1. Scope of this statement

This statement informs data subjects (users, prospects, persons in contact with Alpgain) of the nature and extent of personal data processing carried out in connection with the operation of the Alpgain application. It covers the web app (staging.alpgain.ch, app.alpgain.ch), the mobile app (iOS / Android via Capacitor), the Edge Functions running on Supabase infrastructure, and any service-related email communications.

It does not cover third-party websites that Alpgain may link to (for example the FDPIC website, privatim.ch, or the portals of the processors listed in section 6) — which have their own privacy statements.

2. Data controller

The data controller within the meaning of art. 5 lit. j nFADP and art. 4 no. 7 GDPR is:

Justin Vuffray (natural person)
Chemin du Curbit 2
1134 Vufflens-le-Château
Switzerland
Email: contact@alpgain.ch

Data Protection Officer (DPO): Justin Vuffray — contact@alpgain.ch. Privacy-related requests are handled directly by the controller.

EU Representative: not applicable — Alpgain is intended for the Swiss market and does not actively target EU residents within the meaning of GDPR art. 3(2).

3. Categories of data processed

Alpgain only processes data strictly necessary to deliver its asset-tracking and waste-detection service. The table below summarises the categories of data concerned and their level of technical protection:

Category	Data	At-rest protection
Account data	Email, first name, last name, profile picture (optional), language, base currency, canton, municipality.	Unencrypted (nominative columns)
Federated authentication (optional)	Apple or Google user identifier, email, name, avatar.	Unencrypted
Financial accounts	Account label, institution, currency, current and initial balances.	Balances: AES-GCM
Transactions	Date, free-text description, amount, tax line, category, status.	Amounts: AES-GCM ; description in clear
Investment positions	Quantity, average buy price, currency.	Quantity and price: AES-GCM
Goals, budgets, recurring rules	Label, target amount or limit, periodicity.	Amounts: AES-GCM
Payment data	Stripe identifiers (customer ID, subscription ID), status, period. No card data.	Linked to Stripe; no Alpgain storage
Technical data	Session token, UI language, theme, navigation metadata.	Non-sensitive
Usage events and error logs	Page viewed, action triggered, error source, Edge Function stack trace.	Unencrypted, no PII
Derived and pseudonymised data	CHF amount buckets (5 tiers) and HMAC-SHA256 merchant fingerprints, used for pattern detection.	Bucket pseudonymisation and keyed HMAC

No sensitive data within the meaning of art. 5 lit. c revFADP (health, political opinions, biometric data, etc.) is processed. The service is not directed at children under 16; if a minor account is suspected, access is suspended and data is erased.

4. Purposes and legal bases

In accordance with the purpose limitation principle (art. 6 para. 3 revFADP; art. 5 para. 1 lit. b GDPR), each processing activity is tied to an explicit purpose and an identifiable legal basis. The table below summarises these correspondences along the privatim model:

Data category	Purpose	Legal basis
Account, authentication	Identification, service access, language and tax personalisation.	Performance of contract (art. 31 para. 2 lit. a revFADP; art. 6 para. 1 lit. b GDPR).
Apple / Google federated sign-in	Sign-in without local password creation.	Consent (art. 31 para. 1 revFADP; art. 6 para. 1 lit. a GDPR).
Financial data (user-entered)	Aggregation, visualisation, net worth computation, cashflow analysis, tax projections.	Performance of contract.
Stripe payment data	Subscription, billing, dunning, lifecycle management.	Performance of contract + legal obligation (accounting retention art. 958f CO).
Usage events and logs	Security (abuse detection), product improvement, user support.	Legitimate interest (art. 31 para. 1 revFADP; art. 6 para. 1 lit. f GDPR).
Derived data (buckets, merchant hash)	Algorithmic detection of patterns (recurrences, duplicates, price increases).	Performance of contract (product feature); pseudonymised upfront.
AI engine (Infomaniak)	Chat replies, advice cards, transaction classification.	Consent (Settings → AI preferences toggle).

No advertising profiling, no credit scoring, no automated individual decision producing legal effects within the meaning of art. 22 GDPR or art. 21 revFADP is performed. Consent can be withdrawn at any time and does not affect the lawfulness of processing already carried out.

5. Retention period

Data is retained only for the time strictly necessary to achieve the purposes described in section 4, in accordance with the proportionality principle (art. 6 para. 4 nFADP; art. 5 para. 1 lit. e GDPR).

Data type	Retention duration	Legal basis
Active user account (profile, financial accounts, transactions, goals)	Until deleted by the user or upon request to contact@alpgain.ch	Performance of contract (Alpgain ToS)
Data following account deletion	Immediate and irreversible deletion across 16 tables + Storage (avatars). Automatic backups containing this data are retained for Supabase's retention window (7 days on Pro plan, 28 days on Team plan), then automatically deleted by Supabase.	Minimum technical obligation (service continuity during backup window)
Edge Function technical logs (Supabase Logflare)	Supabase retention per plan (1 day Free, 7 days Pro, 28 days Team)	Legitimate interest — security and service debugging (nFADP art. 6 para. 3 lit. f)
Stripe payment data (subscription identifier, billing history)	10 years from last transaction (Swiss accounting obligation — art. 958f CO)	Legal obligation (Swiss law of obligations)
AI usage quotas (monthly counters)	12 rolling months, then automatic deletion	Legitimate interest — quota management and abuse prevention
AI advice card cache	24 hours then automatic purge	Performance of contract (product feature)
Detected financial pattern cache	6 hours then automatic purge	Performance of contract (product feature)

6. Processors and international transfers

Alpgain relies on the following processors to deliver its service. Each processor is bound by a data processing agreement (DPA — art. 9 nFADP; art. 28 GDPR) or equivalent contractual commitments. Data is never sold to third parties and no transfer for advertising purposes is performed.

Processor	Purpose	Hosting location	Transfer legal basis	DPA
Supabase Inc.	Database hosting, authentication, user data storage	European Union — EU West (Ireland or Frankfurt). No transfer outside EU/CH.	Adequacy decision recognised by FDPIC for the EU — no SCCs required. Legal basis: performance of contract (nFADP art. 6 para. 3 lit. a).	Supabase standard DPA signed on 2026-05-04 (available on request: contact@alpgain.ch)
Infomaniak SA	Web hosting (staging.alpgain.ch, app.alpgain.ch), AI engine (model google/gemma-4-31B-it), transactional SMTP (password reset emails, notifications)	Switzerland (Geneva)	Performance of contract (nFADP art. 6 para. 3 lit. a) — no transfer outside Switzerland	Infomaniak standard DPA (Pro ToS)
Stripe Inc.	Payment processing and subscription management. Alpgain stores no card data — Stripe uses a hosted payment page (PCI SAQ-A).	United States	Performance of contract + Stripe is certified EU-U.S. DPF (GDPR art. 45)	Stripe standard DPA
Apple Inc. / Google LLC	Optional federated authentication ("Continue with Apple" / "Continue with Google"). Explicit consent required.	United States	Explicit consent (nFADP art. 6 para. 6; GDPR art. 6 para. 1 lit. a). Apple and Google LLC are DPF-certified.	Apple ToS / Google ToS
Yahoo Finance	Financial instrument price data (equities, ETFs, bonds)	United States	Legitimate interest — only public ticker symbols are transmitted (no personal data)	Not applicable (public data only)
CoinGecko	Cryptocurrency price data	Malaysia (international hosting)	Legitimate interest — only public crypto symbols are transmitted. No personal data.	Not applicable (public data only)
ExchangeRate-API	Real-time exchange rates	United States	Legitimate interest — only currency codes are transmitted (no personal data)	Not applicable (public data only)

Anthropic is not an active processor for Alpgain. The AI engine used is exclusively Infomaniak AI (Swiss infrastructure). No data is transmitted to Anthropic, OpenAI or any other third-party AI provider.

The list of processors is kept up to date. Any material change (addition, removal, relocation) will be notified by email at least 30 days in advance, except in cases of force majeure.

7. International data transfers

Data transfers between Switzerland and the European Economic Area (EEA) raise no specific concerns: Switzerland and the EU/EEA member states mutually benefit from an adequacy decision under art. 16 nFADP and chapter V GDPR.

The following processors are established outside Switzerland and receive personal data:

Supabase Inc. (EU West — Ireland / Frankfurt): data hosted in the European Union. Adequacy level recognised by Switzerland for the EU (FDPIC decision) — no SCCs required. Legal basis: performance of contract (nFADP art. 6 para. 3 lit. a).
Stripe Inc. (USA): email identifier and subscription metadata transmitted for payment processing. No card data transits through Alpgain. Stripe is DPF-certified. Transfer covered by SCCs nFADP.
Apple Inc. / Google LLC (USA): federated login identifier transmitted only if you use "Continue with Apple" or "Continue with Google". Covered by Apple and Google ToS (both DPF-certified).

