Mentions légales

Preamble

The present Privacy Policy (hereinafter the "Policy") governs the collection, processing, storage, transmission, disclosure and deletion of personal data (hereinafter "Personal Data", as defined in Article 4(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR")) by the operator of the "Final Capsule" platform (hereinafter, interchangeably, the "Operator", "we", "us" or "our"). The Policy forms an integral, indivisible and contractually binding part of the Terms of Service and shall be interpreted consistently therewith; in the event of any divergence between the two instruments with respect to matters strictly confined to data-protection law, the present Policy shall prevail solely to the extent of such divergence and no further.

1. Data Controller and Contact Point

For the purposes of Articles 4(7), 13 and 14 GDPR, the Operator acts as data controller in respect of the Personal Data processed through the Service. The Operator may be contacted, in respect of all data-protection matters and in particular the exercise of the rights set out in Section 7 below, at contact@finalcapsule.com. The Operator has not designated a data protection officer on a mandatory basis within the meaning of Article 37 GDPR, the criteria set out therein not being met; the Operator nonetheless undertakes to handle requests with due diligence.

2. Scope and Applicability

This Policy applies exclusively to Personal Data processed by the Operator in the context of the provision of the Service. It does not apply, and the Operator expressly disclaims any responsibility in respect of, (i) third-party sites, services, applications or infrastructures accessed through or from the Service, (ii) Personal Data voluntarily disclosed by the User to third parties through channels outside the Service, and (iii) content created or uploaded by the User which, by its nature and irrespective of any instruction or knowledge on the part of the Operator, may incidentally contain personal data relating to third parties, the User remaining solely responsible, under Articles 4(7) and 24 GDPR, for any processing characterisable as that of an independent controller in respect thereof.

3. Categories of Personal Data Processed

The Operator processes the following categories of data, on a strictly need-to-process basis:

3.1 Identification and authentication data

Email address, salted-hashed password (never stored in cleartext), display name, account creation timestamp, and such session, device and connection metadata as are strictly necessary to authenticate the User and secure the Service (Article 32 GDPR).

3.2 User-generated content

Messages, capsules, titles, bodies, attachments (images, audio, video, PDF, and such other formats as the Operator may, in its sole discretion, allow or disallow from time to time), together with their associated metadata (timestamps, size, content type, addressees).

3.3 Third-party contact data

Email addresses and display names of Confidants and SafeGuards provided by the User. The User expressly acknowledges that, as regards such third parties, the User has obtained, or is under the obligation to obtain, any consent or legal basis that may be required by applicable law for their inclusion within the Service, and warrants the same to the Operator; the Operator declines any responsibility for the absence, invalidity, or later revocation of such basis.

3.4 Operational and verification data

State-machine phase, attempt counter, next-check-in date, verification tokens and their lifecycle, timestamps of reminder emails sent and received, timestamps of alive-check and safeguard-check confirmations, delivery logs.

3.5 Transactional data

Where applicable, information required to process paid upgrades: Stripe customer identifier, subscription or one-off payment identifier, invoice metadata, plan status. Full card data is never transmitted to, nor stored on, the Operator's infrastructure.

3.6 Technical and security logs

IP addresses, user-agent strings, request paths, response codes, and short-lived error traces retained for the strictly necessary duration to ensure security, fraud detection, incident response, and abuse prevention (Article 6(1)(f) GDPR).

The Operator does not process "special categories" of data within the meaning of Article 9 GDPR on any deliberate or systemic basis; should such data appear in user-generated content, they are processed solely as an incidental and unsolicited consequence of storage, with no independent lawful basis being sought for their collection.

4. Purposes and Legal Bases of Processing

Each category of data is processed under one or more of the legal bases set out at Article 6(1) GDPR, as follows:

• Performance of the contract (Article 6(1)(b) GDPR): provisioning of accounts, storage of capsules, execution of the verification state machine, delivery of capsules to designated Confidants, invoicing, customer support.
• Legitimate interests(Article 6(1)(f) GDPR): security of the Service, fraud prevention, platform abuse detection, diagnostic logging, protection of the Operator's legal rights, internal administrative management. The Operator has conducted a balancing test and considers such interests not to be overridden by the interests, rights or freedoms of data subjects.
• Compliance with legal obligations (Article 6(1)(c) GDPR): accounting, tax, and response to binding requests of competent public authorities.
• Consent (Article 6(1)(a) GDPR), where and only where required, in particular for optional communications unrelated to the performance of the contract, which consent may be freely withdrawn at any time without affecting the lawfulness of prior processing.

5. Recipients and Subprocessors

Personal Data is accessible only to duly authorised personnel of the Operator subject to binding confidentiality undertakings, and to third-party subprocessors engaged under Article 28 GDPR on the basis of written instructions and guarantees substantially equivalent to those imposed upon the Operator. As at the date of this Policy, such subprocessors include, without limitation, the hosting provider, the transactional email provider, the object-storage provider, and the payment processor (Stripe). An updated list is available upon written request. The Operator reserves the right to add, replace or remove any subprocessor at its sole discretion and without prior individualised notice, it being understood that any such change shall not diminish the level of protection afforded to the User.

The Operator shall not sell, rent, barter, or otherwise transfer Personal Data to commercial third parties for purposes unrelated to the Service. The Operator may, however, disclose Personal Data where compelled to do so by a binding order of a competent court or authority, by statute, or for the purpose of asserting, exercising or defending legal claims.

