Swissinterns
DRAFTThis document is a working draft. Final version is subject to legal review before public launch.

Privacy Policy

Last updated: 2026-05-18

1. Introduction

Swissinterns (“we”, “our”, “us”) operates the platform at app.swissinterns.ch (the “Service”). This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the Swiss Federal Act on Data Protection (nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data we collect

  • Account data: email, display name (optional), language preference, university (optional), study field (optional), career interests.
  • Authentication data: Google OAuth identifier (if signed in via Google).
  • Usage data: pages visited, favorites added, applications started, search queries (anonymised after 30 days).
  • Diagnostic data: error reports via Sentry (PII-scrubbed — emails and names are redacted before transmission, per NFR16).
  • Cookie data: session cookie set by Supabase Auth (essential for login; no consent banner required per applicable law).

3. Data we do not collect

  • We do not collect IP-based geolocation.
  • We do not use third-party advertising trackers.
  • We do not sell user data to third parties.
  • We do not collect biometric data.

4. Data processors

  • Supabase (Switzerland, Zurich region) — database, authentication, file storage.
  • Vercel (global edge) — application hosting.
  • Sentry (United States) — error monitoring. PII is scrubbed client-side before transmission.
  • Resend (United States) — transactional email (signup confirmation, password reset).
  • Anthropic (United States, zero-retention API) — AI document optimisation (Phase 2 feature). Post-MVP we plan to migrate AI workloads to Phoenix Cloud (Basel, Switzerland) for Swiss data residency on the AI tier.

5. Retention periods

  • Account data: retained until account deletion + 30 days (grace period for restoration).
  • Authentication logs: 12 months (for forensic + nDSG compliance).
  • Usage events: 3 years (per nDSG audit-trail best practice).
  • Diagnostic data (Sentry): 90 days (Sentry default retention).

6. Your rights under nDSG + GDPR

  • Right to access: request a copy of your data via privacy@swissinterns.ch.
  • Right to rectification: edit your profile at /profile or contact us.
  • Right to erasure: delete your account in /profile (data + auth + cascading data are removed).
  • Right to data portability: request a JSON export via privacy@swissinterns.ch.
  • Right to lodge a complaint: with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

7. Children

The Service is intended for users 16 and older (typical internship-seeking demographic). We do not knowingly collect data from users under 16.

8. Changes to this policy

We notify users by email of material changes. The “Last updated” date at the top of this document reflects the most recent revision.

9. Contact

Email: privacy@swissinterns.ch
Postal address: (to be completed by lawyer)