legal · privacy policy

Privacy Policy

Last updated: May 13, 2026

This Privacy Policy describes how Drift collects, uses, and protects personal data. We comply with the Swiss Federal Act on Data Protection (FADP / DSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who we are (data controller)

Francis Jego
Hammergut 14, 6330 Cham, Switzerland
Email: scriptsswiss@gmail.com

We are the data controller for the personal data we process about you. You can contact us at the email above for any data-related question or request.

2. What data we collect

We collect and process the following categories of personal data:

From paying customers

  • Account email: the email you provide at checkout, used to send your login link and any service notices.
  • Payment data: handled entirely by Stripe — we never see your card number or CVC. Stripe gives us your name, email, country, last-4-digits of your card, and subscription status.
  • Workspace content: competitor URLs you configure, delivery destinations (Slack webhook URLs, email addresses you specify, etc.), and any settings you enter.
  • Session cookies: a single HMAC-signed cookie used to keep you logged in. Functional only — no advertising or tracking cookies.

From all visitors (including the free site)

  • Server logs: IP address, user agent, and pages visited. Used solely for security and abuse prevention. Retained for ninety (90) days, then deleted.

From the waitlist form

  • Email and optional name + message: used only to notify you when the plan you registered interest in becomes available.

3. Why we process this data (legal basis)

Under GDPR, the legal bases for processing your data are:

  • Contract (Art. 6(1)(b)): processing your account and workspace data to deliver the service you purchased.
  • Legal obligation (Art. 6(1)(c)): retaining payment records for tax and accounting purposes (Swiss law requires ten years).
  • Legitimate interest (Art. 6(1)(f)): server logs for security and abuse prevention.
  • Consent (Art. 6(1)(a)): the waitlist signup is opt-in; you can withdraw at any time by emailing us.

4. Third parties we share data with

We use a small number of carefully chosen processors:

ProviderPurposeData sharedLocation
StripePayment processing & subscription managementEmail, name, payment method, country, IPEU + US (Standard Contractual Clauses)
ResendSending account & brief emailsEmail address, message bodyUS (Standard Contractual Clauses)
Google (Gemini API)AI synthesis of competitor briefsThe text content of competitor pages you ask us to monitor. Not your account email or payment data.US (Google enterprise terms)
TailscalePublic HTTPS tunnel from our Pi to the internet (Funnel)IP addresses of visitors (passed through, not retained)US

We do not sell your data, share it with advertisers, or use it to train any AI model. If we ever change processors, this list is updated.

5. Where your data is stored

The core Drift database (your workspace, competitors, snapshots, digests, settings) is stored on a Raspberry Pi physically located in Switzerland. The Pi runs on a residential connection; we operate standard security hygiene but acknowledge this is not a SOC-2 datacenter. For workspaces that require enterprise-grade hosting, please consider self-hosting on your own infrastructure.

6. How long we keep your data

  • Workspace data: for as long as your subscription is active, plus 30 days after cancellation in case you reactivate. Then permanently deleted.
  • Server logs: 90 days, then deleted.
  • Waitlist signups: kept until you ask us to remove them, or until the plan you registered interest in launches and we email you about it.
  • Payment records: kept for 10 years per Swiss tax law (Code of Obligations Art. 958f).

7. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct data that is inaccurate.
  • Deleteyour data ("right to be forgotten") — with exceptions for data we are legally required to retain.
  • Export your data in a machine-readable format.
  • Object to certain processing.
  • Withdraw consent at any time for any processing based on consent.

To exercise any of these rights, email scriptsswiss@gmail.com. We will respond within thirty (30) days.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch, or with your local EU supervisory authority if you are an EU resident.

8. Cookies

Drift uses one functional cookie only: an HMAC-signed session cookie used to keep you logged in. It is essential for the service to function and is exempt from consent requirements under the EU ePrivacy Directive and Swiss FADP. We do not use any advertising, tracking, analytics, or third-party cookies on the marketing site.

9. International data transfers

Some of our processors (Stripe, Resend, Google) are based in the United States. Where data is transferred outside Switzerland or the EEA, we rely on the Standard Contractual Clauses approved by the European Commission and recognized by the Swiss FDPIC as providing an adequate level of protection.

10. Security

We protect your data with TLS in transit, HMAC-signed sessions, and access controls limiting workspace data to its owner. No system is perfectly secure; if a breach occurs that meaningfully affects you, we will notify you within seventy-two (72) hours per GDPR Art. 33.

11. Children

Drift is a business tool not directed at anyone under the age of sixteen (16). We do not knowingly collect data from children. If we learn we have, we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will appear here with a new "Last updated" date. For material changes affecting paying customers, we will also email you at least thirty (30) days before the change takes effect.

13. Contact

For any privacy question, request, or concern, email scriptsswiss@gmail.com.