1) Who we are (Controller)

Nexoventis AG is the controller for the processing described here. For certain services we use processors (see Section 7). For privacy requests, contact us at support@focuspilot.net.If required by GDPR Article 27, we will appoint an EU representative and publish their details here once designated.

2) What data we process and for what purposes

2.1 Data you provide to us

• Waiting list sign‑up (email form): Name (optional, if provided) and email address — to contact you about availability, access and onboarding.
• Newsletter subscription: Name (optional, if provided) and email address — to send product news, tips and marketing communications.
• (Optional) Intro gate question: If you answer the on‑page question about your goal, we process the free‑text answer. Please avoid entering sensitive or health data in free text.

Legal basis: Consent (GDPR Art. 6(1)(a)); revDSG allows processing with valid consent. You can withdraw consent at any time (see Section 10).

Double opt‑in: We operate a double opt‑in for email subscriptions. You will only be subscribed once you confirm via the verification email.

2.2 Data we collect automatically when you visit our site

• Usage/analytics data (if you consent): page views, events and device information collected via Google Analytics 4 (GA4).
• Technical data (always, where applicable): basic server logs such as IP address, date/time, URL, user‑agent for security and error diagnostics.
• Consent choice: your decision in the cookie banner (stored locally in your browser), so we can respect it on future visits.
• Pseudonymous on‑site identifier: a randomly generated ID stored locally to ensure certain UI elements (e.g., full‑screen gate) are shown only once and to link a previously submitted goal answer with your later consent decision (see Section 5).

Legal basis:

• Analytics/tracking → Consent.
• Technical data (always, where applicable): basic server logs such as IP address, date/time, URL, user‑agent for security and error diagnostics.
• Essential/functional storage strictly necessary to provide the service (e.g., remembering consent, one‑time gate display) → Legitimate interests.

Note on sensitive data: Our landing page does not intentionally collect health data. Please do not submit information about your mental health in free‑text fields here. The app will have its own privacy documentation.

3) Do we have to collect this data?

Providing your email for the waiting list/newsletter is voluntary. Without it, we cannot contact you. Analytics is optional; it only activates after you consent via the banner. Essential technical logging and essential functional storage are necessary to run the website.

4) Retention periods

• Waiting list & newsletter contact data (name, email): until you unsubscribe or withdraw consent, or after 24 months of inactivity (whichever comes first). We periodically remove inactive contacts.
• Intro gate answers: kept for up to 12 months for product research and then deleted or anonymised.
• Server logs: up to 30 days unless needed longer for security/incident analysis.
• Analytics data: retained per GA4 settings (e.g., 14 months) and then deleted/aggregated.
• Local storage / cookies: see Section 5; they persist until expiry or until you delete them.

If statutory retention duties apply, we may retain data longer to comply with them.

5) Cookies and similar technologies

We use cookies and browser storage to: (i) remember your consent choices; (ii) operate UI features (e.g., show the full‑screen gate only once); and (iii) (with your consent) perform analytics.

5.1 Your choices

• On your first visit we show a cookie banner. Analytics is off by default; we only enable it if you click Accept or select Analytics in More options. You can change your choice at any time via the Cookie settings link in the footer or by clearing site data in your browser.

5.2 Cookies & local storage used on our site

Note: Local storage items are not cookies, but they are similar technologies under revDSG/GDPR and are listed for transparency.

Google Analytics specifics: We implement Google Consent Mode so GA4 only runs after consent. GA4 does not log or store IP addresses. You can withdraw consent at any time (see Section 10).HubSpot tracking: If the HubSpot tracking script is enabled on the site, it will only load after your consent for Analytics (and/or Marketing, as configured). See Section 7 for the provider.

6) Data sources

We obtain personal data primarily directly from you (forms on our site). We may also receive updates from our processors (e.g., subscription status) when you interact with emails we send.

7) Recipients and processors

We share data with the following service providers acting as our processors (or independent recipients, where noted):

We also disclose data if legally required (e.g., to authorities) or to enforce rights.

8)   International transfers

Where a provider is located outside Switzerland/EU/EEA (e.g., the United States) or uses sub‑processors there, we ensure an adequate level of protection by relying on one or more of the following: (i) the EU‑U.S. and Swiss‑U.S. Data Privacy Frameworks (where the recipient is certified); (ii) Standard Contractual Clauses (SCCs) adopted by the European Commission (and recognized by Switzerland), supplemented by additional measures where required; and/or (iii) other adequacy mechanisms recognised by Switzerland/EU. You can contact us for copies or more details of the safeguards used for a given transfer.

9)   Security

We protect your data through technical and organisational measures, including TLS encryption in transit, access controls, least‑privilege principles, regular updates and monitoring. No internet transmission is 100% secure; we cannot guarantee absolute security.

10)   Your rights

Depending on where you live and applicable law, you have the right to: (i) access your personal data; (ii) rectify inaccurate data; (iii) erase data ("right to be forgotten"); (iv) restrict or object to processing; (v) data portability (for data you provided to us and processed by automated means based on consent or contract); (vi) withdraw consent at any time (affects future processing only); and (vii) lodge a complaint with a supervisory authority (see Section 11).

How to exercise your rights: Email us at support@focuspilot.net. To change your cookie/analytics choice on this site, use the Cookie settings link in the footer (or clear site data in your browser). If you cannot locate the link, contact us and we will assist.

Deletion of your contact data (name & email): You may request at any time that we delete your name and email address from our waiting list, newsletter and CRM. We will erase them from our systems and instruct our processors (Brevo and HubSpot) to do the same, unless retention is required by law (e.g., to keep a minimal suppression record to ensure we do not email you again). We normally respond within 30 days.

11)   Supervisory authorities

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC).
• EU: You can complain to your local Data Protection Authority or to the Irish DPC (for services provided by EU‑based processorslisted above).

12)   Children

Our site and services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete such data.

13)   No automated individual decision‑making

We do not use automated decision‑making that produces legal effects concerning you on the landing page.

14)   Updates to this Policy

We may update this Privacy Policy to reflect changes to our processing or legal requirements. We will indicate the update date above and, where appropriate, notify you by email or on the site. Historical versions may be made available upon request.