Privacy Policy
Pursuant to the General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG).
1. Controller
The controller within the meaning of data protection laws is:
2. Collection and Processing of Personal Data
2.1 When visiting the website
When you visit our website, the web server automatically stores information in so-called server log files. This includes: IP address of the requesting device, date and time of access, name and URL of the retrieved file, browser type and version, and operating system. This data is used exclusively to ensure smooth operation of the website and is not merged with other data sources.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technical provision of the website).
2.2 Registration and user account
During registration, we collect name, email address, and a password (stored as a secure hash). This data is necessary to provide our services.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
2.3 Usage data within the application
In the course of using ServiceFlow, we process data that you actively enter: customer data, appointment data, invoices, and your workshop settings. This data is processed exclusively for you and within your account and is not passed on to third parties.
3. Cookies and Session Data
We use only technically necessary cookies. These are used for authentication (session token) and are deleted after logout or when the browser is closed. No tracking or marketing cookies are used.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the application). Consent is not required for technically necessary cookies.
4. Payment Processing (Stripe)
For payment processing, we use the service Stripe (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland).
When you make a payment, the required payment data (e.g. credit card number, expiry date) is transmitted directly to Stripe. We do not store complete payment data on our servers. Stripe processes this data on the basis of a data processing agreement pursuant to Art. 28 GDPR.
For more information about Stripe's privacy practices, visit stripe.com/privacy.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
5. Transfer of Data to Third Parties
We only share your personal data with third parties if this is necessary for the performance of the contract (e.g. Stripe for payments), you have expressly consented, or we are legally required to do so.
No data is passed on for advertising or analytical purposes. We do not use Google Analytics or similar tracking services.
6. Data Storage and Deletion
We store personal data only for as long as is necessary to fulfill contractual obligations or as required by law. After termination of your account, your data will be deleted within 30 days, unless a longer statutory retention obligation applies.
7. Your Rights
Under the GDPR, you have the following rights:
- Access: You have the right to find out what data we have stored about you (Art. 15 GDPR).
- Rectification: You can request the correction of inaccurate data (Art. 16 GDPR).
- Erasure: You can request the deletion of your data, provided no retention obligation exists (Art. 17 GDPR).
- Restriction: You can request the restriction of processing (Art. 18 GDPR).
- Data portability: You have the right to receive your data in a common format (Art. 20 GDPR).
- Objection: You can object to the processing of your data at any time (Art. 21 GDPR).
- Complaint: You have the right to lodge a complaint with a data protection supervisory authority.
8. Data Security
We implement technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. Data transmission is encrypted via the HTTPS protocol (TLS). Passwords are stored exclusively as cryptographic hashes (bcrypt).
9. Contact for Data Protection Enquiries
If you have questions about data protection or wish to exercise your rights, please contact:
Rolf Herrmann — Serviceflow
Last updated: February 2026