Transfers to countries that do not offer an adequate level of protection recognised by the FDPIC are covered by Standard Contractual Clauses (SCCs) nFADP or by certification under the EU-U.S. Data Privacy Framework (DPF), recognised by the EU since July 2023.

Infomaniak SA hosts all primary processing (logical database, Edge Functions, AI engine, transactional SMTP) in Switzerland (Geneva). No financial or personally identifiable data is transmitted to a non-Swiss AI provider.

A copy of the applicable safeguards (DPA, SCCs, DPF certifications) can be obtained on request at contact@alpgain.ch.

8. Technical and organisational security

Alpgain implements reasonable technical and organisational measures within the meaning of art. 8 nFADP and art. 32 GDPR, including in particular:

Encryption of sensitive data at rest (AES-GCM 256-bit, master keys held outside the database and managed via Supabase Vault).
Encryption in transit (TLS 1.3) on all client-server and inter-processor communications.
PostgreSQL Row-Level Security policies enforced on every user-scoped table; every query is authenticated and limited to the user's own scope.
Optional two-factor authentication (TOTP).
Password verification before any destructive operation (account deletion, via dedicated Edge Function).
Systematic input validation and sanitisation before any AI provider call (size cap, format regex, server-side validation).
Periodic internal security audits of Edge Functions, RLS policies and encryption flows.
Strict CORS policy on Edge Functions (origins explicitly listed).

No absolute security

No information system can be considered tamper-proof. The measures described reduce the risk but do not eliminate it. We recommend enabling 2FA, using a strong password and never sharing your credentials.

In the event of a personal data breach posing a high risk to your rights and freedoms, Alpgain will notify you as soon as possible and within 72 hours of becoming aware of it, by email to the address associated with your account. The FDPIC will be notified via the databreach.edoeb.admin.ch portal within the time limits set by art. 24 nFADP; for EU residents, the competent supervisory authority will be notified pursuant to art. 33 GDPR.

9. Rights of data subjects

Under the nFADP (art. 25 to 30) and the GDPR (art. 15 to 22), you have the following rights:

Right of access (art. 25 nFADP; art. 15 GDPR): obtain confirmation that your data is being processed and receive a copy. Self-service export from Settings → Privacy → Export my data covers financial accounts, transactions, positions, goals, budgets, recurring rules and categories. For data not covered, send a request to contact@alpgain.ch.
Right to rectification (art. 32 para. 1 nFADP; art. 16 GDPR): have inaccurate or incomplete data corrected.
Right to erasure / right to be forgotten (art. 32 para. 2 nFADP; art. 17 GDPR): request deletion of your data — directly executable from Settings → Privacy.
Right to data portability (art. 28 nFADP; art. 20 GDPR): receive your data in a structured, commonly used and machine-readable format — exportable from Settings → Privacy → Export.
Right to object to processing based on legitimate interest (art. 21 GDPR): contact contact@alpgain.ch.
Right to restriction of processing (art. 18 GDPR): if you reside in the European Union, you may request temporary suspension of processing of your data. Send an email to contact@alpgain.ch — your request will be handled manually within 30 days. You may also suspend AI processing of your data at any time from Settings → Preferences → Disable AI.
Right to withdraw consent at any time, without affecting the lawfulness of processing already carried out.
Right not to be subject to a solely automated individual decision (art. 21 nFADP; art. 22 GDPR) — Alpgain does not perform such decisions. Any action on your data requires your explicit confirmation in the application.

Automated profiling (nFADP art. 5 lit. f; GDPR art. 4(4) + art. 22)

Alpgain performs automated analysis of your financial patterns to generate personalised recommendations. This analysis constitutes profiling within the meaning of GDPR art. 4(4) and nFADP art. 5 lit. f.

Features involved

Money Leaks detection: deterministic SQL algorithm only (no LLM) detecting dormant cash on low-yield accounts and aggregated brokerage fees. Calculations run on non-encrypted derived metadata: amount tiers (5 CHF brackets) and merchant fingerprints (keyed HMAC-SHA256, pseudonymisation). No raw amounts processed in plaintext.
Personalised financial advice (AI Advice): detection of recurring transaction patterns, subscriptions, price increases, duplicate payments. Qualitative signals only — no precise amounts transmitted to the AI. Results stored in AES-GCM encrypted ai_advice_* tables.
Weekly wealth brief: personalised summary of your 7-day net worth evolution. Generated by AI from anonymised ratios and metadata — no raw balances.
Contextual AI chat: the AI assistant receives anonymised aggregates (value ranges, not exact amounts) to answer your financial questions.

