Scope and Applicability

devguard AG, Gussstrasse 10, 8180 Bülach, Switzerland, email [email protected] (company number CHE-337.485.768), hereinafter referred to as “devguard,” a company represented by Angelo Dini and Vadim Sikora as responsible persons, is the operator of the website www.devguard.ch and its subdomains and is therefore responsible for the collection, processing, and use of your personal data and for ensuring that data processing complies with applicable law.

This privacy policy applies to all online offerings of devguard AG, in particular to the main website www.devguard.ch and all subdomains and subordinate services (e.g., app.devguard.ch, frameworks.devguard.ch, auth.devguard.ch, and others, hereinafter collectively referred to as the “website”).

For reasons of better readability, the masculine form is used in this privacy policy for personal designations and specific nouns. Corresponding terms apply to all genders in the sense of equal treatment. The abbreviated language form is used exclusively for editorial reasons and does not imply any value judgment.

Please read the following information to understand what personal data devguard collects from you and for what purposes it is used.

Principles of Data Processing

devguard does not engage in profiling and does not use automated decision-making procedures within the meaning of Art. 22 DSGVO or Art. 5 lit. f DSG. Personal data is not processed for the purpose of creating personal profiles or for automated decision-making.

The personal data collected by devguard:

• is processed lawfully, in good faith, and in a manner that is comprehensible to the data subject. Processing is proportionate.
• is used solely for the purpose of performing and processing the services offered by devguard and for related advertising measures to which the user has consented.
• which are inaccurate in relation to the purposes for which they are processed, are deleted or corrected without delay.
• shall only be kept or stored for as long as is necessary for the purposes for which they are processed.
• shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Lawfulness of Data Processing

By viewing the website www.devguard.ch or subdomains of devguard, the user gives their consent to the processing of personal data concerning them, especially since this can also be assumed to be in the user's overriding interest.

The user has the right to revoke their consent at any time (by emailing [email protected]). Revoking consent does not affect the legality of the processing carried out based on consent before revocation.

Scope and Purpose of the Collection, Processing, and Use of Personal Data

When visiting www.devguard.ch and its subdomains

When visiting www.devguard.ch and its subdomains, the servers temporarily store each access in a log file. The following data is collected without the user's intervention and stored until it is automatically deleted after three months at the latest:

• the IP address of the requesting computer,
• the date and time of access,
• the name and URL of the file accessed,
• the website from which access was made,
• the operating system of the accessing computer and the browser used, and
• the country from which access was made and the browser's language settings.

This data is collected and processed to enable service use (connection establishment), ensure system security and stability, optimize the Internet offering, and support internal statistical purposes. The IP address is used, in particular, to record the user's country of residence and to set the website's language accordingly. Furthermore, the IP address is evaluated in the event of attacks on the devguard network infrastructure and for statistical purposes.

When registering for the newsletter

Users can subscribe to the newsletter during registration on the website. The following data must be provided:

• First and last name and
• Email address.

The above data is required for data processing. devguard collects this data exclusively to better tailor the information sent to users based on their interests.

When the user registers with devguard, devguard sends them an activation email. The user can then subscribe to the newsletter in their profile. Only after subscribing will their email address be added to the distribution list.

The user can revoke their consent at any time with future effect by using the unsubscribe link in the newsletter or deactivating the newsletter in the application. In the event of revocation, the user's data will be deleted from the newsletter distribution list, unless there is another legal obligation to retain it.

By registering, the user grants devguard their consent to process the data provided for the purpose of sending the newsletter to the address they have provided, as well as for statistical evaluation of usage behavior and optimization of the newsletter.

At the end of each newsletter, there is a link the user can use to unsubscribe at any time. When unsubscribing, the user can voluntarily provide the reason for unsubscribing.

The newsletter is sent via the mailing service provider “Amazon Simple Email Service (SES)”, an email and newsletter mailing platform from the US provider Amazon. You can view Amazon's privacy policy here. The mailing service provider is used based on devguard's legitimate interests in accordance with Art. 6 (1) lit. f DSGVO.

The mailing service provider may use the recipients' data in pseudonymous form, i.e., without assigning it to a user, to optimize or improve its own services, e.g., for technical optimization of mailing and newsletter presentation or for statistical purposes. However, the mailing service provider does not use the data of newsletter recipients to write to them itself or to pass it on to third parties.

devguard uses third-party email marketing services to send the newsletter. The newsletter may therefore contain a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1x1-pixel invisible graphic associated with the user ID of the respective newsletter subscriber.

The use of such services enables the evaluation of whether emails were opened via the newsletter. In addition, the click behavior of newsletter recipients can also be recorded and evaluated. devguard uses this data for statistical purposes and to optimize the newsletter's content and structure. The tracking pixel is deleted when you delete the newsletter.

To prevent tracking pixels in the newsletter, please set your email program not to display HTML messages.

Registration and Customer Account

It is possible to register and open a customer account. To do so, the following data must be provided:

• First and last name,
• Email address,
• Password.

The above data is required for data processing. devguard processes this data exclusively to personalize the information and offers sent to you and to better tailor them to your interests.

Integration of Third-Party Services and Content and/or Transfer of Data to Third Parties

It may happen that content or services from third-party providers, such as city maps or fonts from other websites, are integrated into devguard's online offering. The integration of content from such third-party providers always requires that they collect users' IP addresses. Without the IP address, the content cannot be sent to the respective browser. The IP address is therefore necessary for the display of this content. Furthermore, third parties may set their own cookies and process user data for their own purposes. Usage profiles may be created from the processed data. devguard uses this content in a manner that is as data-minimizing and data-avoiding as possible and selects reliable third-party providers with regard to data security.

The following overview provides information about third-party providers and their content, along with links to their privacy policies, which contain further information about their data processing practices:

• External fonts from Google, Inc. (“Google Fonts”). Google Fonts are integrated via a server call to Google (usually in the USA).
  ➜ Privacy policy,
  ➜ Opt-Out.
• Maps from Google, Inc. (“Google Maps”). When you visit the page, Google receives usage data, can assign it to your account, and use it for advertising and analysis, even without you being logged in. Any objection must be addressed directly to Google.
  ➜ Privacy policy,
  ➜ Opt-Out.
• Videos from Google, Inc. (“YouTube”). 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  ➜ Privacy policy,
  ➜ Opt-Out.
• Services provided by Google Workspace from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  ➜ Privacy policy,
  ➜ Opt-Out.
• Services provided by the Google Calendar app from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  ➜ Privacy policy.
• Services provided by Cloudflare in San Francisco, California, USA. Cloudflare makes websites more secure and faster by routing internet traffic through its global network. The user agrees that the data they enter will be transmitted to Cloudflare for processing.
  ➜ Privacy policy
• Services provided by Divio AG, Zurich, Switzerland. Divio primarily offers a cloud-based Platform-as-a-Service (PaaS) designed specifically for digital agencies and developers, simplifying the deployment, management, and scaling of web applications. The user agrees that the data they enter will be transmitted to Divio for processing.
  ➜ Privacy policy
• Services provided by Sentry, 45 Fremont Street, 8th floor, San Francisco, CA 94105, USA. Sentry offers an error-monitoring and application-performance platform for software developers to quickly detect, diagnose, and fix errors in their applications. The user agrees that their entered data will be forwarded to Sentry.
  ➜ Privacy policy
• devguard uses Amazon Web Services Bedrock (AWS Bedrock) for generative AI services. AWS Bedrock is a managed AWS service for accessing and managing foundation models (FMs), the building blocks of Amazon Web Services (AWS) generative AI. The user agrees that their entered data will be forwarded to AWS Bedrock.
  ➜ Privacy policy

To fulfill contracts, devguard uses one or more payment service providers in accordance with Swiss data protection legislation and Art. 6 (1) (b) of the EU-DSGVO. The data processed by the respective payment service provider includes inventory data, such as name and address, bank details, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. This information is necessary to carry out the transactions. The data entered is processed and stored solely by the respective payment service provider.

devguard does not receive any information about (bank) accounts or credit cards, but only information confirming (acceptance) or rejecting the payment. Under certain circumstances, the data may be transmitted by the respective payment service provider to credit agencies. This transmission serves the purpose of identity and credit checks. Please refer to the terms and conditions and privacy policy of the respective payment service provider. The terms and conditions and privacy policy of the respective payment service provider, available on the website or transaction applications, apply to payment transactions.

The following payment service provider is used:

• Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA. The user agrees that the data they enter will be transmitted to Stripe for payment processing.
  ➜ Privacy policy

Transfer of Data to Third Parties

devguard will only disclose your personal data if you have expressly consented to this, if there is a legal obligation to do so, or if this is necessary to enforce devguard's rights, in particular to enforce claims arising from its relationship with you.

In addition, devguard will disclose your data to third parties to the extent necessary for the use of the website to provide the services you have requested and to analyze your user behavior. To the extent necessary for the purposes mentioned in sentence 1, the data may also be transferred abroad. If the website contains links to third-party websites, devguard has no influence on the collection, processing, storage, or use of personal data by third parties after you click on these links and accepts no responsibility for this.

