Privacy Policy

Last updated: 06.02.2026

CloudCan GmbH ("we") places particular importance on the protection of your personal data. This policy explains what data we collect, why, for how long, and what your rights are.

1) Data Controller

CloudCan GmbH

Contact: via the contact form on the website.

2) Legal Framework

We process personal data in accordance with applicable Swiss law, in particular the Federal Act on Data Protection (nDSG) and its ordinance.

Where the GDPR applies (e.g. persons located in the EEA), we also apply its requirements.

3) Data We Collect

a) Data submitted via the contact form

When you contact us via the website, we may process:

  • Name / company (if provided)
  • Email address
  • Country (if requested)
  • Message content (description of your needs)
  • Phone number (if you provide it)

We recommend that you do not transmit sensitive data (e.g. medical information, detailed financial data, unnecessary trade secrets) via the form.

b) Technical data (security and operation)

When accessing the site, technical data may be processed to ensure security and proper operation:

  • Browser/device information (e.g. browser type)
  • Pages visited, timestamps
  • Information necessary for diagnostics and security

This data may be processed in pseudonymized form where possible (e.g. technical fingerprints that are not directly identifying).

4) Purposes and Legal Basis

We process your data to:

  • Respond to your requests and communicate with you (pre-sales, support, questions)
  • Prepare an offer or establish a contractual relationship
  • Ensure website security and prevent abuse
  • Measure audience and improve the site, if an analytics tool is enabled

Legal basis (depending on the case): pre-contractual measures / contract, legitimate interest (security, service improvement), and/or your consent when required (particularly for certain cookies/trackers).

5) Audience Measurement (Matomo / GoAccess)

CloudCan GmbH favors a minimalist and privacy-respecting approach to analytics.

a) Current Status

As of the date of this policy update, no third-party tracking analytics tool (e.g. Google Analytics) is used.

b) Matomo (if enabled)

We may use Matomo to measure audience and improve the site (e.g. pages visited, visit duration, device type). Depending on configuration, Matomo can operate without cookies and with anonymization (recommended option), or use cookies (in which case a consent mechanism may be implemented if required).

c) GoAccess (if enabled)

We may also use GoAccess to produce statistics from server logs (e.g. visit volume, most visited pages, errors). This approach relies primarily on server technical data and aims to avoid advertising tracking.

If Matomo and/or GoAccess are enabled, we will apply a privacy-first configuration and update this policy if necessary.

6) Cookies

The site uses one strictly necessary technical cookie:

CookieUsage
i18n_redirectedRemembers the language chosen by the user

This cookie is functional and is not used for advertising tracking. No consent banner is required for this type of cookie.

7) Anti-spam and Abuse Protection

To protect the contact form and API, we use security mechanisms (e.g. honeypot, anti-replay tokens, rate limiting).

In this context, we may process pseudonymized technical indicators to detect automated submissions and abuse.

8) Recipients and Processors

Your data is only accessible to authorized persons at CloudCan GmbH (need-to-know basis), and to our technical service providers only if necessary (hosting, maintenance, security, and possibly email services). Regarding email sending/receiving: we may use an internal mail server (SMTP) and/or a technical provider depending on the evolution of our infrastructure.

9) International Transfers

If data is processed outside Switzerland (or the EEA when GDPR applies), we ensure an adequate level of protection (e.g. adequacy decisions, standard contractual clauses, and/or supplementary measures). In a privacy-first approach, we seek to minimize international transfers and favor controlled processing.

10) Retention Periods

We retain your data only for as long as necessary:

  • Contact messages / exchanges: generally up to 24 months after the last interaction, unless legal obligations or contractual relationship apply.
  • Technical security data: generally 90 days (may vary depending on diagnostic and security needs).
  • Audience statistics (if enabled): retained according to purpose and configuration (minimization principle).

11) Security

We implement appropriate technical and organizational measures to protect your data (e.g. encryption of communications, access control, server hardening, security logging).

12) Your Rights

Depending on applicable legislation, you may request:

  • Access to your data
  • Rectification
  • Deletion (within legal limits)
  • Restriction / objection (particularly to processing based on legitimate interest)
  • Portability where applicable (GDPR)

To exercise your rights, contact us via the contact form on the website.

Supervisory Authority

Switzerland: Federal Data Protection and Information Commissioner (FDPIC).

EEA (if applicable): competent data protection authority in your country.

13) Changes

We may update this policy in case of changes to the site, services, or legal obligations. The update date is shown at the top of the page.