Skip to content
Innopulse
Navigate
Get in touch
Contact
info@innopulse.io+41 79 508 28 06
Gotthardstrasse 30, 6300 Zug
Legal

Privacy Policy

This policy explains how Innopulse Consulting GmbH processes personal data in compliance with the EU General Data Protection Regulation (GDPR), the revised Swiss Federal Act on Data Protection (nFADP / revDSG), and the Swiss Ordinance on Data Protection (DPO).

Last updated: April 2026
Table of Contents
  1. Data Controller
  2. Scope & Legal Framework
  3. Core Principles
  4. Categories of Data We Process
  5. Purposes & Legal Bases
  6. Website & Analytics
  7. Contact Form & Email
  8. Cookies
  9. Recipients & Processors
  10. International Transfers
  11. Retention Periods
  12. Your Rights
  13. Security Measures
  14. Processing of Minors' Data
  15. Automated Decision-Making
  16. Changes to This Policy
  17. Contact & Supervisory Authority

1. Data Controller

The data controller within the meaning of Article 4(7) GDPR and Article 5(j) revDSG is:

Innopulse Consulting GmbH
Gotthardstrasse 30
6300 Zug, Switzerland
UID: CHE-219.727.921
Email: info@innopulse.io
Phone: +41 79 508 28 06

As a Swiss entity with EU-resident users, we act as controller under both the Swiss revDSG and the GDPR. Where we act as processor on behalf of a client, the client remains the controller and this policy applies only to our role as the operator of innopulse.io.

We have not appointed a Data Protection Officer as we are not required to do so under Art. 37 GDPR or Art. 10 revDSG. Privacy matters are handled directly by management at the email above.

2. Scope and Legal Framework

This privacy policy applies to our website https://innopulse.io and related services operated by Innopulse Consulting GmbH. For each SaaS product listed in our portfolio (ai-risk-check.com, abotracker.ch, subtracker.io, budgethub.ch, signntrack.com, mindoro.ch, seoboost.ch, and innopulse-academy.ch), a separate product-specific privacy policy applies and supersedes this document for the scope of that product.

The legal framework comprises:

  • Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR)
  • Swiss Federal Act on Data Protection of 25 September 2020 (revDSG / nFADP), in force since 1 September 2023
  • Swiss Ordinance on Data Protection (DPO / VDSG), in force since 1 September 2023
  • Swiss Federal Act on the Surveillance of Post and Telecommunications (BÜPF / SPTA)
  • Directive 2002/58/EC (ePrivacy Directive), where applicable
  • Swiss Federal Act against Unfair Competition (UWG), Art. 3(1)(o) for electronic communications

3. Core Principles

We adhere to the data protection principles of both legal regimes, in particular:

  • Lawfulness, fairness, transparency (Art. 5(1)(a) GDPR, Art. 6 revDSG)
  • Purpose limitation — data is collected for specified, explicit purposes and not further processed incompatibly
  • Data minimisation — we collect only what is necessary for the stated purpose
  • Accuracy — inaccurate data is corrected or deleted without delay
  • Storage limitation — data is retained only as long as necessary
  • Integrity and confidentiality — appropriate technical and organisational measures (TOMs)
  • Accountability — we document and can demonstrate compliance on request

4. Categories of Data We Process

Depending on the interaction, we may process the following categories of personal data:

  • Identification and contact data: first and last name, email address, phone number, company name, role
  • Communication content: the subject and message you send via our contact form or by email
  • Commercial context: prospective service interest, budget range, and engagement preferences disclosed by the user
  • Technical log data: IP address (anonymised where possible), user-agent string, referrer, requested URL, HTTP method, status code, timestamp
  • Device and session data: type of device, operating system family, browser family, screen resolution class
  • Cookie identifiers: only strictly necessary cookies — see Section 8

We do not knowingly process special categories of personal data under Art. 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric or genetic data) via this website. If such data is provided by a user voluntarily in the free-text field of the contact form, it is processed on the basis of the user's explicit consent under Art. 9(2)(a) GDPR and deleted without undue delay after the request is handled.

5. Purposes of Processing and Legal Bases

Each processing activity is tied to a specific purpose and a corresponding legal basis under Art. 6(1) GDPR and Art. 31 revDSG:

5.1 Provision of the website

Purpose: delivering the website, ensuring its stability, security, and functionality. Legal basis: our legitimate interest in operating and protecting our online presence (Art. 6(1)(f) GDPR; Art. 31(1) revDSG). Necessary data: technical log data as described above.

