Privacy Policy (Swiss FADP/LPD & EU GDPR)

Last updated: May 27, 2026

English

This policy explains how omnicard (omnicard.pro) processes personal data for creators (accounts) and visitors (public profile views). It is designed to comply with the Swiss Federal Act on Data Protection (FADP/LPD) and the EU GDPR when individuals in the EEA use or access the Service.

1. Data Controller

The Data Controller is:

Yannick BerthoudOwner and publisher of the omnicard.pro platform
Address: Imp. du Clédard 1, 1740 Neyruz, Switzerland
Privacy contact: privacy@omnicard.pro

Compliance: Swiss LPD (FADP) & EU GDPR

2. Data we process

  • Account data: email, username, account identifier, Premium status, Stripe identifiers (customer/subscription).
  • Content data: widgets you create (titles, URLs, types), display order, click counters.
  • Technical data: security logs (e.g., IP address, timestamps), necessary session cookies for authentication (via Supabase).
  • Payment: card details are processed only by Stripe; omnicard does not store them.

3. Purposes and legal bases

  • Service delivery (account, profile display, widget management): contract (Art. 6(1)(b) GDPR) / necessary processing (FADP).
  • Billing & subscription: contract + legal obligation (Art. 6(1)(c) GDPR).
  • Security: legitimate interests (Art. 6(1)(f) GDPR) / overriding interest (FADP).
  • Analytics cookies: consent (Art. 6(1)(a) GDPR), if enabled.

4. Cookies

We use:

  • Necessary cookies: authentication, session, security.
  • Optional analytics cookies: only if you accept them via the consent banner.

5. Processors

We use service providers that may process data on our behalf:

  • Supabase (auth & PostgreSQL database).
  • Stripe (payments & Premium subscription).
  • Vercel (hosting and app delivery, if applicable).

6. International transfers

Some providers may be located outside Switzerland/EEA. Where applicable, we rely on recognized safeguards (e.g., Standard Contractual Clauses and appropriate measures) to ensure adequate protection.

7. Retention

  • Active account: for the duration of the service relationship.
  • Deleted account: deleted within 30 days, except legal retention (billing up to 10 years where applicable).
  • Security logs: up to 12 months (unless incident).
  • Cookie consent: up to 13 months.

8. Your rights

Depending on your location (Switzerland/EEA), you may have rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (where relevant). Contact:

privacy@omnicard.pro

9. Security

We implement appropriate technical and organizational measures such as TLS encryption, access control, environment separation, Stripe webhook signature verification, and data minimization principles.

10. Children

The Service is not intended for individuals under 16. We do not knowingly collect children’s personal data.

11. Updates

We may update this policy. If changes are material, we may post a notice in the Service or notify you by email.

← Back to home