Privacy Policy — dot2.solutions

1

Introduction

Welcome to dot2.solutions ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access or use our services.

2

Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us, including:

Name and contact information (email address, phone number)
Company name and business information
Account credentials (username and password)
Payment and billing information
Communication preferences
Any other information you choose to provide

2.2 Automatically Collected Information

When you access our services, we may automatically collect:

Device information (IP address, browser type, operating system)
Usage data (pages visited, time spent, clicks)
Location data (general geographic location)
Cookies and similar tracking technologies

2.3 Business Information

For our B2B services, we may collect:

Project details and requirements
Technical specifications and integrations
Communication records and support tickets
Analytics and performance data from implemented solutions

3

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our services
Communication: To respond to inquiries, send updates, and provide customer support
Billing: To process payments and manage accounts
Analytics: To understand usage patterns and optimize our services
Marketing: To send newsletters and promotional materials (with your consent)
Security: To protect against fraud, unauthorized access, and security threats
Compliance: To comply with legal obligations and enforce our terms

4

Information Sharing and Disclosure

We Do Not Sell Your Data

We do not sell your personal information to third parties. Your privacy is important to us.

We may share your information in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, such as payment processing, hosting, analytics, and email delivery. These providers are contractually obligated to protect your information.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request.

4.4 With Your Consent

We may share information for any other purpose with your explicit consent.

4.5 Data Processing Agreements

For B2B clients who require GDPR- or nFADP-compliant data processing documentation, a Data Processing Agreement (DPA) is available upon request. Please contact us at legal@dot2.solutions to request a DPA.

5

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication mechanisms
Secure data centers and infrastructure
Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:

The nature and sensitivity of the information
The purposes for which we process the information
Legal and regulatory requirements
Our legitimate business interests

For account data following termination of services, we retain your data for a period of 90 days, during which you may request export of your data. After this period, your data will be permanently deleted. For details, see Section 13.4 of our Terms of Service.

7

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Your Data Rights

Access: Request access to the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information
Portability: Request a copy of your information in a portable format
Objection: Object to the processing of your personal information
Restriction: Request restriction of processing in certain circumstances
Withdraw Consent: Withdraw consent for processing based on consent

To exercise these rights, please contact us at privacy@dot2.solutions.

8

Cookies and Tracking Technologies

Cookie Consent

When you first visit our website, you'll see a cookie consent banner. You can choose to accept or decline analytics cookies. Your choice is stored and respected across all your visits.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you use our site.

8.2 Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for our website to function properly and cannot be disabled. They enable core functionality such as:

Authentication: Keeping you logged in to your account
Security: Protecting against cross-site request forgery (CSRF)
Session Management: Maintaining your session state as you navigate
Cookie Consent: Remembering your cookie preferences
Customer Support: Enabling live chat support via Intercom Fin

Data Retention: Session cookies are deleted when you close your browser. Persistent authentication cookies expire after 30 days of inactivity.

Intercom Customer Support Cookies

We use Intercom to provide customer support and help desk services. Intercom is classified as essential because it enables necessary communication between you and our support team.

Provider: Intercom, Inc. (US-based with EU data processing agreements)
Cookies Set: intercom-session-*, intercom-id-*, intercom-device-id-*
Purpose: Essential for providing live chat support, maintaining conversation continuity, and enabling help desk functionality
Data Processed: Name, email (for authenticated users), chat messages, device information, session data
Data Retention: Session cookies expire when conversation ends; persistent ID cookies enable conversation history for up to 90 days
Legal Basis: Legitimate interest under GDPR Article 6(1)(f) - necessary for providing customer support services

Why Intercom is Essential

Intercom enables real-time customer support, which is a core part of our service delivery. For authenticated users receiving support as part of our contractual relationship, this processing is necessary under Article 6(1)(b). For all users, it serves our legitimate interest in providing accessible customer assistance under Article 6(1)(f).

Analytics Cookies (Optional - Requires Your Consent)

With your consent, we use analytics tools to understand how visitors interact with our website. This helps us improve our services and user experience.

Google Analytics 4

Purpose: Collect anonymous usage statistics, page views, session duration, and user navigation patterns
Provider: Google Analytics 4 (Google LLC)
Cookies Set: _ga, _ga_*, _gid
Data Collected: Page views, referring site, device type, browser type, approximate location (country/city level)
Data Retention: Analytics data is retained for 14 months in Google Analytics. Cookie expiration: _ga (2 years), _gid (24 hours)
Privacy Features: IP anonymization enabled, no cross-device tracking, no advertising signals, no ad personalization

Microsoft Clarity

We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session recordings. This helps us identify usability issues and improve the user experience.

