FonctionnalitésTarifsTémoignages
Connexion

Privacy Policy

Last updated: March 23, 2026

1. Controller

The controller responsible for data processing on this website is:

Wydler Digital
Clos-de-Bonané 46, 1565 Vallon, Switzerland
Contact: info@patrivo.com

2. Applicable law

This Privacy Policy is governed by the Swiss Federal Act on Data Protection (nFADP/DSG) effective since September 1, 2023, and, where applicable, the EU General Data Protection Regulation (GDPR). We are committed to protecting your personal data in accordance with these regulations.

3. Data we collect

We collect and process the following categories of personal data:

  • Account data: name, email address, and hashed password when you create an account.
  • Financial data: transaction records, account balances, budgets, and savings goals that you enter into the application.
  • Receipt data: receipt images you scan using our receipt scanning feature. Images are sent to Anthropic's Claude API for optical character recognition (OCR) to extract transaction data. Receipt images are processed in real time and are not stored by Patrivo or Anthropic after extraction is complete.
  • Payment data: subscription and billing information processed through our payment provider Stripe. We do not store your credit card details directly — these are handled entirely by Stripe in accordance with PCI DSS standards.
  • Usage data: dashboard layout preferences, widget visibility settings, and theme preferences stored locally on your device.
  • Technical data: IP address, browser type, device information, and session data necessary for authentication and security.

4. Purpose of data processing

We process your personal data for the following purposes:

  • Providing and operating the Patrivo service
  • User authentication and account management
  • Displaying your financial data and analytics on your dashboard
  • Improving the security and performance of our application
  • Communicating with you regarding your account or service updates
  • Complying with legal obligations under Swiss law

5. Legal basis for processing

Under Swiss data protection law, the processing of personal data by private persons is lawful unless it constitutes an unlawful violation of the data subject's personality rights (Art. 30 para. 2 nFADP). The following justification grounds apply to our processing:

  • Contract performance: processing necessary to provide you with the services you registered for (Art. 30 para. 2 let. a nFADP).
  • Consent: where you have given explicit consent for specific processing activities, such as analytics cookies (Art. 30 para. 2 let. a nFADP).
  • Overriding private interest: processing necessary for our legitimate interests, such as improving our services and ensuring security, provided these interests are not overridden by your rights (Art. 30 para. 2 let. b nFADP).
  • Legal obligation: processing required to comply with applicable Swiss law (Art. 30 para. 2 let. c nFADP).

6. Data sharing and transfers

We do not sell your personal data. We may share your data with the following categories of processors:

  • Hosting & database: our infrastructure provider and MongoDB database service, used to store and serve your application data.
  • Payment processing: Stripe Inc. processes your subscription payments. Stripe acts as a data controller for payment card data under its own privacy policy.
  • Analytics & advertising: Google Analytics and Google Ads, activated only with your explicit consent via our cookie banner.
  • AI processing (Anthropic): receipt images are sent to Anthropic's Claude API for AI-based optical character recognition to extract transaction data (merchant name, amount, date, category). No personally identifiable information is extracted from receipts. Images are processed in real time and are not stored by Patrivo or Anthropic after extraction. Anthropic's data processing is governed by their privacy policy and data processing terms.
  • Legal authorities: when required by Swiss law or a valid legal order.

All processors are bound by contractual data protection obligations. If personal data is transferred to a country without adequate data protection as recognized by the Swiss Federal Council, we ensure appropriate safeguards are in place (e.g., standard contractual clauses approved by the FDPIC) in accordance with Art. 16–17 nFADP.

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. When you delete your account, we will erase your personal data within 30 days, unless legal retention obligations apply (e.g., accounting records under Swiss OR Art. 958f).

8. Data security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction, in accordance with Art. 8 nFADP. Passwords are cryptographically hashed and never stored in plain text. All data is transmitted over encrypted connections (TLS).

9. Automated processing

Patrivo uses automated processing in the following contexts:

  • Receipt scanning: receipt images are sent to Anthropic's Claude API, which automatically extracts merchant name, date, amounts, and categories via AI-based optical character recognition (OCR). This processing does not produce legal effects or similarly significantly affect you — it is used solely to facilitate data entry.
  • Post-scan insights: contextual feedback displayed after each scan (e.g., budget status, spending trends, streak tracking) is generated automatically based on your financial data. These insights are informational and do not constitute financial advice.

In accordance with Art. 21 nFADP, you have the right to be informed about automated individual decisions that significantly affect you and to request human review. You may exercise this right by contacting us at info@patrivo.com.

10. Your rights

Under the nFADP, you have the following rights regarding your personal data:

  • Right of access (Art. 25 nFADP): you may request information about the data we hold about you.
  • Right to rectification: you may request correction of inaccurate or incomplete data.
  • Right to erasure: you may request deletion of your personal data, subject to applicable legal retention requirements.
  • Right to data portability (Art. 28 nFADP): you may request your data in a commonly used, machine-readable format.
  • Right to object: you may object to the processing of your personal data.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at info@patrivo.com. We will respond within 30 days.

11. Cookies and local storage

Patrivo uses essential cookies and localStorage for authentication sessions and user preferences (theme, dashboard layout). Essential cookies are necessary for the proper functioning of the service and do not require consent under Swiss law.

With your explicit consent, we also use Google Analytics and Google Ads cookies to analyze site traffic and measure advertising effectiveness. These cookies are only activated after you accept them via our cookie consent banner. We implement Google Consent Mode v2, which ensures that no analytics or marketing data is collected until you give your consent.

For full details on all cookies used, please refer to our Cookie Policy.

12. Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC):

FDPIC
Feldeggweg 1
CH-3003 Bern
Website: www.edoeb.admin.ch

13. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.