Privacy policy

Version dated 23 April 2026 — compliant with the new Swiss Federal Data Protection Act (nFADP) and GDPR

MovePlanner SA ('we') processes personal data to operate its SaaS platform. This policy describes the purposes, legal bases, retention and subject rights.

1. Data controller

MovePlanner SA, Avenue de la Gare 1, 1003 Lausanne, Switzerland. DPO contact: dpo@moveplanner.ch.

2. Processing purposes

Delivery of the Service (authentication, billing, support), legal compliance (accounting, LTr, LSE), product improvement (anonymized analytics), commercial communication (explicit consent only).

3. Data collected

User identity (name, email, phone), company data (legal name, UID, IBAN), operational data (missions, vehicles, staff), technical logs (IP, browser, timestamps), billing data (Stripe — we never store card numbers).

4. Recipients

Technical processors: Google Cloud Platform (hosting), Stripe (payments), Resend (transactional email). All under nFADP / GDPR-compliant contracts, hosted in the EU or Switzerland.

5. Retention

Active data: subscription lifetime + 90 days. Accounting data: 10 years (Swiss legal requirement). Technical logs: 90 days. Audit logs: 10 years.

6. Your rights

Access, rectification, erasure, restriction, portability, objection, consent withdrawal. Contact dpo@moveplanner.ch — reply within 30 days. Complaints can be filed with the FDPIC (Federal Data Protection and Information Commissioner).

7. Security

TLS 1.3 in transit, AES-256 at rest, Firebase Auth + optional 2FA, annual pen-tests, 24/7 monitoring. Incidents notified within 72 h to the FDPIC and affected customers.