Purpose: Session recordings, heatmaps, scroll tracking, and click analytics to understand user behavior
Provider: Microsoft Corporation
Cookies Set: _clck, _clsk, CLID, ANONCHK, MR, MUID, SM
Data Collected: Mouse movements, clicks, scrolls, page content (with sensitive data masked), device and browser information
Data Retention: Session recordings are retained for up to 30 days. Cookie expiration varies: _clck (1 year), _clsk (1 day)
Privacy Features: Automatic masking of sensitive content (passwords, personal data in forms), no collection of keystrokes in password fields

About Session Recordings

Microsoft Clarity may record your browsing session on our website. These recordings help us understand how users navigate our site and identify areas for improvement. Sensitive information such as passwords and payment details are automatically masked and never captured.

Privacy-First Analytics

Our analytics implementations are configured with enhanced privacy settings:

✓ IP addresses are anonymized before processing
✓ No cross-device tracking or user profiling
✓ No data shared with advertising networks
✓ Secure cookie transmission only (HTTPS)
✓ Sensitive form data is automatically masked in Clarity recordings
✓ Complies with GDPR and Swiss data protection laws

8.3 How We Use Cookies

We use cookies to:

Maintain Your Session: Keep you logged in and remember your preferences
Improve Performance: Understand which pages are most popular and how visitors navigate our site
Enhance Security: Detect and prevent fraudulent activity
Remember Preferences: Store your cookie consent choice and other settings
Analyze Usage: Identify technical issues and areas for improvement

8.4 Your Cookie Rights and Choices

You have full control over cookies on our website:

Managing Your Preferences

Accept or Decline: When you first visit, choose whether to allow analytics cookies
Change Anytime: Click "Cookie Preferences" in the footer to update your choice
Browser Settings: Configure your browser to block or delete cookies
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on

8.5 Impact of Disabling Cookies

Essential Cookies: Cannot be disabled as they're necessary for the website to function. Without them, you cannot log in or use authenticated features.

Analytics Cookies: Declining these cookies has no impact on website functionality. You can still access all features and services. We simply won't collect anonymous usage statistics from your visits.

8.6 Third-Party Cookies

We do not allow third-party advertising or marketing cookies on our website. The only third-party cookies are from Google Analytics and Microsoft Clarity (both require your consent), and they are configured with privacy-enhancing settings.

8.7 Data Retention Summary

Cookie Consent Choice: Stored indefinitely in your browser's localStorage until you clear it or change preferences
Session Cookies: Deleted when you close your browser
Authentication Cookies: 30 days (refreshed with each login)
Google Analytics _ga Cookie: 2 years from last visit
Google Analytics _gid Cookie: 24 hours
Analytics Data (Google servers): 14 months

8.8 Consent Renewal

In accordance with GDPR and nFADP best practices, your cookie consent preferences are reviewed and renewed every 12 months. After this period, you will be prompted to reconfirm your consent choices via the cookie consent banner.

8.9 Updates to Cookie Policy

We may update our cookie policy to reflect changes in technology or regulations. Material changes will be communicated through our cookie banner or a notice on our website. The "Last Updated" date at the top of this policy indicates when changes were last made.

Questions about cookies? Contact us at privacy@dot2.solutions

9

Third-Party Services

Our services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9.1 Third-Party Service Providers

Third-party services we use include:

Supabase: Database and authentication services
Intercom: Customer support and help desk platform
Payment Processors: Secure payment processing for billing
Email Service Providers: Transactional and marketing email delivery
Google Analytics: Website analytics and usage monitoring (with consent)

9.2 Intercom (Customer Support Platform)

Intercom Details

Provider: Intercom, Inc. (US-based company)
Purpose: Live chat support, customer messaging, help desk functionality, and support ticket management
Data Processed: Name, email address, chat messages, conversation history, device information, usage patterns
Data Location: United States (with standard contractual clauses for EU data transfers)
Data Retention: Conversation data retained for up to 90 days; user identification data retained while account is active
Privacy Policy: https://www.intercom.com/legal/privacy
GDPR Compliance: Intercom is certified under the EU-U.S. Data Privacy Framework and uses standard contractual clauses

Why we use Intercom: Intercom enables us to provide real-time customer support, which is essential for delivering quality service. For authenticated users, this processing is necessary for fulfilling our contractual obligations. For all users, it serves our legitimate interest in providing accessible customer assistance.

10

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

For detailed information on the specific safeguards we use for cross-border data transfers — including Standard Contractual Clauses and the EU-U.S. Data Privacy Framework — please refer to Section 15.3 (Cross-Border Data Transfers) of this policy.

11

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

13

Contact Us

Legal Business Name: dot2.solutions Christopher Boerger
UID: CHE-283.163.161
Zefix-ID: 1739322

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact Us

Email

privacy@dot2.solutions

General Inquiries

contact@dot2.solutions

Website

https://dot2.solutions

14

GDPR Compliance (For EU Residents)

European Data Protection Rights

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

The right to be informed about data collection and use
The right to access your personal data
The right to rectification of inaccurate data
The right to erasure ("right to be forgotten")
The right to restrict processing
The right to data portability
The right to object to processing
Rights related to automated decision-making and profiling

You also have the right to lodge a complaint with your local data protection authority.