Data Security

devguard uses appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. The security measures are continuously improved in line with technological developments.

devguard protects personal data against unauthorized access, loss, misuse, or manipulation using appropriate technical and organizational measures. These include, among other things:

• TLS encryption during data transmission,
• access restrictions and authentication procedures,
• regular security checks and audits,
• logging and monitoring of access,
• as well as regular backups and tested recovery processes.

devguard continuously adapts these measures to the state of the art and the risk profile.

You should always treat your payment information as confidential and close the browser window as soon as you have finished communicating with devguard, especially if you share your computer with others.

devguard also takes internal data protection very seriously. Employees and contracted service providers are bound to secrecy and compliance with data protection regulations.

Cookies

devguard currently uses only technically necessary and data-saving cookies and tools. If optional or personal analysis tools are used by devguard in the future, this will only be done with your prior express consent (opt-in). You can control or deactivate the use of cookies at any time in your browser settings.

Cookies help in many ways to make your visit to the website easier, more enjoyable, and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit a website. Cookies do not damage your computer's hard drive, nor do they transmit personal data about users to devguard.

devguard uses cookies, for example, to better tailor the information, offers, and advertising displayed to you to your individual interests. The use of cookies does not result in devguard receiving new personal data about you as an online visitor. Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie.

Disabling cookies may prevent you from using all of the website's features.

The following cookies are used on www.devguard.ch:

• locale (language selection), storage period 12 months
• theme (light/dark mode selection), storage period 12 months

Data Transfer Security with SSL

For security reasons and to protect the transmission of confidential content, this website uses SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to devguard cannot be read by third parties.

Tracking-Tools

The website uses tracking tools called devguard. These tracking tools monitor your browsing behavior. This monitoring is carried out for the purpose of designing the website in line with user requirements and continuously optimizing it.

PostHog

This website uses PostHog, a powerful open-source platform for product analytics that provides comprehensive insights into user behavior. PostHog's privacy policy can be found at: https://posthog.com/privacyliefert

Right to Access, Rectification, Erasure, and Restriction of Processing; Right to Data Portability

You have the right to request information about the personal data stored about you by devguard free of charge. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, provided that this does not conflict with any legal retention obligations or permissions that allow devguard to process the data. You also have the right to request a restriction of data processing and to object to data processing.

You also have the right to request the return of the data you have provided to devguard. Upon request, devguard will also transfer the data to a third party of your choice. You have the right to receive the data in a commonly used file format.

You can contact devguard for the aforementioned purposes via the email address [email protected].

You can assert your data protection rights (in particular, information, correction, deletion, restriction, objection, revocation, and data portability) at any time by sending an email to [email protected]. Additional identification information may be required for verification purposes. Such requests are usually processed within 30 days in accordance with legal requirements.

You can also inform devguard what should happen to your data after your death by issuing appropriate instructions.

General Disclaimer

All information on the devguard website has been carefully checked. devguard endeavors to provide information that is up-to-date, accurate, and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, which means that devguard cannot guarantee the completeness, accuracy, and timeliness of information, including journalistic and editorial content. Liability claims arising from material or immaterial damage caused by the use of the information provided are excluded, unless there is evidence of wilful intent or gross negligence.

devguard may change or delete texts at its own discretion and without notice, and is not obliged to update content. The use of or access to this website and applications is at the visitor's own risk. devguard, its clients, or partners are not responsible for damages, such as direct, indirect, incidental, specifically determinable, or consequential damages, allegedly caused by visiting this website and therefore assume no liability for this.

devguard also accepts no responsibility or liability for the content and availability of third-party websites that can be accessed via external links on this website. The operators of the linked sites are solely responsible for their content. devguard expressly distances itself from all third-party content that may be relevant under criminal or civil law or that violates public decency.

Data Retention

devguard only stores personal data for as long as is necessary to use the above-mentioned tracking, advertising, and analysis services within the scope of legitimate interest, to perform services to the extent specified above that you have requested or to which you have given your consent, and to comply with legal obligations.

We only store personal data for as long as is necessary for the respective purpose. For example, server logs are deleted after 30 days, error and security logs are stored for up to 90 days, and contract and billing-related data is stored for ten years, unless longer retention periods are required by law.

Right to Complain to a Data Protection Supervisory Authority

If you are a resident of an EU country, you have the right to complain about data processing by devguard at any time to the competent data protection supervisory authority at your place of residence.

If you are a resident in Switzerland, you have the right to complain about devguard's data processing with the Federal Data Protection and Information Commissioner (EDÖB), Feldeggweg 1, CH-3003 Bern, at any time.

Changes to this Privacy Policy

This privacy policy is not part of any contract. We may amend this privacy policy at any time. The version published on this website is the current version.

Authoritative Version

If this privacy policy is translated into different languages, only the German version shall be authoritative.

Last update: Bülach, December 1, 2025