Privacy Policy

We collect the following categories of personal data:

• Account data: Email address, name, and account credentials provided at registration.
• Payment data: Billing details processed by Stripe (ByteStrats GmbH does not store full card details; payment processing is handled entirely by Stripe).
• Usage data: Pages visited, features used, session duration, and interaction data collected to improve the service.
• Technical data: IP address, browser type, device information, and access timestamps collected automatically.
• Communication data: Any messages or requests you send to us via contact forms or email.

• Service delivery: To provide, maintain, and improve the Rivex platform.
• Billing and payments: To process subscription payments and manage your account.
• Communications: To send service-related notifications, invoices, and important account updates.
• Security: To detect, investigate, and prevent fraudulent transactions and other illegal activities.
• Product improvement: To understand how users interact with the platform and improve features.

• Contract performance: Processing necessary to perform the subscription agreement.
• Legitimate interest: Security monitoring, fraud prevention, and platform improvement.
• Legal obligation: Compliance with Swiss and EU legal requirements.
• Consent: Where explicitly provided (e.g., optional communications).

We work with the following third-party service providers who process personal data on our behalf:

All processors are contractually bound to process data only on our instructions and to maintain appropriate security measures.

• Account data: Retained for the duration of the subscription plus 12 months after account closure, unless a longer retention period is required by law.
• Payment records: Retained for 10 years in accordance with Swiss accounting requirements.
• Usage logs: Retained for 90 days unless required for security investigations.
• Communications: Retained for 3 years.

Under the GDPR and Swiss nFADP, you have the following rights:

• Access: The right to request a copy of the personal data we hold about you.
• Rectification: The right to request correction of inaccurate personal data.
• Erasure: The right to request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Portability: The right to receive your personal data in a structured, machine-readable format.
• Objection: The right to object to processing based on legitimate interests.
• Restriction: The right to request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at the address in Section 12. We will respond within 30 days.

Rivex uses only essential cookies required for the platform to function. We do not use:

• Tracking or profiling cookies
• Advertising or retargeting cookies
• Third-party analytics cookies

Essential cookies include authentication session cookies and user preference cookies (e.g., theme and language selection). These are necessary for the service to function and cannot be disabled.

Some of our third-party processors operate outside Switzerland and the EEA (notably Anthropic in the United States). Where personal data is transferred outside Switzerland or the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the relevant authorities.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

Rivex is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Platform at least 14 days before the changes take effect.

For data access requests, erasure requests, or any privacy-related questions, contact: