Privacy Policy

Contact: info@svyetlost.com

Account Information:

• Email address and hashed password (collected via Supabase)
• Account creation date and subscription status

Usage Data:

• IP addresses (retained for 90 days)
• Login timestamps (retained for 1 year)
• Usage logs (retained for 90 days)

Document Data:

• Document metadata and tags (retained until account deletion + 14 days)
• Document content (temporarily processed only with explicit consent for AI features)

We process your personal data based on:

Contract Performance (Article 6(1)(b) GDPR):

• Account management and authentication
• Core document storage and retrieval services
• Payment processing for subscriptions

Explicit Consent (Article 6(1)(a) GDPR):

• Optional AI document processing via Google Gemini
• You can withdraw consent at any time through your account settings

Legitimate Interest (Article 6(1)(f) GDPR):

• Security monitoring and fraud prevention
• Service improvement and analytics

We use your data to:

• Provide, operate, and improve our Service
• Process payments and manage subscriptions
• Ensure security and prevent fraud
• Facilitate AI processing when you consent
• Comply with legal obligations

We share your personal data only with trusted service providers:

Supabase: Account management and authentication

Google Gemini: AI document processing (only with your explicit consent)

Stripe: Payment processing

Microsoft Azure: Document and data storage (Switzerland data centers)

All processors are bound by appropriate data protection agreements and security standards.

Your data may be processed in:

• Switzerland (primary storage location)
• European Union (service providers)
• United States (some service providers with appropriate safeguards)

All transfers comply with applicable data protection laws and include appropriate safeguards.

Under applicable data protection laws (GDPR, Swiss FADP), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Restriction: Limit processing of your data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interest
• Withdraw Consent: For AI processing features

Age-Specific Rights: If you are 16-17 years old in the EU, your parent/guardian may exercise these rights on your behalf.

To exercise these rights, contact us at: info@svyetlost.com

We implement appropriate technical and organizational measures:

• Client-side encryption of documents with user-controlled keys
• Encrypted data transmission (TLS)
• Access controls and authentication
• Regular security assessments

Important: We cannot decrypt your documents if you lose your encryption password.

• Account Data: Until account deletion + 14 days
• Usage Logs/IP Addresses: 90 days
• Login Timestamps: 1 year
• Document Metadata: Until account deletion + 14 days

We use only essential cookies necessary for:

• User authentication and session management
• Basic service functionality
• Security measures

We do not use tracking, advertising, or analytics cookies. No consent banner is required as we only use technically necessary cookies.

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. Users aged 16-17 in the EU must have parental consent.

In case of a data breach affecting your personal data, we will:

• Notify relevant authorities within 72 hours (where required)
• Inform affected users without undue delay if high risk to rights and freedoms
• Take immediate steps to mitigate the breach

We may update this Privacy Policy. Material changes will be communicated by email at least 30 days before taking effect.

For privacy-related questions or to exercise your rights:
Email: info@svyetlost.com