14.1 Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

Article 6(1)(a) - Consent: For marketing communications and analytics cookies (you can withdraw consent at any time)
Article 6(1)(b) - Contract: For service delivery, account management, and customer support for authenticated users
Article 6(1)(c) - Legal Obligation: For compliance with tax laws, accounting requirements, and legal requests
Article 6(1)(f) - Legitimate Interest: For security, fraud prevention, and providing customer support services

14.2 Legitimate Interest - Customer Support (Intercom)

Legitimate Interest Assessment

We process personal data through Intercom based on our legitimate interest under GDPR Article 6(1)(f) to provide accessible customer support services.

Our Legitimate Interest:

• Providing real-time customer assistance and support
• Enabling effective communication between users and our support team
• Maintaining conversation history for continuity and quality service
• Improving support efficiency and customer satisfaction

Balance Test:

• Necessity: Live chat support is essential for modern service delivery
• Minimal Data: Only necessary data (name, email, messages) is collected
• Reasonable Expectation: Users expect to communicate with support when visiting our site
• Low Risk: Support data is used solely for assistance purposes, not profiling or marketing
• User Control: Users can choose not to use the chat feature; alternative contact methods (email) are available

For authenticated users receiving support as part of our service relationship, processing is also necessary under Article 6(1)(b) - Performance of Contract.

14.3 Your Right to Object

Under GDPR Article 21, you have the right to object to processing based on legitimate interest. If you object to Intercom processing, we will cease using Intercom for your data, and you can contact us via email at help@dot2.solutions instead.

15

Swiss Data Protection (nFADP/nLPD)

As a Swiss-based company (dot2 solutions, Sole Proprietorship, Switzerland), we comply with the Swiss Federal Act on Data Protection (Revised Federal Act on Data Protection, nFADP/nLPD), which came into effect on September 1, 2023.

Swiss Resident Rights

If you are a Swiss resident, you have the following rights under the nFADP:

Right to Information: Receive transparent information about data processing activities
Right of Access: Request access to your personal data we hold
Right to Correction: Request correction of inaccurate or incomplete personal data
Right to Deletion/Blocking: Request deletion or blocking of personal data in certain circumstances
Right to Data Portability: Receive your personal data in a structured, commonly used format
Right to Object: Object to the processing of your personal data based on legitimate interest

15.1 Data Controller

dot2.solutions Christopher Boerger (Sole Proprietorship)
Rue Pestalozzi 9
1400 Yverdon-les-Bains, Switzerland
Email: privacy@dot2.solutions

15.2 Legal Basis for Processing

Under the nFADP, we process your personal data based on the following legal grounds:

Consent: With your explicit consent for marketing communications and optional analytics
Contract Performance: To fulfill our contractual obligations in providing our services
Legal Obligation: To comply with Swiss legal and regulatory requirements
Legitimate Interest: For security, fraud prevention, business operations, and customer support services (including Intercom, as detailed in Section 14.2)

15.3 Cross-Border Data Transfers

When we transfer personal data outside of Switzerland to countries that do not provide adequate data protection:

European Union: Recognized by Switzerland as providing adequate data protection
United States (EU-U.S. Data Privacy Framework participants): Standard Contractual Clauses are in place with service providers like Intercom
Other Countries: We ensure appropriate safeguards such as Standard Contractual Clauses or binding corporate rules

Intercom & Swiss Data Protection

As detailed in Section 9.2, our customer support platform Intercom processes data in the United States. Intercom is certified under the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses, which Switzerland recognizes as adequate safeguards under the nFADP. Our use of Intercom is based on legitimate interest (providing customer support) as outlined in Section 14.2.

15.4 Data Protection Principles

In accordance with nFADP requirements, we adhere to the following principles:

Privacy by Design: Data protection is integrated into all our processing activities
Data Minimization: We collect only the personal data necessary for specified purposes
Purpose Limitation: Data is processed only for the purposes for which it was collected
Accuracy: We take reasonable steps to ensure personal data is accurate and up-to-date
Storage Limitation: Data is retained only as long as necessary for the specified purposes
Security: Appropriate technical and organizational measures protect personal data

15.5 Lodging a Complaint

If you believe your data protection rights under the nFADP have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC/EDÖB) at www.edoeb.admin.ch.

15.6 Exercising Your Rights

To exercise any of your rights under the nFADP, please contact us at privacy@dot2.solutions. We will respond to your request within 30 days in accordance with nFADP requirements.

16

Governing Law

This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the substantive laws of Switzerland, excluding its conflict of law provisions and excluding the United Nations Convention on Contracts for the International Sale of Goods (CISG).

For any disputes that cannot be resolved amicably, the competent courts at the registered seat of dot2.solutions (Yverdon-les-Bains, Switzerland) shall have exclusive jurisdiction, subject to any mandatory legal venue provisions.