Privacy policy

Which data we process, why, and for how long. The Swiss revFADP and the GDPR apply in parallel.

1. Controller

Lightnet Multimedia GmbH, 3376 Graben, Switzerland. Email: info@windesk.ch.

2. Scope

This privacy policy applies to the website windesk.ch, the customer portal app.windesk.ch and the WinDesk desktop applications (client and host). Data processing in the context of support and contractual relationships applies in addition.

3. Which data we process

Website visit: IP address (anonymised), browser type, referrer, timestamp. Stored max. 7 days in server logs.

Analytics: We use Plausible (cookie-less, EU-hosted) and Google Analytics 4 with IP anonymisation and Consent Mode v2 (default denied for advertising cookies).

Account usage: Email, hashed password (bcrypt), subscription tier, usage statistics (number of sessions, duration, host IDs).

Payment data: Via Stripe. We do not store credit card data, only transaction IDs and invoice data.

Remote sessions: Metadata (time, duration, client/host IDs, file hashes). Session contents are protected from us by E2E encryption.

Download click tracking: When you click a download button, we log the click with platform, version, language locale and country (GeoIP). Identification of individual persons is not possible; IPs are aggregated to /24 subnets after 24 hours. This data is used exclusively for market analysis and is not shared.

4. Legal bases

Processing on the basis of contract performance (Art. 31(2)(a) revFADP / Art. 6(1)(b) GDPR), legitimate interest (security, abuse prevention) and — where applicable — your consent.

5. Retention

Server logs: 7 days. Session logs: 180 days. Download-click logs: 24h raw, then aggregated to /24 subnet, anonymised after 30 days. Invoice data: 10 years (CO Art. 958f). Account data: until account deletion + 30-day grace period.

6. Disclosure to third parties

We disclose personal data only to data processors with whom we have signed data-processing agreements: Stripe (payments), Hetzner/Infomaniak (hosting), Plausible (analytics), Google (analytics, with Consent Mode). No sale to third parties.

7. Your rights

You have rights to access, rectification, erasure, restriction of processing, data portability and objection. Complaints may be filed with the Federal Data Protection and Information Commissioner (FDPIC). Requests to us: info@windesk.ch.

8. Security

Technical and organisational measures: TLS 1.3 for all connections, AES-256-GCM E2E encryption for sessions, role-based access control, multi-factor authentication for privileged accounts, regular security audits.

9. Changes

We update this policy on material changes to our processing. The current version is always available at /en/privacy.