Swiss Federal Act on Data Protection (revDSG, in force since 1 September 2023) · EU General Data Protection Regulation (GDPR) · Stand: April 2026 · Version: 2026-04-v2
SOTHURA SAFE GmbH (in formation), Wassergasse 5, 4573 Lohn-Ammannsegg, Switzerland (hereinafter "we", "us", "provider"), takes the protection of personal data seriously. This statement describes which personal data we process, for what purposes, on what legal basis, for how long and with whom we share it.
In the relationship with our customers (insurance intermediaries, brokers, broker pools, insurers), we act in a dual role:
SOTHURA SAFE GmbH (in formation)
Wassergasse 5
4573 Lohn-Ammannsegg, Switzerland
| Data protection contact | datenschutz@sothura.ch |
|---|---|
| Security incident | security@sothura.ch |
| Postal address | SOTHURA SAFE GmbH i.G., Wassergasse 5, 4573 Lohn-Ammannsegg |
For data subjects in the EU/EEA, we accept enquiries via the address above. A representative under Art. 27 GDPR will be appointed and published here once the conditions for application are met.
This statement applies to the processing of personal data in connection with (i) visiting our website, (ii) using the SOTHURA SAFE platform (admin and customer portals, mobile access, APIs), (iii) initiating and performing B2B contracts, and (iv) communication via our email and appointment channels.
For data that our customers bring into the platform in their capacity as controllers, the customer's own privacy notices to its end clients apply primarily. We process such data only in accordance with the DPA.
| Purpose | Legal basis (revDSG) | Legal basis (GDPR, where applicable) |
|---|---|---|
| Provision and operation of the platform | Art. 31(2)(a) — performance of contract | Art. 6(1)(b) GDPR |
| Authentication, access control, IT security | Overriding interest (Art. 31(2)(c)) | Art. 6(1)(b) and (f) GDPR |
| Invoicing and accounting | Legal obligation (Art. 957 ff. CO) | Art. 6(1)(b) and (c) GDPR |
| AI-supported analyses and recommendations | Performance of contract, consent | Art. 6(1)(b) or (a) GDPR |
| FINMA/compliance documentation | Legal obligation, overriding interest | Art. 6(1)(c) and (f) GDPR |
| Product development on an aggregated, anonymous basis | Overriding interest (Art. 31(2)(c)) | Art. 6(1)(f) GDPR |
| Audit and evidence-preservation logs | Legal obligation, legitimate interest | Art. 6(1)(c) and (f) GDPR |
| Abuse prevention, fraud prevention | Overriding interest | Art. 6(1)(f) GDPR |
| B2B marketing to existing contacts (opt-out) | Overriding interest, Art. 3 UCA | Art. 6(1)(f) GDPR |
| Establishment, exercise or defence of legal claims | Overriding interest | Art. 6(1)(f), Art. 9(2)(f) GDPR |
The platform uses artificial intelligence to extract documents, calculate policy comparisons, evaluate coverage, support advice and enable compliance checks.
No autonomous decisions with legal effect. All AI outputs are decision support for the advisors of our customers. Only the advisor takes the substantive decision vis-à-vis the end client and bears regulatory responsibility (Art. 3 VVG, Art. 45 ISA). Automated individual decision-making within the meaning of Art. 21 revDSG or Art. 22 GDPR does not take place.
Pseudonymisation. Before transmission to AI models, personal fields are detected automatically and pseudonymised (in particular names, addresses, AHV number, IBAN, date of birth, email). The language models used run exclusively in European data centres (Belgium region). The specific AI sub-processors are listed on the sub-processors page. Use of the transmitted data to train the models is contractually excluded.
We disclose personal data to the following categories of recipients, in each case only to the extent necessary and on the basis of contractual safeguards:
A current and versioned sub-processor list is maintained on the security page and updated with prior notice before any change.
No disclosure to non-contractual third parties for advertising purposes takes place.
The primary data storage and customer database are located in Switzerland. Individual sub-services (in particular AI processing, email, support, monitoring) are provided in EU/EEA states or — in justified exceptional cases — in third countries such as the US.
For transfers to countries without an adequate level of protection, we ensure protection through:
Where governmental authorities in third countries demand the disclosure of data, we examine each order for legal admissibility and inform the affected customer to the extent legally permitted.
Under the technical lead of the Head of Security and Infrastructure, the provider implements a layered security framework. The basis is the revDSG, the GDPR, the relevant FINMA circulars on operational risk and recognised standards. The underlying cloud infrastructure operates in data centres certified to ISO/IEC 27001 and SOC 2 Type II; the provider aligns with these standards as well as the NIST Cybersecurity Framework.
