Privacy Policy

Privacy Policy - Protecting Your Data

Last Updated: 29.11.2025

The protection of your personal data is of particular concern to us. We process your data exclusively on the basis of legal provisions (GDPR, Swiss Data Protection Act DSG). In this privacy policy, we inform you about the most important aspects of data processing within our app and website.

Data Security

Overview of collected data per App Store requirements

Data CategoryData TypeCollectedPurpose
Personal DataNameUser profile, tax return
Personal DataEmail addressLogin, verification
Personal DataPostal addressTax return (canton)
Personal DataUser IDsAuthentication, sessions
Financial DataFinancial informationTax calculation
Photos & VideosPhotosDocument scanning
Files & DocumentsFiles and documentsTax document upload
Device IDsDevice identifiersSession management
Security:
  • All data is encrypted during transmission (TLS/SSL)
  • No sharing with advertisers
  • Users can request deletion of their data
  • Automatic deletion of inactive data after 90 days

1. Controller

Thincorp

Geissgasse 5

5070 Frick, Switzerland

Email: dataprotection@thincorp.ch

Web: www.baerlitax.ch

2. What Data Do We Collect?

Personal Data:

  • Name, first name
  • Email address
  • Postal address
  • Date of birth
  • Social security number (AHV number)
  • Tax identification number
  • Phone number
  • Bank details (IBAN)

Financial and Tax Data:

  • Payslips and salary statements
  • Insurance certificates (health insurance, pension fund)
  • Bank statements and account details
  • Property ownership and rental agreements
  • Investments and securities
  • Deductions and expenses

Uploaded Documents:

  • Tax forms
  • Identity documents (ID card, passport)
  • Receipts and vouchers
  • Photos of documents (camera access)

Technical Data:

  • IP address
  • Device ID and operating system
  • Browser type and version
  • Access time
  • App usage data and analytics

3. Purpose of Data Processing

Primary Purposes:

  • Preparation and submission of your tax return
  • AI-powered document recognition and categorization
  • Calculation of tax deductions and refund optimization
  • Communication with you regarding your tax return
  • Customer service and support
  • Management of your user account
  • Secure storage of your tax documents
  • Compliance with legal obligations

Secondary Purposes:

  • Improvement of our app and services
  • Analytics and statistics (anonymized)
  • Fraud prevention and security

4. Legal Basis

The processing of your data is based on:

  • Your consent (Art. 6 para. 1 lit. a GDPR, Art. 6 DSG)
  • Contract performance – to provide our services (Art. 6 para. 1 lit. b GDPR)
  • Legal obligation – tax record retention requirements (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interest – to improve our services and prevent fraud (Art. 6 para. 1 lit. f GDPR)

5. Data Sharing / Third Parties

We only share your data with the following recipients:

Swiss Tax Authorities:

Transmission of your tax return to the relevant cantons

IT Service Providers:

  • Microsoft AzureCloud hosting and data storage (Switzerland, Germany, Netherlands)
  • Azure Blob StorageSecure document storage
  • Azure SQL DatabaseDatabase services
  • Microsoft Graph APIEmail services

Payment Service Providers:

For payment processing (if applicable)

All third-party providers are contractually obligated to process your data only according to our instructions and to comply with data protection standards.

⚠️ Your data will NOT be sold to advertisers or data brokers.

6. International Data Transfers

Your data is processed in the following countries:

  • SwitzerlandPrimary location (EU adequacy decision)
  • GermanyMicrosoft Azure data centers (EU/EEA)
  • NetherlandsMicrosoft Azure data centers (EU/EEA)

Safeguards:

  • EU Standard Contractual Clauses (SCC)
  • Microsoft is GDPR and FADP compliant
  • All data is encrypted during transfer (TLS/SSL)

No data transfers to third countries without an adequacy decision without appropriate safeguards.

7. Data Retention

  • Tax documents: 10 years (legal retention requirement)
  • User account data: Until account deletion + 30 days
  • Technical logs: Maximum 90 days, then automatic deletion (see Section 17)
  • Email communication: Until account deletion + 2 years

After the retention period expires, your data will be automatically deleted unless there is another legal basis for retention.

