Privacy

This notice explains how [TODO: legal entity name] (“Neucelle”, “we”) processes personal and business data when you use neucelle.ch and the Neucelle application. It is written to meet both the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nLPD / revFADP).

Who is responsible

The data controller is [TODO: legal entity name], [TODO: registered address]. For any privacy question or to exercise your rights, contact [TODO: privacy@neucelle.ch]. See also our Impressum.

What we read and store

• Account data — your name, email and authentication identifiers, the restaurant(s) you operate, and your plan / billing status.
• Invoices you send us — whether you snap a photo, upload a file, or forward a supplier email to your private Neucelle inbox, we store the document image/file and the line items extracted from it (supplier, SKU, quantity, unit, unit cost, totals).
• Recipe and cost data — the recipes, ingredients and cost history you build or that we derive from your invoices.
• Connected-service data — if you connect a POS or accounting tool, the sales / accounting data you authorise us to read or write (see subprocessors below).
• Product and technical data — usage events, device / browser metadata and error diagnostics, used to operate and improve the service.

We do not sell your data, and we do not use your invoices, recipes or cost figures to train third-party AI models.

Why we process it (legal basis)

• Performance of a contract (GDPR Art. 6(1)(b)) — to provide the service you signed up for: reading invoices, computing food cost, sending your digest.
• Legitimate interests (GDPR Art. 6(1)(f)) — to keep the service secure, debug errors, and understand aggregate product usage.
• Legal obligation (GDPR Art. 6(1)(c)) — to keep billing and tax records.
• Consent (GDPR Art. 6(1)(a)) — where required, e.g. for non-essential analytics cookies.

Who processes data on our behalf (subprocessors)

We use a small set of vetted subprocessors. Each only receives the data it needs for its function, under a data-processing agreement.

Where a subprocessor is located outside Switzerland / the EEA, transfers rely on Standard Contractual Clauses or an equivalent safeguard. A current list is available on request at [TODO: privacy@neucelle.ch].

Where data is hosted

Your invoices and account data are stored in our primary database and object storage region: [TODO: confirm hosting region — e.g. EU (Frankfurt)]. Invoice OCR is performed by Mindee as described above.

How long we keep it

• Account, invoice, recipe and cost data — for as long as your account is active, then deleted within [TODO: e.g. 90 days] of account closure unless you ask us to delete it sooner.
• Billing / tax records — retained as long as the law requires (typically up to 10 years under Swiss commercial law).
• Diagnostics / analytics — retained for a rolling window of [TODO: e.g. 12 months].

Your rights

Under the GDPR and nLPD you can ask us to: access the data we hold about you; correct it; delete it; export it in a portable format; restrict or object to certain processing; and withdraw consent at any time. You can export your recipes, invoices and cost history to CSV yourself from the app, or email [TODO: privacy@neucelle.ch] for a full export or deletion. We respond within 30 days. You also have the right to lodge a complaint with your supervisory authority (in Switzerland, the FDPIC; in the EU, your national authority).

Cookies

We use essential cookies to keep you signed in. We also use product analytics (PostHog); where consent is required for non-essential analytics, we ask for it before loading them.

Changes

If we change this notice we will update the “last reviewed” date above and, for material changes, notify you by email.