Technical safeguards

Calculations run on derived non-encrypted metadata. No raw amounts transmitted to any external system.
Profiling results stored in AES-GCM encrypted tables (Supabase Vault).
AI used is exclusively Infomaniak AI, hosted in Switzerland. No profiling transits through a non-Swiss AI provider.

Your rights regarding profiling

Granular opt-out: Settings → Preferences → AI → disable individually Chat / Brief / Advice / Voice / Leaks.
Temporary suspension (GDPR art. 18): Settings → Privacy → "Temporarily suspend AI processing". All AI features are paused without deleting your data.
Full erasure (GDPR art. 17; nFADP art. 28): Settings → Account → "Delete my account". Cascade across 16 tables including all profiling data.
Right to object (GDPR art. 21): contact@alpgain.ch — manual processing within 30 days.

Alpgain makes no automatic financial decisions on your behalf. All actions require your explicit confirmation. You are the sole decision-maker — Alpgain is an informational tool.

Procedure to exercise your rights

Contact contact@alpgain.ch describing the nature of your request (access, rectification, erasure, portability, objection).
A reasonable identity verification may be required to prevent impersonation (e.g. confirmation from the registered email or account-related questions).
Response within 30 days, extendable by two months for complex requests (art. 12 para. 3 GDPR; art. 25 para. 4 nFADP).
Exercising these rights is free of charge, except for manifestly unfounded or excessive requests (art. 12 para. 5 GDPR; art. 26 nFADP).

A full data export and account deletion can also be triggered directly in the application: Settings → Privacy.

10. Cookies and similar technologies

Alpgain uses the following storage mechanisms:

Mechanism	Purpose	Consent
Supabase auth token (localStorage)	Authentication — strictly necessary	Not required (exemption)
Preferences (language, theme, currency) — localStorage	Personalisation — strictly functional	Not required (exemption)

No advertising cookies, no cross-site trackers, no Meta / Google / TikTok pixels are used.

11. Changes to this statement

Any material change to this statement will be notified to the user by email at least 30 days before it takes effect. Minor changes (typo corrections, editorial clarifications) are published directly in the application with an updated effective date above. Continuing to use the service after the effective date constitutes acceptance of the new version; if you disagree, you may cancel your account before the effective date.

12. Complaints

You have the right to lodge a complaint with the competent supervisory authority:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — www.edoeb.admin.ch.
European Union: the supervisory authority of your habitual residence, place of work, or place where the alleged infringement was committed (art. 77 GDPR).

Before doing so, we kindly ask you to contact us at contact@alpgain.ch so we can attempt to resolve the matter amicably.

13. Contact

Justin Vuffray
Chemin du Curbit 2
1134 Vufflens-le-Château
Switzerland
Email: contact@alpgain.ch

For privacy questions, rights requests, or any data-related inquiry, please contact us at the address above. For time-sensitive matters, email is preferred.

14. Effective date and version history

Version 1.0 — effective 2026-05-09. First complete AI-assisted draft.
Version 1.1 — effective 2026-05-10. Restructured along the privatim model and FDPIC guide, merged purposes and legal bases into a single table, added the "Scope" section, and clarified Switzerland / EEA / DPF transfers.
Version 1.2 — effective 2026-05-15. Integrated finalised sections: controller identity (Justin Vuffray, Vufflens-le-Château), updated processor table (Supabase EU West, Infomaniak, Stripe, Apple, Google, Yahoo Finance, CoinGecko), detailed retention periods, international transfers with DPF and SCCs nFADP references, art. 18 right to restriction of processing, profiling disclosure (GDPR art. 22), confirmed single public email contact@alpgain.ch. Removed crypto exchange credentials (feature deleted 2026-05-10). Language availability notice added.
Version 1.3 — effective 2026-05-17. Removed Microsoft Clarity (US product analytics) from the entire service: removed from the processor table, removed from the international-transfers section, removed session-recording entry from retention periods, removed associated cookie. No web usage data is transmitted outside Switzerland / the EEA any more.

Privacy Policy