Privacy Policy

The controller responsible for data processing on the Platform is:

DACHREPUBLIC c/o Benjamin Galler
Stationsstrasse 67
8606 Nänikon/Zurich, Switzerland
Email: info@dachrepublic.com

For data protection matters, please contact us at the email address above. If we are required to designate an EU representative under Art. 27 GDPR, the contact details will be published here.

This Policy applies to all visitors and registered users of the Platform, including publishers and Ad Tech providers. By using the Platform, you acknowledge the practices described here.

Depending on how you use the Platform, we may process the following data:

• Account data: email address, password (hashed), authentication provider (email or Google OAuth), user role (publisher, provider, admin), account status, created/updated timestamps.
• Publisher profile data: domain, website information, uploaded media kits, audience insights, ad format details, and other information you enter manually or via the onboarding chatbot.
• Provider profile data: company name, description, logo, product categories, contact details, and other information submitted to the Platform.
• Chatbot interactions: messages you send to the onboarding and qualification chatbots, including any business information you voluntarily provide.
• Communication data: inquiries, matches, and messages exchanged between publishers and providers through the Platform.
• Technical/log data: IP address, browser and device information, referrer URL, timestamps, and pages accessed. This is processed for security, abuse prevention, and operating the service.
• Cookies and similar technologies: see Section 7.

Please do not submit confidential business secrets, sensitive personal data (e.g. health, religion, political opinions), or third-party personal data through the Platform.

We process personal data for the following purposes and legal bases (GDPR):

• Providing the Platform and your account (Art. 6(1)(b) GDPR — contract): registration, authentication, profile management, matching publishers with providers, displaying provider listings.
• Chatbot-assisted onboarding and qualification (Art. 6(1)(b) GDPR — contract; Art. 6(1)(a) — consent where required): processing your messages with AI providers to extract structured profile information.
• Security, fraud prevention, and stability (Art. 6(1)(f) GDPR — legitimate interest): server logs, abuse detection, rate limiting.
• Communication (Art. 6(1)(b)/(f) GDPR): responding to inquiries, sending transactional notifications.
• Legal compliance (Art. 6(1)(c) GDPR): bookkeeping, tax, and regulatory obligations for paying providers.

Under the Swiss nFADP, processing is justified on equivalent grounds.

We do not sell personal data. We do not share personal information, confidential business information, or trade secrets with third parties for their own marketing purposes.

Information that publishers explicitly choose to share with a provider through the Platform (e.g. by sending an inquiry or being matched) will be visible to that provider so they can respond.

We rely on carefully selected service providers ("processors") that act on our instructions under data processing agreements:

• Hosting & build infrastructure — application hosting, build and preview infrastructure.
• Managed backend (Supabase) — managed database, authentication, file storage, and serverless functions.
• AI providers, including Google (Gemini) and OpenAI (GPT) — processing of chatbot messages and document extraction.
• Cloudflare — edge hosting, CDN, and DDoS protection.
• Email delivery providers — sending transactional emails (e.g. authentication, notifications).
• Google — when you sign in with Google OAuth.

Some of these providers process data outside Switzerland and the EU/EEA (e.g. in the United States). See Section 9.

The Platform uses a limited set of cookies and local storage, including:

• Strictly necessary: authentication session tokens, CSRF protection, cookie-consent preference. These cannot be disabled if you want to use the Platform.
• Functional: UI state such as theme, language, or last visited section.

We do not use advertising or cross-site tracking cookies. You can manage your consent at any time via the cookie banner. Browsers also let you delete cookies and local storage manually.

When you interact with the onboarding or qualification chatbot, your messages and any uploaded documents (e.g. media kits) are sent to AI providers to generate responses and extract structured information. Inputs may be transmitted to and processed in countries outside Switzerland and the EU/EEA.

Please do not enter sensitive personal data, confidential trade secrets, or third- party personal data into the chatbot.

Where personal data is transferred to countries outside Switzerland or the EEA, we ensure an adequate level of protection, in particular through:

• adequacy decisions by the European Commission or Swiss Federal Council;
• EU Standard Contractual Clauses (SCCs) and the Swiss addendum where required;
• additional technical and organizational safeguards.

We retain personal data only as long as necessary:

• Account and profile data: while your account is active, plus a short period after deletion to handle backups and disputes.
• Chatbot transcripts and generated profile data: while needed for the matching service, typically for the lifetime of the account.
• Inquiries and messages between publishers and providers: typically up to 24 months after the last activity.
• Server logs: typically up to 90 days, unless needed longer for security investigations.
• Invoicing and bookkeeping records (paying providers): up to 10 years where required by Swiss law.

The Platform uses automated logic to match publishers with potentially relevant providers (e.g. based on profile data, ad formats, audience). This matching is a recommendation and does not produce legal effects or similarly significant effects on you within the meaning of Art. 22 GDPR — you remain free to contact, ignore, or dismiss any provider.

We apply appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, role-based authorization, database row-level security, and regular updates of our infrastructure.

Subject to applicable law, you have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion ("right to be forgotten");
• request restriction of processing;
• data portability;
• object to processing based on legitimate interests;
• withdraw consent at any time, without affecting prior lawful processing.

To exercise these rights, contact info@dachrepublic.com. You also have the right to lodge a complaint with a supervisory authority — in Switzerland the Federal Data Protection and Information Commissioner (FDPIC / EDÖB), or your local EU data protection authority.

The Platform is intended for business users and is not directed at children. We do not knowingly collect personal data from individuals under 16. If you believe a minor has provided us personal data, please contact us so we can delete it.

You may request deletion of your account at any time by emailing info@dachrepublic.com. We will delete or anonymize your data within a reasonable period, subject to legal retention obligations.

We may update this Privacy Policy from time to time. The current version is always available on this page with the "Last updated" date. Material changes will be communicated through the Platform or by email where appropriate.

DACHRepublic, Switzerland

Email: info@dachrepublic.com