1) Who we are (Controller)

Nexoventis AG is the controller for the processing described here. For certain services we use processors (see Section 6). For privacy requests, contact us at support@focuspilot.net.

2) What data we process and for what purposes

2.1 Data you provide to us

• Waiting list sign‑up (email form): Name (optional, if provided) and email address — to contact you about availability, access and onboarding.
• Newsletter subscription: Name (optional, if provided) and email address — to send product news, tips and marketing communications.
• (Optional) Intro gate question: If you answer the on‑page question about your goal, we process the free‑text answer. Please avoid entering sensitive or health data in free text.

Legal basis: Consent (GDPR Art. 6(1)(a)); revDSG allows processing with valid consent. You can withdraw consent at any time (see Section 9).

Double opt‑in: We operate a double opt‑in for email subscriptions. You will only be subscribed once you confirm via the verification email.

2.2 Data we collect automatically when you visit our site

• Usage/analytics data (if you consent): page views, events and device information collected via Google Analytics 4 (GA4).
• Technical data (always, where applicable): basic server logs such as IP address, date/time, URL, user‑agent for security and error diagnostics.
• Consent choice: your decision in the cookie banner (stored locally in your browser), so we can respect it on future visits.
• Pseudonymous on‑site identifier: a randomly generated ID stored locally to ensure certain UI elements (e.g., full‑screen gate) are shown only once and to link a previously submitted goal answer with your later consent decision (see 5. Cookies & Local Storage).

Legal basis:

• Analytics/tracking → Consent.
• Technical data (always, where applicable): basic server logs such as IP address, date/time, URL, user‑agent for security and error diagnostics.
• Server logs/technical security → Legitimate interests in operating a secure website (GDPR Art. 6(1)(f)); proportionate under revDSG.

Note on sensitive data: Our landing page does not intentionally collect health data. Please do not submit information about your mental health in free‑text fields here. The app will have its own privacy documentation.

3) Do we have to collect this data?

Providing your email for the waiting list/newsletter is voluntary. Without it, we cannot contact you. Analytics is optional; it only activates after you consent via the banner. Essential technical logging is necessary to run the website.

4) Retention periods

• Waiting list & newsletter contact data (name, email): until you unsubscribe or withdraw consent, or after 24 months of inactivity (whichever comes first). We will periodically clean inactive contacts.
• Intro gate answers: kept for up to 12 months for product research and then deleted or anonymised.
• Server logs: up to 30 days unless needed longer for security/incident analysis.
• Analytics data: retained per GA4 settings (e.g., 14 months) and then deleted/aggregated.
• Local storage / cookies: see Section 5 below; they persist until expiry or until you delete them in your browser settings.

If statutory retention duties apply, we may retain data longer to comply with them.

5) Cookies and similar technologies

We use cookies and browser storage to:

• remember your consent choices;
• Operate UI features (e.g., the full‑screen gate is shown once);
• (with your consent) perform analytics.

5.1 Your choices

• On your first visit we show a cookie banner. Analytics is off by default; we only enable it if you click Accept. You can decline.
• You can change your choice at any time (see Section 9 – Your rights).
• You can also block or delete cookies/local storage in your browser settings.

5.2 Cookies & local storage used on our site

Note: Local storage items are not cookies, but they are similar technologies under revDSG/GDPR and are listed for transparency.

Google Analytics specifics: We implement Google Consent Mode so GA4 only runs after consent.GA4 does not log or storeIP addresses. You can withdrawconsent at any time (see Section 9).

6) Recipients and processors

We share data with the following service providers acting as our processors (or independent recipients, where noted):

We also disclose data if legally required (e.g., to authorities) or to enforce rights.

7)   International transfers

Where a provider is located outside Switzerland/EU/EEA (e.g., the United States) or uses sub‑processors there, we ensure an adequate level of protection by relying on one or more of the following:

• the EU‑U.S. and Swiss‑U.S. Data Privacy Frameworks (where the recipient is certified);
• Standard Contractual Clauses (SCCs) adopted by the European Commission (and recognized by Switzerland), supplemented by additional measures where required; and/or
• other adequacy mechanisms recognisedby Switzerland/EU.

You can contact us for copies or more details of the safeguards used for a given transfer.

8)   Security

We protect your data through technical and organisational measures,including TLS encryption in transit, access controls, least‑privilege principles, regular updates and monitoring. No internet transmission is 100% secure;we cannot guarantee absolute security.

8)   Security

We protect your data through technical and organisational measures,including TLS encryption in transit, access controls, least‑privilege principles, regular updates and monitoring. No internet transmission is 100% secure;we cannot guarantee absolute security.

9)   Your rights

Depending on where you live and applicable law, you have the right to:

• access your personal data;
• rectify inaccurate data;
• erase data ("right to be forgotten");
• restrict or object to processing;
• data portability (for data you provided to us and process by automated means based on consent orcontract);
• withdraw consent at any time (affects future processing only);
• lodge a complaint with a supervisory authority (see Section 10).

How to exercise your rights: Email us at support@focuspilot.net. To change your cookie/analytics choice on this site, use the “Cookie settings” link in the footer (or clear site data in your browser). If you cannot locate the link,contact us and we will assist.

Deletionof your contact data (name & email): You mayrequest at any time that we delete your name and email address from our waiting list, newsletter and CRM. We will erase them fromour systems and instructour processors (Brevo and HubSpot)to do the same, unless retention is requiredby law (e.g., to keep a minimalsuppression record to ensure we do not email you again). We normallyrespond within 30 days.

10)   Supervisory authorities

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC).
• EU: You can complain to your local Data Protection Authority or to the Irish DPC (for services provided by EU‑based processorslisted above).

11)   No automated individual decision‑makingy

We do not use automated decision‑making that produces legal effects concerning you on the landing page.

12)   Updates to this Policy

We may update this Privacy Policy to reflect changes to our processing or legal requirements. We will indicate the update date above and, where appropriate, notify you by email or on the site.