How We Handle Data Protection

Language Notice: This Privacy Policy may be provided in multiple languages. The English version is provided for convenience only. In the event of any discrepancies or inconsistencies between the translated versions and the original German version, the German version shall prevail.

You have the right to understand how the data you entrust to us is used.

In this Privacy Policy, we explain in clear language which data we process, why we process it, and how we handle it.

This Privacy Policy applies to users of the infinity.swiss platform, the products built on it, and the services developed and provided by NextBusiness AG.

For information about how we process data of visitors to this website who are not logged in, please refer to our Cookie Policy for this marketing website.

Type, Purpose and Scope of Data Collection

Our principle is to collect personal data only for necessary purposes and not to sell it to third parties for direct marketing.

Identity and Access

We primarily process the personal data required to operate and use our products. This typically includes:

• name
• email address
• company affiliation

This information is required to provide a functional login and account access.

Correspondence

We retain support requests and other correspondence, including email addresses, to provide support and maintain context for future inquiries.

Emails may be processed through the third-party support platform Intercom.

Payment Processing

For the processing of credit card payments for Infinity subscriptions, the third-party provider Stripe Payments Europe, Limited processes personal data such as:

• name
• email address
• payment details

Stripe may also collect device identifiers to detect and prevent payment fraud.

Measurement of Advertising Effectiveness

When you register for one of our products after visiting infinity.swiss, we may store which campaign you originally came from.

This allows us to analyze and improve the effectiveness of our marketing campaigns.

Uploaded Data

Business data that you upload to our products is hosted by our application infrastructure. As stated in our Terms of Service, you remain solely responsible for the data you upload. We exclude liability for data loss. This processing is necessary for the functionality of our products.

‍

Product Usage

We collect aggregated usage data about how our products are used.

These data help us to improve our products, provide better support, and understand the context when responding to user requests.

Bank Integrations

If you use Live Accounting, you may connect Infinity to supported bank accounts.

For this purpose, the external provider bLink (SIX BBS AG) exchanges banking data between your bank and infinity.swiss.

These data include IBAN, account balances, and transaction data

To ensure system security and diagnose issues, we also create technical logs of successful and failed data exchanges between SIX BBS AG and infinity.swiss.

If you disconnect a bank connection in Infinity or delete your Infinity account, the associated permissions are removed from our systems.

Please note that you may also need to revoke the authorization directly with your bank.

Technical Logs

We collect technical logs about our services to identify problems, maintain system security, and detect suspicious activity. These logs may contain information about account access, activities performed within the services, IP addresses, approximate location data, and information about the browser used.

Error Monitoring

If technical errors occur in our products, error details may be automatically recorded so that we can identify and resolve the issue. For this purpose, we work with the third-party provider Sentry (Functional Software, Inc.), whose error monitoring platform we use to collect and analyze error reports. These reports may include information about the features used before the error occurred, technical error details, and the IP address or email address associated with the user session.

Additional Services

When using certain features of our services, trusted third-party providers may also process business data as part of the functionality. Whether you choose to use these features is entirely optional.

‍

When and how our team accesses this data

Account Data

Our team may access general personal data such as name, email address, company affiliation, and basic company information for the purposes described above, for example to correspond with you.

Business Data

As a general rule, our team members do not access sensitive business data without obtaining consent.

Where possible, we will ask for such consent, for example when helping with a support request or resolving a technical issue in your account.

In exceptional cases, access may take place without prior consent if such access is technically necessary, required due to legal obligations, or required to investigate potential violations of our Terms of Service.

Third-party providers we work with

We use tools and infrastructure from trusted third-party providers to operate our services.

Business data may be processed and stored by these providers as required to deliver our services.

Working with third-party providers for the provision of cloud software is now standard practice and necessary to operate modern products.

For transparency, we list below which subprocessors we work with.

Data storage and application infrastructure

We host our app.infinity.swiss application and the products built on it with the following providers. Data is stored on the infrastructure of these companies and processed there.

