Privacy Policy
This Privacy Policy explains how dato3 (“dato3”, “we”, “us”) collects and processes personal data across dato3 and the products, websites and applications we operate (together, the “Services”). dato3 is a service operated by Marko Milicic (Casella postale, 6710 Biasca, Switzerland). We act as data controller for the data described below, in accordance with the Swiss Federal Act on Data Protection (FADP) and, where it applies to users in the European Union, the EU General Data Protection Regulation (GDPR).
1. Data we collect
Account data: your name, email address, password (stored in hashed form by our infrastructure provider) and account settings.
Content and data you provide: the information, text, files and other content you submit to, or generate through, the Services.
Third-party account data: where a Service lets you connect a third-party account (for example Google), the data and permissions you authorise. We store any related authorisation tokens securely.
Billing data: subscription status and customer identifiers from our payment processor, Stripe. Card details are handled directly by Stripe; we do not store full card numbers.
Usage and technical data: log data, IP address, device and browser information, and cookies.
Communications: information you send us, for example by email or through a contact form (name, email, message).
2. How and why we use data
To provide and operate the Services; to process payments and manage subscriptions; to send service and notification emails; to secure the Services and prevent abuse; to measure and understand how our websites are used (analytics); to comply with legal obligations; and to improve the Services.
3. Legal bases and lawfulness
We process personal data lawfully, in good faith and proportionately, in line with Swiss data protection law. Where the GDPR applies, we rely on: performance of our contract with you (to provide the Services); our legitimate interests (security, prevention of abuse, improving the Services); your consent where required; and compliance with legal obligations (for example accounting and tax).
4. AI processing
To provide certain features, relevant content (such as text you submit) may be processed by our AI provider, Anthropic (Claude), solely to deliver the feature you requested. We do not use this content to train models.
5. Service providers and sub-processors
We share data with providers who process it on our behalf under appropriate agreements: Vercel (application hosting and content delivery), Supabase (database and authentication), Stripe (payments), Anthropic (AI generation), Resend and MailerSend (transactional email), Cloudflare (anti-abuse and anti-spam protection), and Google (Google Analytics for aggregated website usage statistics and, where a Service integrates them, the relevant Google APIs). Each processes data only as needed to provide its function.
6. International transfers
Some providers may process data outside Switzerland or the European Economic Area. Where this happens, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses together with the Swiss addendum recognised by the FDPIC, or transfers to countries recognised as providing adequate protection.
7. Retention
We keep account and service data for as long as your account is active and for a reasonable period afterwards. Billing and invoicing records are kept for the period required by applicable Swiss tax law. Backups are deleted on a rolling basis. You can request deletion as described below.
8. Your rights
Under Swiss data protection law and, where applicable, the GDPR, you have the right to access your data and to obtain information about its processing, and to rectify, erase, restrict or object to the processing, as well as the right to data portability. Where processing is based on consent, you can withdraw it at any time.
To exercise these rights, contact support@dato3.com. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, if you are in the EU, with your local supervisory authority.
9. Cookies
We use essential cookies to run our sites and remember your preferences and, where a Service uses them, secure cookies for authentication and sessions (via Supabase) and anti-abuse protection (Cloudflare Turnstile).
Where we use Google Analytics to understand aggregated, anonymous website usage — for example which pages are viewed and general usage patterns — those analytics cookies are set only with your consent, which you can give or withdraw at any time through the cookie banner. We do not use cookies for advertising.
10. Security
We apply reasonable technical and organisational measures to protect your data, including encryption in transit, access controls and database-level row security. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
11. Children
The Services are intended for adults and businesses and are not directed at children. We do not knowingly collect personal data from anyone under 16.
12. Changes and contact
We may update this Policy from time to time and will post the updated version with a new date. For privacy questions or requests, contact us at support@dato3.com.