and accounting requirements.

We do not use personal data for marketing profiling or automated decision-making.

5. Data Sharing and Disclosure

We do not sell, rent, or share personal data with third parties. We only disclose data to the following categories of recipients:

  • Service Providers: Trusted partners (e.g., accounting firms, cloud hosting, and analytics providers) acting under strict confidentiality agreements.
  • Legal Obligations: When required by Swiss law, court order, or regulatory authority.
  • Client Consent: With your explicit written permission.

6. International Data Transfers

We primarily store data within Switzerland. If data is transferred outside Switzerland (e.g., to cloud providers), we ensure adequate safeguards under nFADP, typically through:

  • Transfer to countries with adequate data protection (e.g., EEA members); or
  • Standard Contractual Clauses (SCCs) approved by the Swiss FDPIC.

7. Data Retention

We retain personal data only as long as necessary:

  • Accounting & Corporate Records: 10 years (required by Art. 958f CO).
  • Project Documentation: Retained for the duration of the applicable warranty or liability period (typically 5 to 10 years).
  • Analytics Data: Aggregated or anonymized data may be retained indefinitely; identifiable logs are deleted regularly.
  • General Inquiries: Deleted after 12 months if no engagement is established.

8. Your Rights Under nFADP

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal retention obligations).
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to specific data processing activities.

To exercise these rights, contact us at privacy@softwarefoundry.ch. We will respond within 30 days or as required by law.

9. Data Security

We implement industry-standard security measures to protect personal data, including:

  • Encrypted communication (TLS/SSL)
  • Access controls and authentication
  • Regular security audits

Despite our efforts, no system is completely secure. We cannot guarantee absolute protection against unauthorized access.

10. Data Breach Notification

In the event of a data breach that poses a high risk to your personality rights, we will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) and affected individuals as soon as possible, in accordance with Art. 24 nFADP.

11. Applicable Law

This Privacy Policy is governed by Swiss substantive law. The exclusive place of jurisdiction is Lugano, Switzerland.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. Updates will be posted on this page with a revised effective date.

13. Contact & Complaints

For privacy-related questions or complaints:
Email: privacy@softwarefoundry.ch

If you believe we have not addressed your concern adequately, you may file a complaint with the Swiss FDPIC:
Website: www.edoeb.admin.ch