Every product change is verified before going live against the following catalogue of gates; evidence is documented in an audit-proof manner:
| Gate | Description | Mandatory evidence |
|---|---|---|
| SG-001 | Unauthenticated access to protected portal routes is denied | E2E redirect tests |
| SG-002 | Tenant fail-closed: no data access without tenant context | Integration tests (empty results / 403) |
| SG-003 | Cross-tenant access strictly denied | Integration and E2E negative tests (403) |
| SG-004 | Logout invalidates active session server-side | API test and E2E follow-up access |
| SG-005 | Tokens are not used as the primary strategy in browser storage | Code review evidence |
| SG-006 | AI endpoints reachable only authenticated and tenant-scoped | Integration test 401/403 |
| SG-007 | Signed-URL access is tenant-scoped | Integration test 401/403 |
| SG-008 | Build and test pipeline green (tsc, lint, integration tests, E2E tests) | CI run |
| SG-009 | Runtime smoke on the deployed revision (401/403/redirect) | HTTP smokes against prod/staging |
For further details and the changelog, see the security page at /en-ch/sicherheit.
| Data category | Retention |
|---|---|
| Active user accounts and contract data | Duration of the contractual relationship |
| Invoices and accounting records | 10 years (Art. 958f CO) |
| Advisory documentation (where stored by customers as controllers) | Per the controller's instructions, typically 10 years |
| Audit and security logs | up to 10 years (revDSG evidence, criminal prosecution) |
| Support communication | up to 3 years after last interaction |
| Marketing contacts (B2B, opt-out) | until objection |
| Server and access logs (not security-relevant) | up to 90 days |
After the retention period expires, data is deleted or reliably anonymised. If statutory or contractual obligations prevent deletion, further processing is restricted.
You have, in particular, the following rights:
To exercise your rights, please contact us at datenschutz@sothura.ch. To prevent identity misuse, we reserve the right to request appropriate proof of identity before providing information.
If your request concerns client data that a customer has brought into the platform as a controller, we will forward your request to the responsible customer or ask you to contact them directly.
We use technically necessary session cookies for authentication, security (CSRF protection) and load balancing. These cookies do not require consent (Art. 45c TCA/analogous, Art. 25(2) TTDSG for Germany). In addition, we store your cookie consent and a randomly generated visitor identifier without account reference in your browser's localStorage in order to remember your choice on subsequent visits.
With your consent, we use PostHog, a product analytics tool operated by PostHog Inc. We use the EU cloud instance (hosting in Frankfurt, Germany) and collect only anonymised page views and interactions to understand platform usage and improve the product. We do not use PostHog for advertising, cross-site tracking or profiling within the meaning of Art. 5 lit. f revDSG. Session recordings are disabled.
| Provider | PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA |
|---|---|
| Hosting | EU cloud (eu.i.posthog.com), Frankfurt |
| Data categories | Pseudonymous visitor ID (localStorage), page view URL, time spent, browser type, language setting, screen resolution, technical telemetry |
| Legal basis | Consent (Art. 6(6) revDSG / Art. 6(1)(a) GDPR) |
| Storage period | up to 12 months (PostHog default), immediate termination on withdrawal |
| Third-country transfer | Hosting in the EU; parent company in the US — Standard Contractual Clauses (SCC) plus supplementary measures |
On your first visit you will see a cookie banner with three options: "Accept all", "Essential only" and "Settings" (for individual selection). Without your consent, PostHog is not loaded — the platform continues to work without restriction.
You can withdraw your consent at any time. To do so, delete the entry sothura-cookie-consent from your browser's local storage settings (DevTools → Application → Local Storage), or contact us at datenschutz@sothura.ch — we are happy to help. A central withdrawal button in the footer is in preparation.
For each consent we keep an anonymised audit entry (visitor ID, choice, time, hashed IP) to fulfil our duty of evidence under Art. 12 revDSG and Art. 7(1) GDPR.
We deliberately do without marketing trackers and advertising cookies. One exception is Cloudflare Turnstile, which we use as technically necessary bot protection on our public forms (details in section 12.5). Should we introduce further consent-required services, we will extend the consent banner accordingly and ask you for consent again.
On public forms (e.g. the waitlist sign-up on this page), we use Cloudflare Turnstile, a captcha-free bot protection from Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA).
| Provider | Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA |
|---|---|
| Data processed | IP address, user agent, technical information about your browser (screen size, JavaScript environment), aggregated interaction patterns (mouse, keyboard, scroll). No cookies for recognition are set; Turnstile uses short-lived tokens (validity 5 minutes). |
| Purpose | Protection against automated spam and abuse, and ensuring the availability of our services. |
| Legal basis | Art. 31(1)(d) revDSG (overriding interest in security and functionality) and Art. 6(1)(f) GDPR (legitimate interest). |
| Data flow to the US | Processing takes place on Cloudflare edge servers worldwide, including the US. Cloudflare is certified under the EU-US Data Privacy Framework; in addition, Standard Contractual Clauses under Art. 46(2)(c) GDPR are in place. |
| Storage period | Bot detection signals are kept on the Cloudflare edge only briefly. We ourselves do not store Turnstile data persistently. |
| Further information | Cloudflare Privacy Policy |
The competent supervisory authorities for data subjects are in particular:
We operate a written incident response procedure. We notify the FDPIC of personal data breaches likely to result in a high risk to the personality or fundamental rights of data subjects without delay under Art. 24 revDSG or within 72 hours under Art. 33 GDPR and — where required — the data subjects. We notify our customers in their capacity as controllers of incident-relevant events within 72 hours.
The platform is aimed exclusively at commercial users; it is not directed at minors. We do not knowingly process data of persons under 16 years of age for our own purposes.
We adapt this privacy policy when the legal situation, technology or processing activities change. The current version is available on this page with its version status. We additionally communicate material changes by email or through the platform.