8. Your Rights (GDPR / DSG)

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You can request information about the data we process
  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data
  • Right to erasure (Art. 17 GDPR): You can request deletion of your data
  • Right to data portability (Art. 20 GDPR): You can receive your data in a structured format
  • Right to object (Art. 21 GDPR): You can object to the processing
  • Right to restriction (Art. 18 GDPR): You can request restriction of processing
  • Withdrawal of consent: You can withdraw your consent at any time

How to exercise your rights:

Email: dataprotection@thincorp.ch

Or directly in the app under: Settings → Privacy & Security

Right to complain: You have the right to file a complaint with the competent supervisory authority:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, CH-3003 Bern
www.edoeb.admin.ch

9. Data Security

We employ state-of-the-art security measures to protect your data:

  • Encryption: TLS/SSL for all data transfers
  • End-to-end encryption for highly sensitive documents
  • Azure Security Center for threat detection
  • Regular security audits and penetration tests
  • Access control: Only authorized personnel have access to data
  • Two-factor authentication (2FA) for user accounts
  • Automatic backups in geographically separated data centers

10. App Permissions (Android/iOS)

Our app requires the following permissions:

📷 Camera Access:

For photographing and uploading tax documents

📁 Storage Access:

For saving and loading documents from your device

🌐 Internet Access:

For cloud synchronization and AI analysis

🔔 Push Notifications:

For status updates on your tax return (optional)

You can revoke permissions at any time in your device settings. However, this may limit the functionality of the app.

11. Cookies and Tracking

Our website and app use:

Necessary Cookies:

  • Session cookies for authentication
  • Security cookies for fraud prevention

Analytics Cookies (with your consent):

  • Google Analytics (anonymized, IP masking)
  • Usage statistics for app improvement

You can disable cookies in your browser or app settings.

12. Advertising

Our app contains NO advertising.

We do not display ads and do not use third-party advertising SDKs.

13. Children and Minors

Our services are intended for persons aged 18 and over. We do not knowingly collect data from children under 18 without the consent of a legal guardian.

If you suspect unauthorized data collection, please contact us at: dataprotection@thincorp.ch

14. AI-Powered Processing

We use artificial intelligence (AI) for automatic document recognition and categorization as well as for optimizing your tax refund.

  • AI models process your documents locally in a secure environment
  • No data is shared with external AI providers
  • All AI suggestions are reviewed by licensed tax experts
  • You have the right to challenge automated decisions

15. Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify you and the competent supervisory authority without delay (within 72 hours).

16. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements.

For significant changes, you will be notified via:

  • Email notification
  • In-app notification
  • Notice on the website

Last Updated: 29.11.2025

17. Delete Account and Data

Account & Data Deletion

How to delete your account and data:

  1. By email: Send an email to dataprotection@thincorp.ch
  2. In the app: Go to Profile → Settings → Delete Account
  3. Identity verification: We will ask you to confirm your identity (e.g., by replying from your registered email address)
  4. Confirmation: You will receive confirmation within 5 business days

What will be deleted when you close your account:

  • Your user account and profile data
  • Uploaded documents and photos
  • All stored financial and tax data
  • Communication history
  • App usage data and settings

⚠️ Legal Retention Requirement:

The following data must be retained due to legal obligations:

  • Submitted tax returns: 10 years (Swiss tax law)
  • Invoices and payment receipts: 10 years (commercial law)
  • Accounting vouchers: 10 years (bookkeeping obligation)

This data will be automatically deleted after the legal retention period expires.

⏱️ Automatic Data Deletion (90 days):

The following data is automatically deleted after 90 days of inactivity:

  • Technical logs and session data
  • Temporary uploads and cache
  • Analytics data and usage statistics
  • Verification codes and security tokens

No action is required from you – this data is automatically cleaned up.

Processing timeline:

  • Confirmation: Within 5 business days
  • Deletion: Within 30 days after confirmation
  • Backups: Completely removed within 90 days
Request Account Deletion via Email

Opens your email app with a pre-filled request

18. Contact for Data Protection Inquiries

For data protection questions, please contact us:

Data Protection Officer

Thincorp

Geissgasse 5

5070 Frick, Switzerland

Email: dataprotection@thincorp.ch

We strive to respond to your inquiries within 30 days.