Privacy Policy

Rivex is a non-commercial research project providing energy-market data aggregation tools to a small group of invited pilot users. There is no operating company offering Rivex as a paid product. This Privacy Policy describes how Rivex handles personal data of invited pilot users.

For any privacy-related question or request, contact admin@rivex.ch.

We collect the following categories of personal data:

• Account data: Email address, optional display name, and an authentication credential (password hash, managed by Supabase Auth).
• Usage data: Pages visited, features used, and session duration, used to understand how the platform is being used and improve it.
• Technical data: IP address, browser type, device information, and access timestamps collected automatically by the hosting infrastructure.
• Communication data: Any messages or requests you send via email or contact forms.

Rivex does not collect or process payment data; there is no payment functionality.

We use the data above to:

• Operate the invite-only research project (account creation, sign-in, session management).
• Authenticate users and prevent abuse, fraud, and unauthorised access.
• Understand how the platform is used and improve features.
• Send service-related notifications (e.g., security or account messages).

• Legitimate interest: Operating, securing, and improving the research project; preventing abuse.
• Consent: Where you provide it explicitly (e.g., optional communications).
• Legal obligation: Where applicable Swiss or EU law requires processing.

The following third-party service providers process personal data on our behalf strictly to operate the platform:

All processors are contractually bound to process data only on documented instructions and to maintain appropriate security measures.

Rivex does not sell personal data, runs no advertising, and uses no third-party analytics or tracking services.

• Account data: kept while the account is active. Deleted within 90 days after account closure or on request.
• Usage logs: retained for 90 days unless required for security investigations.
• Communications: retained for 12 months.

Under the GDPR and Swiss nFADP, you have the following rights:

• Access: The right to request a copy of the personal data held about you.
• Rectification: The right to request correction of inaccurate personal data.
• Erasure: The right to request deletion of your personal data ("right to be forgotten").
• Portability: The right to receive your personal data in a structured, machine-readable format.
• Objection: The right to object to processing based on legitimate interests.
• Restriction: The right to request restriction of processing in certain circumstances.

To exercise any of these rights, contact admin@rivex.ch. We will respond within 30 days.

Rivex uses only essential cookies required for the platform to function. We do not use:

• Tracking or profiling cookies
• Advertising or retargeting cookies
• Third-party analytics cookies

Essential cookies include authentication session cookies and user preference cookies (e.g., theme and language selection). These are necessary for the service to function.

Some processors operate outside Switzerland and the EEA (notably Anthropic in the United States). Where personal data is transferred outside Switzerland or the EEA, appropriate safeguards are in place, including standard contractual clauses approved by the relevant authorities.

Appropriate technical and organisational security measures are in place to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), access controls, and periodic security reviews. No method of transmission over the internet is, however, 100% secure.

Rivex is not intended for use by individuals under the age of 16. Personal data from minors is not knowingly collected. If you believe a minor has provided personal data, please contact admin@rivex.ch and the data will be deleted promptly.

This Privacy Policy may be updated from time to time. Pilot users will be notified by email of any material change at least 30 days before it takes effect.

For data access requests, erasure requests, or any privacy-related question, contact: