Last updated: March 2026

Privacy Policy

Your privacy matters to us. This policy explains how alpa.one GmbH ("we", "us", "Alpabuild") collects, uses, and protects your personal data.

1. Data Controller

alpa.one GmbH
Switzerland
Email: [email protected]

2. Legal Framework

We comply with the Swiss Federal Act on Data Protection (FADP/nDSG) and align our practices with the EU General Data Protection Regulation (GDPR). All personal data is stored and processed in Switzerland.

3. Data We Collect

Account Information

  • Name and email address (provided during registration)
  • Authentication data (managed via NextAuth)

Application Data

  • App source code and configurations you create on the platform
  • Project metadata (names, descriptions, settings)

Usage Data

  • Server-side usage logs (API requests, feature usage, error logs)
  • No client-side analytics or tracking scripts are used

Payment Information

  • Payment details are processed exclusively by Stripe
  • We store only a reference to your Stripe customer ID — never your card details

4. How We Use Your Data

  • To provide and maintain the Alpabuild platform
  • To authenticate your account and manage sessions
  • To process payments and manage subscriptions
  • To send transactional emails (account, billing, security)
  • To improve the platform based on aggregated, anonymised usage patterns
  • To comply with legal obligations

5. Data Hosting & Storage

All data is hosted in Switzerland using Neon Postgres on Swiss infrastructure. Your code, account data, and usage logs remain within Swiss jurisdiction at all times.

6. Third-Party Services

We share data with the following processors only as necessary to operate the platform:

  • Stripe (Dublin, Ireland / USA) — Payment processing.
  • Vercel (USA) — Application deployment and edge delivery.
  • OpenAI (USA) — AI code generation. Used only when you explicitly trigger AI features.
  • Neon (Switzerland) — Managed PostgreSQL database hosting.

7. Cookies

We use essential session cookies only, managed by NextAuth, to keep you logged in. We do not use tracking cookies, advertising cookies, or any third-party analytics scripts.

8. Your Rights

Under FADP/nDSG and GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and all associated data
  • Data Portability — Export all your data as a ZIP archive
  • Restriction — Request that we limit processing of your data
  • Objection — Object to certain types of data processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Retention

  • Account data — Retained until you delete your account
  • Application code — Retained until you delete the project or your account
  • Usage logs — Automatically deleted after 90 days
  • Payment records — Retained as required by Swiss tax law (typically 10 years)

10. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, regular security audits, and strict access controls.

11. Children's Privacy

Alpabuild is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform.

13. Contact

For privacy-related questions: [email protected]

← Back to home