6. International Transfers

The Operator's primary infrastructure is located within the European Union. Where a transfer of Personal Data outside the European Economic Area becomes necessary for the provision of the Service, such transfer shall be carried out exclusively (i) to jurisdictions covered by an adequacy decision of the European Commission under Article 45 GDPR, (ii) under the Standard Contractual Clauses adopted by the Commission under Article 46(2)(c) GDPR, or (iii) on the basis of any other appropriate safeguard expressly provided for by Articles 46 or 49 GDPR. The User may request a copy of the applicable safeguards by writing to the contact address set out in Section 1.

7. Rights of the Data Subject

Subject to, and within the limits of, Articles 15 to 22 GDPR, the User is entitled to exercise the following rights in respect of Personal Data concerning the User:

• right of access (Article 15);
• right to rectification (Article 16);
• right to erasure (Article 17), subject to the exceptions set out therein;
• right to restriction of processing (Article 18);
• right to data portability (Article 20), within the scope defined by that provision;
• right to object (Article 21), in particular where processing is grounded on Article 6(1)(f);
• right not to be subject to automated individual decisions (Article 22), it being specified that the Service does not carry out decision-making producing legal effects or similarly significant effects on data subjects within the meaning of that Article.

Requests must be addressed in writing to contact@finalcapsule.com. The Operator shall respond within the one-month period provided for at Article 12(3) GDPR, extendable by a further two months where required by the complexity or number of requests. For authentication purposes, the Operator may request reasonable proof of identity. Where a request is manifestly unfounded or excessive, in particular because of its repetitive character, the Operator may, pursuant to Article 12(5) GDPR, either charge a reasonable fee or refuse to act on the request. The User further retains the right to lodge a complaint with the competent supervisory authority, namely, in Switzerland, the Federal Data Protection and Information Commissioner (Préposé fédéral à la protection des données et à la transparence, hereinafter "FDPIC"), or, where applicable, the supervisory authority of the User's Member State of habitual residence within the European Union.

8. Retention

Personal Data is retained only for such period as is strictly necessary to achieve the purposes for which it was collected, subject to the longer retention periods mandated by applicable legal or regulatory obligations (including accounting and tax law). In particular:

• account-level data is retained for the duration of the account and deleted promptly upon account termination;
• capsules, attachments and their metadata are retained until they are either deleted by the User, delivered, or the account is terminated;
• technical and security logs are retained for no longer than is strictly required for the purposes set out at Section 3.6;
• invoicing and transactional records are retained for the duration required by applicable accounting and tax law (typically up to ten years in Switzerland pursuant to Article 958f of the Swiss Code of Obligations);
• residual copies within encrypted backups are overwritten in accordance with the ordinary backup-rotation cycle, which the Operator typically carries out within thirty (30) days.

9. Security Measures

The Operator implements appropriate technical and organisational measures within the meaning of Article 32 GDPR, proportionate to the nature, scope, context and purposes of processing and to the risks for the rights and freedoms of natural persons. Such measures include, without limitation, encryption in transit (TLS), encryption at rest for primary storage volumes, salted one-way hashing of passwords, role-based access controls, audit logging, regular security patching, and periodic review of the foregoing. The User acknowledges that, notwithstanding such measures, no information system can be guaranteed to be free from compromise; any representation contained in this Policy shall be construed as an undertaking of means, not of result.

10. Breach Notification

In the event of a Personal Data breach within the meaning of Article 4(12) GDPR likely to result in a risk to the rights and freedoms of natural persons, the Operator shall notify the competent supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it, in accordance with Article 33 GDPR. Where such breach is likely to result in a high risk within the meaning of Article 34 GDPR, affected data subjects shall be notified individually, unless one of the exceptions set out at Article 34(3) GDPR applies.

11. Cookies and Analogous Technologies

The Service uses strictly necessary cookies and local-storage items required for authentication, session continuity, theme persistence, and the prevention of abuse, on the basis of the legitimate-interest exception and by analogy to Article 45c of the Swiss Federal Telecommunications Act (LTC/FMG) and Recital 30 GDPR. The Service does not, at the date of this Policy, deploy advertising cookies, cross-site tracking cookies or analytics cookies of an individualising nature. Should the Operator introduce any such technology in the future, prior consent shall be collected in accordance with applicable law.

12. Minors

The Service is not designed for, addressed to, or marketed towards persons under the age of sixteen (16) or such higher minimum age as may be prescribed by applicable national law (Article 8 GDPR). The Operator does not knowingly collect Personal Data from such persons; any Personal Data discovered to have been collected from a person below the applicable minimum age shall be deleted upon reasonable notice to the Operator.

13. Amendments to the Policy

The Operator reserves the right to amend, update, supplement or otherwise modify this Policy at any time and in its sole discretion, in particular but not exclusively to reflect changes in applicable law, jurisprudence, guidance issued by competent authorities, or the Service itself. Such amendments shall take effect upon publication on the Service. Where the amendment materially affects the rights of the User, a reasonable effort shall be made to provide prior notice by email or by in-Service notification. Continued use of the Service following publication of an amendment shall constitute unequivocal acceptance thereof.

14. Contact

Any question, request, complaint or observation relating to this Policy may be addressed to contact@finalcapsule.com. Complaints may also be lodged with the competent supervisory authority, namely, in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch, or with the supervisory authority of the User's Member State of habitual residence within the European Union.