kapitalfluss Logokapitalfluss
Beta

Privacy Policy

1. Introduction

Protecting your privacy is of utmost importance to kapitalfluss.ch (“we”, “us”). This Privacy Policy specifically informs you about how personal data is processed when using our application for financial data extraction. We comply with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the GDPR.

2. Controller

kapitalfluss.ch
Greulich Digital Labs
Hafenstrasse 60
8590 Romanshorn
Switzerland
E-Mail: info@kapitalfluss.ch

3. Technical Data Processing & Security

We adhere to a strict approach of data minimization (“Privacy by Design”).

  • Volatile Document Processing (RAM-Only): Your uploaded documents (PDFs) are processed exclusively in volatile memory (RAM). They are never saved to hard drives, databases, or cloud storage buckets at any point. Immediately after extraction or session termination, the data is irrevocably deleted from memory.
  • Encryption: All data transmission between your browser, our servers, and our sub-processors occurs exclusively via highly encrypted TLS 1.2+ connections.

4. Data We Store

We store only the minimum data necessary to operate the service:

  • Account Data: Email address and authentication tokens (via Google Auth).
  • Usage Metadata: Number of processed pages, timestamps, current credit balance.
  • Error Logs: Technical error messages containing no personal data from your documents.

5. Data Retention

  • Original Documents (PDFs): 0 days retention. Deleted from RAM immediately after processing.
  • Extracted Data: Sent as an encrypted blob to the user’s browser (Local Storage). The server only stores the temporary decryption key until “unlocked” (credit redemption). Neither the encrypted blob nor the decrypted data are permanently stored on our servers.
  • Metadata: Usage statistics (page counts, transaction volumes) are stored permanently as long as the account exists to provide history and billing records.

5. Third Parties (Sub-Processors)

To provide our service, we utilize specialized infrastructure partners. Data Processing Agreements (DPA) are in place with all partners to ensure the safety of your data.

PartnerLocationPurposeSpecifics
Microsoft AzureZurich, Switzerland (Region: Switzerland North)AI Analysis & OCRWe use Azure OpenAI and Document Intelligence. Microsoft contractually guarantees that your data is not used to train their AI models (“Enterprise Privacy”).
Google CloudZurich, Switzerland (Region: europe-west6)Hosting, Database & AuthHosting of the application and security services. Storage of metadata and identity management.
StripeUSA / GlobalPayment ProcessingCredit card data is sent directly to Stripe and never touches our servers.

6. Your Rights

You have the right to request information about your stored data at any time, as well as the right to correction, blocking, or deletion of this data. Since we do not store your PDF documents, we cannot retrieve or access them retroactively. For privacy inquiries, please contact us at: privacy@kapitalfluss.ch

7. Cookies

We use only technically essential cookies for session management (login status). No third-party tracking or advertising cookies are used.

Last Updated: January 15, 2026