IFClint

Privacy Policy

Last updated: 29 April 2026 · Deutsche Version

This Privacy Policy describes which personal data we process when you use the IFClint platform (the “Service”), why we process it, and on what legal basis. We comply with the Swiss Data Protection Act (revFADP), the EU General Data Protection Regulation (GDPR), and the UK Data Protection Act 2018.

1. Data Controller

Enertec Engineering AG
Buerglistrasse 29, 8400 Winterthur, Switzerland
UID: CHE-109.296.971
E-mail: info@ifclint.com

2. Data we process

2.1 Account & user data

  • E-mail address (required)
  • Display name (optional)
  • Hashed password (Argon2)
  • Organisation membership and role
  • Language and theme preferences

2.2 Content data

  • Uploaded IFC files and derived element/property data
  • Test rules (Gherkin/IDS), test catalogs, test-run results
  • Project and model metadata
  • Activity logs (who uploaded / validated what, when)

2.3 Technical access data

  • IP address (truncated after 7 days, fully deleted after 30 days)
  • User-Agent, browser version, referrer
  • Timestamps of logins, uploads, API calls
  • Error stacks (Sentry, scrubbed of personal data — see 4.4)

2.4 Billing data

  • Plan, trial status, usage statistics
  • Payment data is processed by our Merchant of Record, Paddle.com Market Ltd. We only receive a transaction ID, masked card last-four digits, and the billing address.

3. Purposes & legal bases

PurposeLegal basis
Providing the Service (auth, validation, storage)Art. 6(1)(b) GDPR (contract performance)
Billing & accountingArt. 6(1)(c) GDPR (legal obligation)
Security, fraud detection, logsArt. 6(1)(f) GDPR (legitimate interest)
Analytics / marketing cookies (only with consent)Art. 6(1)(a) GDPR (consent)

4. Recipients & sub-processors

We use carefully selected sub-processors and have signed a Data Processing Agreement (DPA) with each. The full, current list is at /sub-processors.

4.1 Hosting & infrastructure

  • Vercel Inc. (USA) – Web hosting, CDN. Transfers covered by EU SCCs and the EU-US Data Privacy Framework.
  • Supabase Inc. (USA) – Database, auth, file storage. Data resides in Frankfurt (EU). SCCs + DPF.
  • Fly.io Inc. (USA) – Python validation service. Servers in Amsterdam (EU).

4.2 Payments

  • Paddle.com Market Ltd. (London, UK) – Merchant of Record. Paddle processes card and bank data, issues invoices, and remits VAT/sales tax.

4.3 E-mail delivery

  • Hostinger International Ltd. (Cyprus, EU) – SMTP delivery for transactional e-mails.

4.4 Error tracking

  • Functional Software, Inc. d/b/a Sentry (USA) – automated error capture. We strip e-mail addresses, cookies, Authorization headers, and similar identifiers server-side before events are sent.

5. Retention

  • Account data: until account deletion.
  • Content (IFC files, runs): until user deletion or 30 days after account deletion.
  • Access logs: 30 days.
  • Billing data / invoices: 10 years (statutory retention).
  • Contact requests: 24 months unless leading to a contract.

6. International data transfers

Some sub-processors are based in the US or UK. Transfers are based on:

  • EU Standard Contractual Clauses (Modules 2 or 3 as applicable),
  • EU-US Data Privacy Framework certification, where applicable,
  • UK International Data Transfer Agreement (IDTA) / UK Addendum to SCCs.

7. Your rights

  • Access (Art. 15 GDPR / Art. 25 revFADP)
  • Rectification (Art. 16)
  • Erasure (Art. 17, “right to be forgotten”)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Objection to legitimate-interest processing (Art. 21)
  • Withdrawal of consent at any time, with future effect

Send requests to info@ifclint.com. We respond within 30 days.

8. Right to lodge a complaint

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch
  • EU: the supervisory authority of your member state.
  • UK: Information Commissioner's Office (ICO), ico.org.uk

9. Cookies & tracking

We use strictly necessary cookies for login, session, and language. Analytics cookies (Vercel Analytics, Speed Insights) are only set with your explicit consent through our cookie banner. You can withdraw consent at any time:

10. Account deletion

You can delete your account at any time via Profile Settings. All personal data and content will be permanently deleted; only billing records will be retained for the statutory retention period.

11. Changes to this Policy

We may update this Policy. Material changes will be announced at least 14 days before they take effect, by e-mail or via the dashboard.

Last updated: 29 April 2026.