Privacy Policy

The data controller responsible for processing your personal data under the Swiss Federal Act on Data Protection (nDSG/LPD) and, where applicable, the EU General Data Protection Regulation (GDPR) is:

2.1 Registration & Account Data

Full name, email address, password (hashed), role (client or insurer), preferred language/locale.

2.2 Company & Onboarding Data

Legal company name, country of operation, company logo, and selected subscription plan — collected when an insurance company registers.

2.3 Usage Data

Insurance quote requests, offers, messages exchanged, contract acceptances, and review ratings submitted on the platform.

2.4 Payment & Billing Data

Subscription plan, payment status, and Stripe customer/subscription identifiers. Full card data is processed exclusively by Stripe and is never stored on PoliSure servers.

2.5 Technical Data

IP address, browser type, operating system, referring URLs, and session tokens.

2.6 B2B Insured Data

Where insurance companies use PoliSure to process policyholder data, PoliSure acts as a data processor under a separate Data Processing Agreement (DPA).

• Performance of a contract — to provide the PoliSure platform and manage your account.
• Legal obligation — to comply with applicable Swiss and EU financial, tax, and anti-money-laundering regulations.
• Legitimate interests — to improve our platform, prevent fraud, and ensure system security.
• Consent — where you have explicitly given consent (e.g. optional marketing communications).

• Supabase (database & auth) — region eu-central-2 (Zurich / Frankfurt), within the EEA. Standard Contractual Clauses (SCCs) for any onward transfers.
• Vercel (hosting) — primary deployment in Europe; EU-US Data Privacy Framework and SCCs.
• Stripe (payments) — US-based, under SCCs and EU-US Framework. Only billing metadata is transferred.
• Resend (email) — US-based, under SCCs. Only recipient email address and minimum delivery data are transmitted.

• Right of access — obtain a copy of the data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your data, subject to legal retention obligations.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to restrict processing — limit how we use your data.
• Right to withdraw consent — at any time, without justification.

To exercise any right, contact us at privacy@polisure.app. We respond within 30 days.

• Account data — retained for the duration of the contract plus 5 years after account closure.
• Financial documents and contracts — 10 years under Swiss commercial law (CO Art. 958f).
• Technical logs — up to 90 days, then automatically deleted.
• Marketing consents — until withdrawal plus 3 years.

PoliSure uses only technically necessary cookies: session cookies, language preference cookies, and currency preference cookies. We do not use advertising, tracking, or analytics cookies.

EU/EEA users may also contact their local Data Protection Authority.

We may update this Privacy Policy at any time. Material changes will be communicated by email at least 14 days before they take effect.