Privacy Policy
Last updated: March 18, 2025
At Uhuu AG (Business ID: CHE-297.374.793), your privacy is a top priority. We design our services and technology with a strong commitment to "Privacy by Design" and ensure that the data we collect is protected, transparent, and used appropriately. We’re dedicated to meeting our obligations under the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (revDSG).
1. Our Commitment to Data Privacy
As a provider of a cloud-based document automation platform, we understand the importance of protecting personal data. We embed privacy features into our platform from the earliest stages of development, continuously review our practices, and update our tools to improve transparency and minimize data exposure.
We use privacy-conscious technologies and services, limit unnecessary cookies, and strive to collect only the data that is necessary for delivering value to our users.
2. Purpose of this Privacy Policy
This Privacy Policy outlines how we process personal data when you:
- Use our website (uhuu.io)
- Register for and access our platform
- Interact with us through customer service, email, or other communication
- Engage with us for contractual or support-related reasons
It explains the data we collect, our processing practices, your rights, and how we ensure your data stays safe.
Please note: This policy applies only when Uhuu is acting as a data controller. For data processed on behalf of our customers (e.g., content entered into our platform by end-users), the customer is the controller, and their privacy policy will apply.
3. Who Is Responsible for Your Data?
Data Controller:
Uhuu AG
Klosbachstrasse 134, CH-8032 Zürich, Switzerland
mail@uhuu.io
If you have questions about how we use your data, please reach out to us.
4. What Data We Collect
We collect the following categories of personal data:
a) User Data
- Full name
- Email address
- Contact details (e.g., company name, phone number)
- Profile pictures (optional)
- Preferences and feedback
- Communication history with us
b) Platform and Account Data
- Login credentials (hashed passwords)
- User role and team memberships
- Platform actions (e.g., document creation, usage history)
c) Technical Data
- IP address, browser and device type, operating system
- Timestamps of access and usage
- Error logs and session metadata
d) Cookies and Analytics Data
- Session and preference cookies
- Analytics data (via privacy-respecting tools like Plausible)
We avoid using third-party cookies or cross-site tracking unless necessary. Users may adjust cookie settings via their browser.
5. Why We Process Your Data
We process data for the following purposes:
- To deliver and maintain our services
- To manage your account and respond to inquiries
- To improve our services through technical analytics
- To send service-related notifications or product updates
- To comply with legal obligations and enforce terms
- To detect, prevent, and respond to security threats or misuse
6. Legal Bases for Processing
We process personal data based on:
- Contractual necessity
- Legitimate interests (e.g., improving our platform)
- Consent (when required)
- Legal obligations
7. Sharing and Transfers of Personal Data
We do not sell your personal data. We may share your data with:
- Our subprocessors (see Schedule B)
- Service providers: Hosting, support, analytics
- Payment providers (e.g., Stripe) for billing-related processing
- Legal authorities when required by law
- Buyers or partners in the event of a business merger or acquisition
Data shared with subprocessors is limited to what’s necessary and protected via appropriate agreements.
If your data is transferred outside the EU/EEA or Switzerland, we ensure adequate protection through Standard Contractual Clauses or other legal mechanisms.
8. How Long We Store Data
We retain personal data only as long as necessary for the purposes stated in this policy or required by law. For example:
- Account data: retained during the customer relationship and deleted within 60 days after termination
- Backup copies: retained up to 7 days post-deletion
- Communication data: retained for 12 months unless otherwise required
9. Your Rights
You have the following rights under GDPR and applicable Swiss law:
- Access: Know what data we hold about you
- Correction: Fix inaccurate or incomplete data
- Deletion: Request erasure of your data, where applicable
- Restriction: Limit processing under specific circumstances
- Objection: Object to processing on legitimate interest grounds
- Data Portability: Receive your data in a structured format
- Withdraw Consent: At any time, where processing is based on consent
To exercise your rights, contact mail@uhuu.io. We may ask for verification of identity. We aim to respond within 30 days.
If you’re not satisfied with our handling of your data, you may also contact your local data protection authority.
10. Security Measures
We implement appropriate security practices to protect your personal data, including:
- SSL/TLS encryption
- Access control and audit logging
- Secure data storage and backups
- Periodic security reviews
In the event of a data breach that affects your personal data, we will notify you promptly in accordance with applicable laws.
11. Use of Cookies
We use cookies to:
- Maintain session states
- Save user preferences
- Track minimal, anonymized analytics (if applicable)
We use privacy-friendly tools instead of third-party advertising or tracking cookies.
Cookie Types:
- Essential: Required for the website to function
- Preference: Store your language or layout settings
- Analytics: Collect anonymized usage statistics (e.g., Plausible Analytics)
You can block or delete cookies using your browser settings.
12. Embedded Content & Third-Party Integrations
When embedding Uhuu services on external websites (e.g., with widgets or iframe integrations), technical data like IP address and browser type may be processed to deliver the service securely.
Please note:
- Uhuu does not inject third-party cookies in such embeds
13. Updates to This Policy
We may update this policy to reflect changes in laws or our services. When we make significant changes, we’ll notify you via email or platform banners.
The latest version is always available at: uhuu.io