Privacy Policy

The controller responsible for the processing of your personal data is:

[Legal name / sole proprietorship or company]

[Street and number]

[ZIP, City], Switzerland

E-mail: [contact e-mail]

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us using the details above.

Depending on how you use ZüriKey, we process the following categories of personal data:

• Identity and contact data: name, date of birth, nationality, e-mail address, phone number.
• Residence and status data: residence-permit category.
• Financial and household data: employment and income, household information, apartment preferences.
• Uploaded documents: ID/passport, residence permit, payslips, employment contract, debt-collection extract (Betreibungsregisterauszug), landlord reference, and proof of liability insurance.
• Account and payment records: sign-in data and order/entitlement records for the one-time purchase.

Some of the data you may provide qualifies as especially sensitive personal data within the meaning of Art. 5 lit. c revDSG. This concerns in particular the debt-collection extract (Betreibungsregisterauszug) and your residence permit.

We process and forward such especially sensitive data only on the basis of your explicit consent, which we request separately and never by means of a pre-ticked box.

How your data is stored depends on whether you use ZüriKey with or without an account.

• Anonymous users (no account): your dossier draft is kept locally in your browser (localStorage). Uploaded document files stay on your device and are not sent to our servers.
• Registered users (with an account): your dossier data and your uploaded document files are stored server-side in Supabase (a PostgreSQL database plus private file storage), hosted in the EU (Frankfurt, Germany). Access is protected by row-level security, so each user can access only their own data. Documents are kept in a private bucket that can only be reached through short-lived signed links.

Please note: registered users' data and documents are stored server-side. We do not claim that everything stays on your device once you create an account.

We process your data only for the purposes for which ZüriKey exists: to help you build a rental-application dossier, calculate an affordability score, generate a German cover letter (Bewerbungsschreiben), produce a print-ready PDF, and, after the one-time purchase, unlock the export.

We collect and process only the data necessary for these purposes (data minimisation). Your completed dossier is shared only with the landlords or property managers you yourself select.

The generated cover letter is always produced in German, while the user interface is available in English, German and Italian.

We process your data to provide the service you request, to fulfil our contractual obligations, to comply with legal duties, and on the basis of your consent.

For especially sensitive personal data (such as the Betreibungsregisterauszug and residence permit), and for forwarding your dossier to third parties, we rely on your explicit consent in accordance with Art. 6 para. 7 revDSG. This consent is requested separately, is never pre-ticked, and can be withdrawn at any time with effect for the future.

We use the following carefully selected sub-processors, each of which receives only the data needed to perform its function:

• Supabase – database, private file storage and authentication, hosted in the EU (Frankfurt, Germany). Receives the dossier data, uploaded documents and sign-in data of registered users.
• Stripe – payment processing. Card data is entered directly on Stripe and never touches our servers; we store only order and entitlement records.
• Vercel – hosting and content delivery (CDN) for the web app.
• Anthropic – AI generation of the German cover letter. This sub-processor is used only if you choose the optional "Personalise with AI" feature, and it receives only the dossier facts (such as names, job, income, preferences and the target listing) — never your uploaded document files.

Personalisation of the cover letter with AI is entirely optional and happens only if you click "Personalise with AI".

When you use this feature, the facts from your dossier (names, job, income, preferences and the target listing) are sent to Anthropic's API to generate the German letter. Your uploaded document files are never sent to Anthropic. If you do not use this feature, no data is shared with Anthropic.

Your primary storage is located in the EU (Supabase, Frankfurt). Some of our sub-processors — namely Stripe, Vercel and Anthropic — may involve the transfer of data outside Switzerland and the EU, for example to the United States.

Where data is transferred to a country that does not offer an equivalent level of data protection, we rely on appropriate safeguards, such as standard contractual clauses, to protect your data.

We take appropriate technical and organisational measures to protect your data. These include row-level security in the database (so each user can access only their own data), a private storage bucket reachable only through short-lived signed links, encrypted authentication, and processing card data exclusively on Stripe so that it never touches our servers.

No method of transmission or storage is completely secure, but we work to protect your data using measures appropriate to the risk.

We keep your data only as long as necessary for the purposes described above, after which it is deleted or anonymised.

Accounting records, such as payment invoices, are retained for as long as Swiss law requires (typically 10 years).

You can use the "Delete my data" action to wipe the dossier data stored locally in your browser. For registered users, deleting your account removes the data stored server-side.

Under the revDSG you have the following rights regarding your personal data:

• Right of access (Art. 25 revDSG) — we answer access requests within 30 days.
• Right to rectification of inaccurate data.
• Right to erasure or destruction of your data.
• Right to restriction of processing.
• Right to object to processing.
• Right to data portability (Art. 28 revDSG).
• Right to withdraw your consent at any time with effect for the future.

To exercise any of these rights, please contact us using the details in Section 1.

Where a data breach is likely to result in a high risk to your personality or fundamental rights, we will notify the Federal Data Protection and Information Commissioner (FDPIC / EDÖB) in accordance with Art. 24 revDSG.

You also have the right to lodge a complaint with the supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC / EDÖB), Feldeggweg 1, 3003 Bern, edoeb.admin.ch.

We use localStorage to keep your dossier draft in your browser, and authentication cookies to keep you signed in.

We do not use third-party advertising trackers.

Note: This is a clear-language template and not legal advice. The operator should have it reviewed by a qualified professional and fill in all placeholders before going live.