Privacy Policy

Last updated: March 2026 · Applicable law: Switzerland (nDSG / revDSG)

1. Controller

The controller responsible for the processing of your personal data in the sense of the Swiss Federal Act on Data Protection (nDSG) is:

Aprivis GmbH
[Strasse und Hausnummer]
[PLZ] [Ort], Switzerland
E-Mail: hello@thermocomposer.com

2. Scope and Purpose of this Policy

This Privacy Policy explains how Aprivis GmbH ("we", "us", "our") collects, uses, and protects personal data when you visit thermocomposer.com (the "Website") or use the ThermoComposer SaaS platform (the "Service"). It applies to all visitors, waitlist registrants, and registered users.

3. Data We Collect

We collect personal data in the following contexts:

  • Waitlist registration: When you sign up for early access, we collect your e-mail address and, optionally, your name and company.
  • Account creation: When you create an account, we collect your e-mail address, a chosen password (stored only as a secure hash), and any profile information you provide.
  • Inspection data: When you use the Service, you upload thermal drone images (DJI R-JPEG files) and related metadata (GPS coordinates, timestamps, equipment details). This data is processed exclusively on your behalf to provide the Service.
  • Usage data: We automatically collect technical information such as IP address, browser type, pages visited, and interaction timestamps for security, performance monitoring, and service improvement.
  • Communication: If you contact us by e-mail or a contact form, we store the content of your message and your contact details to process your request.

4. Legal Basis for Processing

Under the Swiss nDSG, we process your data on the following bases:

  • Contractual necessity: Processing required to fulfil our obligations under the Terms of Service (e.g. delivering the Service, managing your account).
  • Consent: Where you have given explicit consent, for example by subscribing to marketing communications or by signing up for the waitlist.
  • Legitimate interests: We may process data where we have a legitimate interest (e.g. fraud prevention, service security, and internal analytics), provided your interests and fundamental rights do not override those interests.
  • Legal obligation: Processing required to comply with applicable Swiss law, including tax, commercial, and regulatory obligations.

5. How We Use Your Data

We use the collected data to:

  • Provide, operate, and improve the ThermoComposer Service.
  • Process and manage waitlist registrations and account creation.
  • Send transactional e-mails (e.g. account confirmation, password reset).
  • Send marketing communications if you have opted in (you may opt out at any time).
  • Analyse usage patterns to improve performance and user experience.
  • Detect, investigate, and prevent fraudulent or unauthorised activity.
  • Comply with legal obligations and enforce our Terms of Service.

6. Third-Party Service Providers

We engage trusted third-party providers to help operate the Service. Each provider processes data only on our instructions and under appropriate data protection agreements:

  • Supabase Inc. (USA / EU) — database, authentication, and file storage. Data is hosted in the EU (Frankfurt region). Supabase processes data under a Data Processing Agreement compliant with Swiss requirements.
  • Loops Inc. (USA) — e-mail delivery for waitlist communications. Only your e-mail address and optional name are shared. You may unsubscribe at any time via the link in any e-mail.
  • Vercel Inc. (USA) — website and application hosting (frontend). Vercel may process IP addresses and usage data for request routing and security.
  • Microsoft Azure (EU) — cloud infrastructure for the processing worker. Thermal image files are processed in EU data centres.

Where data is transferred outside Switzerland or the European Economic Area, we ensure an adequate level of protection through the use of Swiss Federal Council-approved adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent safeguards.

7. Cookies and Tracking

The Website uses strictly necessary cookies to maintain your session and ensure security. We do not use advertising or cross-site tracking cookies. Where we use analytics tools, they are configured to anonymise IP addresses and not to track you across third-party sites.

You may configure your browser to refuse cookies; however, some parts of the Service may not function correctly without them.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law:

  • Account data: Retained for the duration of your subscription and deleted within 90 days of account closure, unless legal obligations require longer retention.
  • Inspection data: Retained as long as your account is active. You may delete individual inspections or all your data at any time from within the Service.
  • Waitlist data: Retained until you unsubscribe or request deletion.
  • Server logs: Automatically deleted after 90 days.
  • Accounting records: Retained for 10 years in accordance with Swiss commercial law (OR Art. 958f).

9. Your Rights

Under the Swiss nDSG, you have the following rights with respect to your personal data:

  • Right of access: You may request information about the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your data, subject to legal retention obligations.
  • Right to data portability: You may request a copy of your data in a structured, machine-readable format.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to object: You may object to processing based on legitimate interests in certain circumstances.

To exercise your rights, please contact us at hello@thermocomposer.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

10. Security

We implement technical and organisational measures appropriate to the risk to protect your personal data against unauthorised access, loss, or disclosure. These include encryption in transit (TLS), encryption at rest, role-based access controls, and regular security reviews. However, no system is entirely secure; in the event of a data breach affecting your rights and freedoms, we will notify you and the competent authority in accordance with Swiss law.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by e-mail or by posting a prominent notice in the Service at least 30 days before the change takes effect. The date at the top of this page reflects the date of the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact

For questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact:

Aprivis GmbH
Data Protection Contact
E-Mail: hello@thermocomposer.com