Privacy Policy

1. Data Controller

The entity responsible for the collection, processing, and use of your personal data within the meaning of the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR), is:

2. Data We Collect

When you register and use the nube Loyalty App, we collect the following personal data:

• Name – for identification and personalised communication
• Email address – for account creation and communication
• Phone number (optional) – for optional contact purposes
• Password – stored exclusively as a secure hash (bcrypt); never in plain text
• Loyalty points and transaction history – to manage your points account
• Tier status (Blau / Bronze / Silber / Gold) – based on accumulated points
• Push notification token – to deliver app notifications (optional, requires your consent)
• Device information – operating system and app version, collected by Expo for technical purposes

We do not collect payment data, location data, or biometric data.

3. Purpose of Processing

Your data is processed exclusively for the following purposes:

• Operating and managing the nube loyalty programme
• Authenticating your account and ensuring system security
• Sending push notifications – only with your consent
• Customer support and responding to enquiries
• Fraud prevention and system integrity

We do not share your data with third parties for advertising or commercial purposes.

4. Legal Basis

We process your data on the following legal grounds:

• Contract performance (Art. 6(1)(b) GDPR / Art. 31 nFADP): Processing necessary to provide the loyalty programme
• Consent (Art. 6(1)(a) GDPR): Push notifications (withdrawable at any time)
• Legitimate interests (Art. 6(1)(f) GDPR): Security and fraud prevention

5. Data Storage and Security

Your data is stored in a secured PostgreSQL database. Passwords are never stored in plain text and are hashed using the bcrypt algorithm. All data transferred between the app and our servers is encrypted via HTTPS.

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.

6. Retention Period

Your personal data is retained for as long as your account remains active. Following a deletion request or after prolonged inactivity (no activity for more than 3 years), your data will be deleted, unless statutory retention obligations apply.

7. Disclosure to Third Parties

Your data is only shared with third parties in the following cases:

• Expo / Expo Application Services (EAS): For app operation and push notification delivery. Expo processes technical device data (push tokens). Expo's privacy policy: expo.dev/privacy
• Apple App Store / Google Play Store: App distribution is governed by their respective privacy policies.
• Authorities: Where required by law or official order.

Data transfers outside Switzerland or the European Economic Area only occur where technically necessary for app operations (e.g. Expo services) and appropriate safeguards are in place.

8. Your Rights

Under the nFADP and GDPR, you have the following rights:

• Access: You may request information about the personal data we hold about you.
• Rectification: You may request correction of inaccurate data.
• Erasure: You may request deletion of your account and personal data.
• Restriction: You may request that we restrict the processing of your data.
• Data portability: You may request your data in a commonly used format.
• Withdrawal of consent: You may withdraw consent (e.g. for push notifications) at any time.
• Complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or another competent supervisory authority.

To exercise your rights, please contact us at: info@nube.ch

9. Cookies and Tracking

The nube Loyalty App does not use cookies or cross-site tracking. No third-party analytics or advertising SDKs are integrated into the app.

10. Minors

The nube Loyalty App is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. Should we become aware that a user under 16 has created an account, we will promptly delete that account and all associated data.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as necessary. The current version is always available in the app and on this page. For material changes, we will notify you via the app or by email.

12. Contact