Dezizio

Privacy Policy

Version: 1
Effective Date: 14 February 2026

1. Controller

The controller responsible for data processing within the meaning of the revised Swiss Federal Act on Data Protection (revDSG) is:

Luca Knobel
Mühlerain 14
3210 Kerzers
Switzerland
Email: knobel.luca@gmail.com

2. Scope of Application

This Privacy Policy provides information on the nature, scope, and purpose of the processing of personal data in connection with the use of the web-based Software-as-a-Service application Decision Analysis App (Dezizio.com).

Data processing is carried out exclusively in accordance with the provisions of the revised Swiss Federal Act on Data Protection (revDSG).

3. Hosting and Infrastructure

The application is hosted in Switzerland by:

Infomaniak Network SA

All personal data is stored in data centers located in Switzerland.

A data processing agreement in accordance with Art. 9 revDSG has been concluded with the hosting provider.

No systematic transfer of personal data to countries outside Switzerland or the European Union takes place.

4. Categories of Personal Data Processed

4.1 User Account

When registering and using a user account, the following data is processed:

  • Email address
  • Password hash
  • User ID (UUID)
  • Registration timestamp

Passwords are not stored in plain text.

4.2 Application and Content Data

When using the platform, the following user-related content is stored:

  • Analyses (title, description)
  • Criteria (name, weight)
  • Alternatives
  • Rating values
  • Modification timestamps (createdAt, updatedAt)

This data is processed exclusively to provide the functionality of the platform.

4.3 Authentication and Session Data

Secure, encrypted, and signed session cookies are used for authentication:

  • HTTP-only
  • Secure (HTTPS only)
  • Cryptographically sealed
  • No storage of sensitive data in plain text

These cookies are technically necessary and do not contain tracking or marketing functionalities.

4.4 Server Log Data

When accessing the platform, the following data is automatically processed:

  • IP address
  • Date and time of access
  • Accessed resources
  • Browser type and operating system

This processing is carried out to ensure system security, stability, and prevention of misuse.

5. Purpose of Data Processing

Personal data is processed for the following purposes:

  • Provision of the web application
  • Authentication and access control
  • Storage and management of user-related analyses
  • Ensuring IT security
  • Error analysis and system monitoring
  • Compliance with legal obligations

6. Legal Basis

Data processing is based on:

  • Performance of a contract (provision of the platform)
  • Legitimate interests (system security, prevention of misuse)
  • Legal obligations

7. Data Security

Appropriate organizational and technical measures in accordance with Art. 8 revDSG are implemented, including:

  • TLS/HTTPS encryption
  • Password hashing
  • Use of secure, sealed session cookies
  • Security headers (e.g., Content Security Policy)
  • Server-side input validation
  • Database access restrictions
  • Relational data structure with referential integrity

8. Retention and Deletion

Personal data is stored:

  • As long as a user account exists
  • Until deletion by the user
  • As long as statutory retention obligations apply

The database is structured relationally. Upon deletion of a user account, all associated analyses, criteria, alternatives, and ratings are automatically and permanently deleted (cascade deletion mechanism).

8.1 Access by Administrator

The operator has technical access to the database. Access is strictly limited to cases where it is necessary for system maintenance and error resolution.

9. Data Disclosure

Personal data is not sold or disclosed to third parties.

Data is disclosed only:

  • To the hosting provider within the framework of data processing
  • If legally required

10. Rights of Data Subjects

Under revDSG, data subjects have the following rights:

  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to deletion of data
  • Right to restriction of processing
  • Right to data release or transfer

Requests must be submitted in writing to the contact address listed above.

11. No Automated Decision-Making

No automated decision-making or profiling within the meaning of revDSG takes place.

12. Amendments

This Privacy Policy may be amended at any time. The version published on the website shall be authoritative.