Legal

Privacy Policy

Last updated: 2026 · Compliant with Swiss FADP and EU GDPR

1. Controller

The controller responsible for processing your personal data is:

Erik Höhener (sole proprietorship)
Oberdorf 1
9565 Bussnang
Switzerland
Email: hello@peco-coach.com

2. Data we process

The following data is processed when you use the service:

Business data you enter in the coach chat (business idea, audience, budget, etc.) — stored locally in your browser (localStorage) and optionally in our cloud (Supabase) if you sign in.
Email address when you sign up for cloud sync or purchase a subscription.
Chat history with the AI coach — stored per plan in localStorage and cloud.
Payment data (card details, billing address) — processed exclusively by Stripe Inc. (see section 4). We never see your card number.
Technical data: IP address, browser type, user-agent — used for abuse protection (rate-limiting) and service delivery.

3. Purpose of processing

Providing the coaching service (plan generation, chat, etc.)
Contract execution for paid subscriptions
Cross-device synchronization of your plans (if enabled)
Sending daily task reminders (only if subscribed)
Abuse protection (rate-limiting, quota tracking)
Compliance with legal retention obligations (invoices)

4. Third parties (sub-processors)

We use the following sub-processors who may have access to your data:

Vercel Inc. (USA) — website hosting
→ Standard Contractual Clauses in place. Frankfurt edge region used where available.

Supabase Inc. (EU region) — database + auth
→ Region: Frankfurt (EU). Your data does not leave the EU.

Stripe Inc. (USA / IE) — payment processing
→ Sub-processor for all card payments. PCI-DSS compliant.

Resend Inc. (USA) — transactional email
→ Delivery of magic-link login and task reminders.

Anthropic PBC(USA) — AI model "Claude"
→ Processes chat content to generate plans. Anthropic does NOT train on API data (zero-data-retention option).

5. Retention

Plans and workspace data: as long as your account is active
On account deletion: data removed within 30 days
Invoices: 10 years per Swiss commercial law (Art. 962 CO)
Server logs: maximum 30 days

6. Your rights

You have the right to:

Access the personal data we store about you
Rectification of inaccurate data
Erasure (right to be forgotten, subject to legal retention obligations)
Data portability (export your plans as JSON in Settings)
Withdrawal of consent at any time
Lodge a complaint with a supervisory authority (FDPIC in Switzerland, or your local EU data protection authority)

To exercise your rights, contact hello@peco-coach.com. We respond within 30 days.

7. Cookies / localStorage

We use no tracking cookies. We use only technically necessary browser localStorage for:

Your plans (local storage of your work)
Your tier (subscription status)
Quota counter (requests today)
Session token (login)

You can clear these at any time via browser settings — local data is lost (cloud backup remains intact).

8. Security

We implement technical and organisational measures to protect your data: HTTPS encryption, rate-limiting, row-level security on the database, regular software updates. However, 100% security on the internet cannot be guaranteed.

9. Changes to this policy

We may update this policy when laws change or new sub-processors are added. Material changes will be communicated by email to registered users at least 30 days in advance.

Imprint · Terms · Refund

2. Data we process

The following data is processed when you use the service:

Business data you enter in the coach chat (business idea, audience, budget, etc.) — stored locally in your browser (localStorage) and optionally in our cloud (Supabase) if you sign in.

Email address when you sign up for cloud sync or purchase a subscription.

Chat history with the AI coach — stored per plan in localStorage and cloud.

Payment data (card details, billing address) — processed exclusively by Stripe Inc. (see section 4). We never see your card number.

Technical data: IP address, browser type, user-agent — used for abuse protection (rate-limiting) and service delivery.

3. Purpose of processing

Providing the coaching service (plan generation, chat, etc.)

Contract execution for paid subscriptions

Cross-device synchronization of your plans (if enabled)

Sending daily task reminders (only if subscribed)

Abuse protection (rate-limiting, quota tracking)

Compliance with legal retention obligations (invoices)

4. Third parties (sub-processors)

We use the following sub-processors who may have access to your data:

Vercel Inc. (USA) — website hosting
→ Standard Contractual Clauses in place. Frankfurt edge region used where available.

Supabase Inc. (EU region) — database + auth
→ Region: Frankfurt (EU). Your data does not leave the EU.

Stripe Inc. (USA / IE) — payment processing
→ Sub-processor for all card payments. PCI-DSS compliant.

Resend Inc. (USA) — transactional email
→ Delivery of magic-link login and task reminders.

Anthropic PBC(USA) — AI model "Claude"
→ Processes chat content to generate plans. Anthropic does NOT train on API data (zero-data-retention option).

6. Your rights

You have the right to:

Access the personal data we store about you

Rectification of inaccurate data

Erasure (right to be forgotten, subject to legal retention obligations)

Data portability (export your plans as JSON in Settings)

Withdrawal of consent at any time

Lodge a complaint with a supervisory authority (FDPIC in Switzerland, or your local EU data protection authority)

To exercise your rights, contact hello@peco-coach.com. We respond within 30 days.

7. Cookies / localStorage

We use no tracking cookies. We use only technically necessary browser localStorage for:

Your plans (local storage of your work)

Your tier (subscription status)

Quota counter (requests today)

Session token (login)

You can clear these at any time via browser settings — local data is lost (cloud backup remains intact).