Privacy Policy

Purpose of this privacy policy

This privacy policy informs you as a user of the website www.credura.ch (hereinafter 'Credura Website') and the Credura platform (hereinafter 'Credura Platform') about the collection, processing and use of personal data by Credura GmbH, Kantonsstrasse 35, 8807 Freienbach, Switzerland (hereinafter 'Credura').

1. Your data — our concern

The protection of your personal data is very important to us. This privacy policy explains how we collect, use, disclose and protect your personal data when you use our platform for digital insurance advice.

2. Who is responsible for your data?

Responsible for data processing on this website is:
Credura AG
Kantonsstrasse 35
8807 Freienbach
Switzerland
Email: hallo@credura.ch

3. What data do we collect from you?

We process various types of data that you provide to us or that arise from your use of our platform:

• Identification and contact data: Your name, address, email address, phone number, date of birth, gender.
• Insurance-related data: Information about existing insurance, your life situation, your preferences, risk profile, and health information (only if necessary for advice and with your explicit consent).
• Communication data: The content of your communication with us through various channels (e.g. chat, email, WhatsApp).
• Usage data: Information about your use of our platform, such as pages visited, interactions, your IP address, date and time of access.
• Financial data: Bank details, credit card data (only for payment processing).

4. What do we use your data for?

We process your data for the following purposes:

• To offer you insurance advice: We use your data to provide personalised insurance offers, perform analyses and process your enquiries.
• Operation and improvement of our platform: Your data helps us ensure the functionality and security of our platform and continuously improve our services.
• Customer communication: To contact you, answer your enquiries and inform you about relevant information.
• Contract processing: For the initiation, execution and processing of contracts.
• Marketing and analysis: To analyse the use of our platform and provide you with personalised marketing information (provided you have given us your consent).
• Fulfilment of legal obligations: To comply with legal requirements and regulatory demands.

5. Who receives your data? (Our service providers)

To effectively provide our services, we work with various external service providers who process data on our behalf. These service providers are contractually obliged to treat your data strictly confidentially and to process it only according to our instructions.
We use the following service providers:

• Google Workspace (Google LLC): For internal and partner communication (emails, calendar, documents).
• Google Cloud (Google LLC): For hosting our platform and using large language models (LLM) to improve our advisory services.
• AWS (Amazon Web Services, Inc.): For secure storage of files and data.
• HubSpot (HubSpot, Inc.): As a Customer Relationship Management (CRM) system for managing customer data and interactions.
• Render (Render Inc.): For additional hosting services of our platform.
• n8n (n8n.io): For automating internal processes and data flows.
• Slack (Slack Technologies, Inc.): For internal team communication and collaboration.
• Amplitude (Amplitude, Inc.): For web and product analytics to improve our platform and services.
• Hotjar (ContentSquare Ltd.): For user analytics and improving user experience on our website through recording anonymised usage sessions and heatmaps.
• Meta Pixel (Meta Platforms, Inc.): For measuring and optimising our advertising on Facebook and Instagram and for creating target audiences for advertising purposes.
• WhatsApp (Meta Platforms, Inc.): For customer communication. Please note WhatsApp's privacy policy.
• Resend (Resend Inc.): For sending emails as part of customer communication.
• Logfire (Pydantic): For observing our AI agents.
• Stripe (Stripe, Inc.): For secure payment processing.
• Skribble (Skribble AG): For digital document signing.

Data transfers to third countries outside Switzerland or the EEA only take place in compliance with legal requirements, e.g. on the basis of standard contractual clauses or adequate data protection guarantees.

6. How do we protect your data?

We employ comprehensive technical and organisational security measures to protect your data against manipulation, loss, destruction and unauthorised access. These include encryption (SSL/TLS), firewalls, access controls and regular security audits. Our security measures are continuously improved in line with technological developments.

7. How long do we store your data?

We store your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law (e.g. retention obligations for business documents). After that, your data is deleted or anonymised.

8. Your rights — your control over your data

You have the right at any time to request information about the personal data we process about you. In addition, you have the following rights:

• Right to rectification: You can request the correction of inaccurate or incomplete data.
• Right to erasure (right to be forgotten): You can request the deletion of your data, provided no legal retention obligations apply.
• Right to restriction of processing: You can request the restriction of processing of your data.
• Right to data portability: You can request that we provide your data in a structured, commonly used and machine-readable format.
• Right to withdraw consent: If processing is based on your consent, you can withdraw it at any time with effect for the future.
• Right to object: You can object at any time to the processing of your data based on legitimate interest.
• Right to complain: You have the right to complain to the competent data protection authority if you believe that the processing of your data violates the law. The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

To exercise your rights, please contact us at the email address mentioned in point 2.

9. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time. The current version will be published on our website. It is your responsibility to regularly inform yourself about the content of the privacy policy.

Do you have questions about our privacy policy or the processing of your data? Don't hesitate to contact us!