• Cloudflare
  Infrastructure provider for DNS of infinity.swiss and for operating the API and application infrastructure. Cloudflare processes technical connection data (e.g., IP addresses) to ensure secure and stable operation of the application and to protect against attacks as part of providing the API. Cloudflare uses server locations worldwide depending on user location, including within the European Union and Switzerland.
• Flow Swiss
  Our Swiss backup hosting provider. Flow Swiss AG is located in Switzerland.
• Microsoft Azure
  Cloud infrastructure provider. The server location used is Zurich.
• MongoDB Atlas
  Server provider for hosting business data. The server location used is Zurich through Microsoft Azure.
• Netlify
  Frontend cloud provider for static hosting. Server locations are in the European Union and further locations depending on user location (CDN). This provider processes technical data such as IP address and device information but does not process personal or business data.
• Ason
  Partner for payroll accounting with Infinity. Ason processes and stores payroll data. The company and its servers are located in Switzerland.

Payment processing

Payment processing is handled by professional third-party providers. We never store complete credit card data on our own systems.

• StripePayment processor for credit card payments. We work with the European entity Stripe Payments Europe, Limited, which is located in Ireland.

Support and customer communication

We use third-party software to respond to incoming inquiries, send proactive customer communication, and notify you about feature changes.

These tools process names, email addresses, browser and device information, as well as usage data that help resolve support requests.

• Intercom
  Support software for live chat in the product and customer communication. Intercom operates in Ireland and California, USA.
• Postmark
  Email provider for sending transactional emails required for service operation, such as verification, password resets, and feature notifications. Postmark operates in Illinois, USA.
• Mintlify
  Host of our product handbook. Mintlify collects and processes IP addresses and browser and device information for diagnostics and security purposes. Mintlify operates in California, USA.

Product analytics

We use analytics tools to measure the use of features and improve user experience.

These analytics tools collect only anonymised or aggregated data.

• PostHog: Analytics tool used to understand feature usage in our products, including AI features such as Instant Fill and Live Accounting. We use the EU-hosted version. PostHog’s headquarters are in California, USA.

Logging and error monitoring

We use the following logging and monitoring tools to monitor our infrastructure, operate our services, and analyze technical errors. These tools may store technical event logs that can sometimes be associated with an IP address or email address.

• Sentry: Error monitoring service. Functional Software, Inc., doing business as Sentry, is located in California, USA.
• Better Stack: Software used for logging our services. Better Stack is located in Prague, Czech Republic.
• LogSnag: Business event logging service. LogSnag is located in Maryland, USA.

Additional data processing terms

If you activate Live Accounting, the additional Data Processing Terms for Live Accounting also apply.

Data Storage Location

We store data from the infinity.swiss platform on Swiss servers located in Zurich. These are also the servers that process business data.

Data stored and processed by third-party providers may in some cases leave the country’s borders.

Servers that do not come into contact with business data but only deliver static content (for example this marketing website or frontend cloud services) are located in the European Union or, depending on the access location, in other regions via Content Delivery Networks.

For technical reasons, it cannot be completely ruled out that certain data may temporarily pass through international connections (for example when users access infinity.swiss from abroad) or that certain operational access and activities take place outside the country.

How We Ensure Data Security

Data security is our highest priority. We implement a wide range of technical and organisational security measures to protect personal and business data.

Server connections are encrypted according to industry standards. Regular backups of the data are also performed.

However, we cannot guarantee complete security. We therefore rely on you to help protect your account by keeping your login credentials secure, using two-factor authentication where possible, and ensuring that your devices are protected with up-to-date system updates and antivirus software.

Data Retention & Cancellation

We retain data for at least the duration of your use of our products.

You have the right to request the deletion of your personal data at any time. However, certain data may continue to be stored after deletion if it is necessary for the functioning of our services.

It is possible that data temporarily remain in infrastructure backups. These are deleted after the backup retention period has expired.

Data Portability

You may request a collection of your personal or business data at any time for archiving purposes, migration to another system, or information purposes.

Changes

We reserve the right to make changes to this Privacy Policy at any time. By continuing to use our services, you agree to the updated version. The most current version will always be available on our website.

Controller

The controller responsible for this Privacy Policy is:

NextBusiness AG
Bubikonerstrasse 45A
8635 Dürnten
Switzerland

‍