5.2 Responding to inquiries

Purpose: answering questions submitted via contact form or email, preparing quotations, scoping engagements. Legal basis: performance of a contract or pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR), and our legitimate business interest in servicing prospects (Art. 6(1)(f) GDPR) where no contract is ultimately concluded.

5.3 Compliance with legal obligations

Purpose: bookkeeping, tax documentation, anti-money-laundering checks where applicable, and retention of commercial correspondence. Legal basis:compliance with a legal obligation (Art. 6(1)(c) GDPR; Art. 31(1) revDSG in conjunction with the Swiss Code of Obligations).

5.4 Defence of legal claims

Purpose: establishing, exercising, or defending legal claims. Legal basis: legitimate interest (Art. 6(1)(f) GDPR), limited to what is necessary and proportionate.

6. Website Operation and Server Logs

When you visit https://innopulse.io, our hosting infrastructure automatically collects technical data that your browser transmits. This includes:

  • The IP address of the requesting device (processed in anonymised form where feasible)
  • The date and time of the request
  • The requested URL and HTTP method
  • The HTTP status code returned
  • The user-agent string (browser and OS family)
  • The referring URL, if transmitted
  • The volume of data transferred

This data is technically required to deliver the website to your device and to ensure its stable and secure operation. Log data is retained for up to 14 days and then deleted, unless a specific incident (e.g. an attack or abuse report) requires extended retention for investigation. Storage longer than 14 days is based on Art. 6(1)(f) GDPR for the purpose of IT security.

We do not merge server log data with other data sources and do not use it to create user profiles.

7. Contact Form and Email Correspondence

When you submit a message through our contact form or reach out by email, we collect and process the information you choose to provide (name, email, company, topic, budget indication, and message body). The mandatory fields are marked as such; all other fields are optional.

Legal basis: performance of pre-contractual measures (Art. 6(1)(b) GDPR) where you contact us regarding a service, or legitimate interest (Art. 6(1)(f) GDPR) for other inquiries. Transmission: form submissions are delivered to us via our transactional email provider (see Section 9). Storage: your message and our response are retained for a maximum of three years after the conversation ends, unless a longer retention period is required by law (typically 10 years for commercial correspondence under Swiss and German law) or a shorter deletion is requested by you.

We implement a honeypot field for spam prevention; no CAPTCHA service that sets third-party cookies is used.

8. Cookies and Local Storage

This website uses only strictly necessary cookies within the meaning of Art. 5(3) of the ePrivacy Directive and Art. 45c of the Swiss Telecommunications Act. These cookies are required for the technical operation of the website (session handling, security tokens) and do not require consent.

We do not currently deploy cookies for marketing, profiling, re-targeting, or audience measurement that would require consent. We do not use Google Analytics, Google Tag Manager, Meta Pixel, or similar third-party tracking scripts on our main marketing website.

Should this change in the future, a compliant consent management platform will be deployed in advance, and this policy will be updated accordingly.

You can configure your browser to reject cookies, delete existing cookies, or receive a notification before a cookie is set. Please note that rejecting strictly necessary cookies may cause parts of the website to malfunction.

9. Recipients and Processors

Personal data is accessed internally on a strict need-to-know basis. Beyond our own staff, we engage the following categories of processors under a data processing agreement (DPA) pursuant to Art. 28 GDPR / Art. 9 revDSG:

  • Vercel Inc. (USA / EU) — website hosting, CDN, and log infrastructure. Data is served from EU edge locations; processing is governed by Vercel's DPA and Standard Contractual Clauses.
  • Resend (Resend Inc.) — transactional email delivery for contact form submissions. Data transmitted is limited to the content of your submission.
  • one.com A/S (Denmark) — domain and DNS services.
  • Tax, legal, and accounting advisors — under their statutory duty of professional confidentiality.

A current list of our processors, including their corporate seat and the scope of data processed, is available on request at info@innopulse.io.

We do not sell or rent personal data. We do not share personal data with third parties for their own marketing purposes.

10. International Data Transfers

Our infrastructure is operated primarily in the European Union and Switzerland. In limited cases, data may be transferred to third countries outside the EU/EEA and Switzerland (notably the United States) when using services provided by companies with U.S. headquarters or global infrastructure.

