PRIVACY POLICY – BYELOOP

Last updated: November 29, 2025

1. Data Controller

The Data Controller (the entity that determines the purposes and means of the processing of your personal data) is:

Arik Fallet Via San Gottardo 51 6500 Bellinzona (CH) Switzerland Contact Email: hello@byeloop.app

2. What Data We Collect

We collect only the essential data required for the operation of the application and payment processing.

A. Data provided voluntarily by the user

  • Login Credentials: Email address and password.

    • Security Note: Passwords are managed via Supabase and are stored in a hashed (encrypted) format. The Controller does not have access to your password in plain text.

  • Payment Data: To complete the "one-off" purchase, you will be redirected to the secure platform Stripe. We do not collect or store your full credit card details; we only receive a confirmation of the payment and a transaction ID.

B. Automatically collected data When you browse the website or use the app, computer systems (including those of Systeme.io and Supabase) automatically acquire certain technical data, the transmission of which is implicit in the use of Internet protocols, including:

  • IP address;

  • Browser type and device parameters used to connect to the site;

  • System logs (for security and debugging purposes).

3. Purpose and Legal Basis of Processing

We process your data for the following purposes:

  1. Service Provision: To allow you to register an account, log in, and use the features of Byeloop (Legal basis: Performance of a contract).

  2. Payment Management: To process the purchase of access to the app and for related billing/accounting (Legal basis: Performance of a contract and Legal obligation).

  3. Security and Maintenance: To prevent abuse, fraud, and ensure the technical proper functioning of the app (Legal basis: Legitimate interest of the Controller).

4. Data Sharing and International Transfer

Your personal data is accessible only to the Controller. However, to provide the service, we use reliable third-party technical providers. Some of these may transfer data outside of Switzerland.

In compliance with the Swiss Federal Act on Data Protection (nFADP) and the GDPR, we ensure that these transfers are protected through adequacy decisions (e.g., to the EU) or through Standard Contractual Clauses (SCCs) and adherence to the Data Privacy Framework (for the USA).

Our main service providers are:

  • Supabase (Database & Authentication): Login and account data are hosted on Supabase servers. Supabase uses cloud infrastructure (e.g., AWS) that guarantees high security standards (SOC2/ISO27001 certificates).

  • Stripe (Payments): Payment data is managed by Stripe, Inc. (USA), which operates in compliance with the highest banking security standards (PCI-DSS) and adheres to the Data Privacy Framework.

  • Systeme.io (Hosting & Landing Page): The site structure is hosted on Systeme.io, a company based in Europe (Ireland/France), subject to the GDPR.

5. Cookies and Tracking Technologies

The site mainly uses technical cookies necessary for operation (e.g., to keep the session active or manage the shopping cart).

Since the site is built using Systeme.io, the platform may use anonymized technical or analytical cookies to monitor server performance. We do not directly use advertising profiling cookies or tracking pixels (such as the Facebook Pixel) to send you targeted advertising.

You can manage your cookie preferences directly from your browser settings.

6. Data Retention

  • Account Data: Your account data (email/password) is kept as long as your account is active. If you decide to delete your account, the data will be removed from our active systems (except for technical backups which are cyclically overwritten).

  • Payment Data: Transaction data (invoices/receipts) must be kept for 10 years to comply with Swiss tax obligations.

7. User Rights

Under the nFADP (Switzerland) and the GDPR (EU/EEA), you have the right to:

  • Request confirmation as to whether or not data relating to you is being processed and access it.

  • Request the rectification of inaccurate data.

  • Request the erasure of data ("Right to be forgotten"), subject to legal retention obligations.

  • Object to processing in certain cases.

To exercise these rights, you can send a simple email to: hello@byeloop.app.