fincon

Privacy policy

Privacy

This privacy policy explains which personal data we collect on fincon.cloud-services-ag.com and through the fincon application, for what purposes we process it, and what rights you have. The Swiss Data Protection Act (DPA, in force since 1 September 2023) and the EU GDPR apply.

1. Controller

The controller for data processing is cloud services ag, St. Gallen, Switzerland. For data-protection enquiries, contact us at datenschutz@cloud-services-ag.com.

2. Categories of data

On this website we process master data (name, email, optionally company and phone) and communication data from the contact form, plus aggregated usage data (self-hosted Plausible, no cookies). Contact-form data is stored in our own Odoo CRM, operated in Switzerland. If you opt in to the optional newsletter, we additionally store your email address in a marketing mailing list. fincon itself reads operational data from your Odoo strictly read-only; in managed operation we process it as a processor on your behalf.

3. Purposes and legal bases

Handling contact enquiries — Art. 31 DPA / Art. 6(1)(b) and (f) GDPR. Sending newsletter/marketing emails solely on the basis of your explicit consent (Art. 6(1)(a) GDPR / consent under the DPA); you may withdraw it at any time without giving reasons, e.g. via the unsubscribe link in every email or by message to datenschutz@cloud-services-ag.com. Security and spam protection (Altcha, rate limiting) — legitimate interest. Reach measurement via self-hosted Plausible — legitimate interest in aggregated, non-personal analysis; Plausible uses no cookies and stores no IP addresses in clear text.

4. Third parties and fonts

We use no third-party fonts (Google Fonts) and no US cloud services for this website. Fonts (Outfit, DM Sans, JetBrains Mono) are served from our own server. Reach measurement runs on our own Plausible instance. No data is transferred to the USA.

5. Data location and subprocessors

Data is processed in the Eastern Switzerland data centre (RZO Gais, Switzerland). Contact-form and newsletter data is stored in our own Swiss-hosted Odoo CRM; it is not shared with any foreign service. For managed fincon customers there are no foreign subprocessors; operational backups remain in Switzerland. The optional AI enrichment runs via Infomaniak (Switzerland) and only ever receives anonymised data without names or addresses.

6. Retention

Contact enquiries are stored for the duration of processing and then in accordance with statutory retention periods. Spam-protection logs are deleted after 90 days. Plausible statistics are aggregated and contain no personal references.

7. Your rights

You have the right to access, rectification, erasure and data portability, as well as the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Bern, or with the competent EU supervisory authority. Please send requests to datenschutz@cloud-services-ag.com.

8. Security

We encrypt transport via TLS 1.3 (HSTS preload), apply restrictive Content-Security-Policies and run the service non-root in Kubernetes containers. fincon accesses Odoo strictly read-only; access goes through a zero-trust proxy (Octelium) with authentication against Keycloak.

9. Changes

We reserve the right to amend this policy. The version published on this page applies. Last updated: June 2026.