Such transfers are protected by one of the following mechanisms under Chapter V GDPR and Art. 16–18 revDSG:

  • An adequacy decision of the European Commission or the Swiss Federal Council, where available (e.g. the EU-U.S. Data Privacy Framework / Swiss–U.S. DPF for certified recipients);
  • Standard Contractual Clauses (SCCs) of 4 June 2021 supplemented by the Swiss addendum published by the FDPIC;
  • Binding Corporate Rules or specific derogations under Art. 49 GDPR where applicable.

A copy of the applicable transfer mechanism is available on request.

11. Retention Periods

We retain personal data only as long as necessary for the purposes set out above. Specifically:

  • Server logs: up to 14 days (extended only in case of incident investigation)
  • Contact form submissions and prospect correspondence: up to 3 years after last contact
  • Commercial correspondence under concluded contracts: 10 years after the end of the calendar year in which the business relationship ended (Art. 958f Swiss CO / §257 HGB)
  • Accounting and tax records: 10 years (Art. 958f CO; §147 AO for German counterparts)
  • Applicant data: up to 6 months after the end of the application process, unless the applicant consents to longer retention in a talent pool

After the applicable retention period, data is deleted or anonymised in a manner that prevents reconstruction.

12. Your Rights

Subject to the applicable legal framework, you have the following rights concerning your personal data:

  • Right of access (Art. 15 GDPR; Art. 25 revDSG) — to obtain confirmation whether we process your data and, if so, a copy of it
  • Right to rectification (Art. 16 GDPR; Art. 32(1) revDSG) — to have inaccurate data corrected
  • Right to erasure / "right to be forgotten" (Art. 17 GDPR; Art. 32(2)(c) revDSG)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR; Art. 28 revDSG)
  • Right to object (Art. 21 GDPR) — including objection to direct marketing at any time
  • Right to withdraw consent (Art. 7(3) GDPR) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right not to be subject to automated decision-making (Art. 22 GDPR; Art. 21 revDSG)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR; Art. 49 revDSG)

To exercise any of these rights, please contact us at info@innopulse.io. We will respond without undue delay and in any event within one month (Art. 12(3) GDPR), extendable by two further months for complex requests. There is no charge for exercising these rights, except for manifestly unfounded or excessive requests.

13. Technical and Organisational Security Measures

We implement appropriate technical and organisational measures (TOMs) under Art. 32 GDPR and Art. 8 revDSG to ensure a level of security appropriate to the risk, including:

  • TLS 1.2+ encryption in transit (HTTPS with HSTS preload)
  • Encryption at rest for stored data
  • Role-based access controls and least-privilege administration
  • Segregated production, staging, and development environments
  • Regular backup procedures with tested restoration
  • Security-relevant logging and anomaly monitoring
  • Staff confidentiality undertakings and privacy awareness training
  • Regular review and update of TOMs in line with state of the art
  • Data breach notification procedure pursuant to Art. 33/34 GDPR and Art. 24 revDSG

14. Processing of Minors' Data

Our services are directed at businesses and adult decision-makers. We do not knowingly collect data from children under the age of 16 (or the equivalent threshold in the applicable Member State). If we become aware that such data has been submitted, it will be deleted immediately.

15. Automated Decision-Making and Profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR or Art. 21 revDSG that produces legal or similarly significant effects on data subjects. Certain of our SaaS products (notably AI Risk Check) perform automated classification; these are governed by their own product-level privacy notices and subject to human review before any action with legal effect.

16. Changes to This Policy

We may update this privacy policy to reflect changes in our processing activities or in applicable law. The current version is always published at https://innopulse.io/privacy and the date of the last update is shown at the top of this page. Material changes will be communicated by prominent notice on the website and, where appropriate, by direct communication to affected data subjects.

17. Contact and Supervisory Authorities

For any questions regarding this privacy policy, or to exercise your rights, please contact us at:

Innopulse Consulting GmbH
Email: info@innopulse.io
Phone: +41 79 508 28 06

You also have the right to lodge a complaint with a data protection supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC / EDÖB), Feldeggweg 1, 3003 Bern. www.edoeb.admin.ch
  • European Union: the supervisory authority of your Member State of habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).
← Back to home