Plain-language summary: We collect only what we need to run the site and deliver the audit report you ask for. We do not sell your data. Analytics and heatmaps load only after you accept cookies. IP addresses are truncated before storage. You can ask us to access or delete your data at any time. Full detail below.
1. Who we are
Canton Compliance Hub (cantoncompliancehub.ch) is operated by Giladi Marketing, an Osek Murshe (Israeli sole proprietorship) based in Israel. For the purposes of the revised Swiss Federal Act on Data Protection (nDSG / FADP) and, where it applies, the EU General Data Protection Regulation (GDPR), we are the data controller for personal data processed through this website.
Giladi Marketing · Ben Gurion 38, Ramat Gan 5270009 · Israel
Data protection contact: privacy@cantoncompliancehub.ch
2. Data we collect
2.1 Data you give us directly
- Free audit tool. When you use the compliance audit you provide a free-text business description, your canton and business type, answers to follow-up questions, and (at the final step) your first name, last name, email address, and phone number. You may also include revenue figures or other operational detail in the free-text fields.
- Advertising attribution. If you arrive from a Google Ads click (gclid) or a Meta ad (fbclid), that identifier is captured with your audit submission so we can measure advertising effectiveness.
We do not run a contact form. General enquiries reach us by email only, so the only personal data you send that way is whatever you choose to write in your message.
2.2 Data collected automatically
- Journey log. We record anonymised page visits, session duration, referral source, and audit progress. IP addresses are truncated (last octet removed) before storage and are never kept in full, so this data cannot be tied to an individual.
- Server logs. Standard web-server logs record request metadata for security and diagnostics, retained for a short period only (see Retention).
- Analytics (consent required). With your consent we load Google Analytics 4 and Microsoft Clarity (session heatmaps). Neither is loaded until you accept analytics cookies in the consent banner.
2.3 Data from third parties
If you click an affiliate link and complete a sign-up or purchase, the partner may share a transaction reference so we can verify the referral and any commission. We do not receive your account or payment details from those transactions.
3. How we use your data
| Purpose | Data used |
|---|---|
| Generate your compliance audit report | Business description, canton, business type, answers, revenue (if given) |
| Send your audit report by email | Email address |
| Connect you with a fiduciary (only if you consent) | Name, email, phone, canton, business type |
| Respond to email enquiries | Your email address and message content |
| Measure advertising effectiveness | gclid / fbclid attribution identifier |
| Improve the site and content | Anonymised journey log + analytics (with consent) |
| Security and fraud prevention | Server logs (short retention) |
We do not use your data for automated decision-making that produces legal or similarly significant effects about you. The audit report is generated by an AI system as general information, not an individual decision about your rights.
4. Legal basis for processing
Under the FADP and, where applicable, the GDPR, we rely on the following bases:
- Contract / your request: processing your audit submission and delivering the report you asked for.
- Consent: loading analytics and heatmap tools, and connecting you with a fiduciary partner. You can withdraw consent at any time.
- Legitimate interests: anonymised usage measurement, security logging, and improving the accuracy of our compliance content. We have assessed that these do not override your rights.
- Legal obligation: keeping records where the law requires it.
5. Sharing your data
We never sell your personal data. We share it only with the service providers (processors) below, each bound to protect it and to process it only on our instructions:
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Server hosting and our database | Germany (EU) |
| OpenRouter, Inc. | AI gateway that routes your audit text to the language model that writes the report | USA (SCCs) |
| OpenAI, LLC | Text embeddings and fallback report generation. API data is not used for model training. | USA (SCCs) |
| Zoho Corporation | Transactional email delivery of your audit report | EU (Zoho EU) |
| Google Ireland Ltd (GA4) | Page analytics. Consent-gated; not loaded unless you accept. | Ireland / USA (SCCs) |
| Microsoft Corp (Clarity) | Session heatmaps. Consent-gated; not loaded unless you accept. | USA (SCCs) |
We also share data with a fiduciary referral partner only when you use the audit tool and consent to an introduction. You are told this before the referral is made. Separately, we may disclose data if required by law, court order, or to protect the rights and safety of users or others.
SCCs = EU Standard Contractual Clauses. Israel holds adequacy status under the Swiss FADP, so transfers from Switzerland to our Israel-based operator are lawful without additional safeguards.
6. Cookies & local storage
We keep cookies to a minimum and use none for advertising or cross-site tracking. Most of what the site stores lives in your browser’s local and session storage, not in cookies at all.
| What | Purpose | Duration |
|---|---|---|
| Audit progress (session storage) | Keeps your audit answers so you do not lose them if you navigate away | Cleared when you close the tab |
| Consent choice (local storage) | Remembers whether you accepted or declined analytics | Until you clear it |
| Language preference | Stores your chosen language (EN / DE / FR / IT) | Until you clear it |
| Analytics cookies (GA4 / Clarity) | Set only after you accept analytics. Anonymised measurement, no cross-site tracking. | Per provider (typically up to 14 months) |
You can block or delete cookies and storage at any time in your browser settings. The core content of the site remains readable without them.
7. Data retention
- Audit data (name, email, phone, report): kept for up to 3 years for fiduciary follow-up, or until you ask us to delete it, whichever comes first.
- Anonymised journey log: deleted after 90 days.
- Server logs: kept for a short period (about 30 days) for security only.
- Analytics data: per the GA4 and Microsoft Clarity retention settings (typically up to 14 months), aggregated and anonymised.
8. Your rights
Under the FADP (Art. 25 ff.) and, where it applies, the GDPR (Art. 15-22), you have the right to:
- Access a copy of the personal data we hold about you
- Rectification of inaccurate or incomplete data
- Erasure of your data, subject to legal retention duties
- Restriction of processing while a dispute is resolved
- Portability, to receive your data in a machine-readable format
- Objection to processing based on legitimate interests, and to fiduciary contact or marketing
- Withdrawal of consent at any time, without affecting prior lawful processing
To exercise any right, email privacy@cantoncompliancehub.ch. We respond within 30 days. There is no charge for reasonable requests.
9. International transfers
Our operator is based in Israel, which the Swiss authorities recognise as providing an adequate level of data protection, so transfers from Switzerland are lawful. Some processors (for example our AI gateway and analytics) may process data on servers outside Switzerland and the EU. Where that happens we rely on adequacy decisions or EU Standard Contractual Clauses. We do not transfer data to countries without an adequate level of protection unless such safeguards are in place.
10. Contact & complaints
For any privacy question, or to exercise your rights, contact us at privacy@cantoncompliancehub.ch.
If you are not satisfied with our response, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
We will tell you about material changes to this policy by updating the date at the top of this page.