1. Introduction
This Privacy Policy explains how Gugger Digital Services ("we", "us", "Pounce") collects, processes, and protects personal data when you use our B2B company intelligence platform at pounce.ch. We are committed to protecting your privacy in accordance with the Swiss Federal Act on Data Protection (nDSG/FADP, in force since September 1, 2023), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws. This policy applies to all users of our Service, regardless of location.
2. Data Controller
The data controller responsible for processing your personal data is: Gugger Digital Services, Holzmoosrütisteig 1b, 8820 Wädenswil, Switzerland. Email: hello@pounce.ch. For data protection inquiries, please contact us at hello@pounce.ch with the subject line "Data Protection".
3. Personal Data We Collect
We collect personal data only when necessary to provide and improve the Service. Account Data: Email address, name (optional), company affiliation (optional), encrypted password (bcrypt-hashed). Authentication Data: Login timestamps, session tokens (HttpOnly JWT cookies). Payment Data: Processed exclusively by Stripe, Inc. We do not store credit card numbers, CVVs, or full card details on our servers. Stripe provides us with a transaction reference, subscription status, and billing address for invoicing. Usage Data: Pages visited, features used, search queries (anonymized after 90 days), device type, browser type. We do not collect: biometric data, health information, religious or political views, genetic data, or any special categories of personal data.
4. Public Company Data We Process
Pounce processes publicly available information about companies and organizations. Sources include: Official government trade registers (Zefix/CH, Companies House/GB, SIRENE/FR, Brreg/NO, KBO/BE, CVR/DK, PRH/FI, Äriregister/EE and others), the Global Legal Entity Identifier Foundation (GLEIF, licensed under CC0), publicly accessible corporate websites, and SSL/TLS certificate transparency logs. Company data collected includes: company name, legal form, registration number, registered address, industry classification (NACE/NOGA), website URL, technology stack indicators, and domain registration dates. This data is public by law and does not require individual consent. Personal data within company profiles: Where trade register data includes names and roles of company officers or directors (e.g. board members, managing directors), this constitutes personal data of natural persons under nDSG and GDPR. We process this data based on our legitimate interest in providing comprehensive B2B company intelligence (nDSG Art. 6 / GDPR Art. 6(1)(f)). Officer data is only accessible to authenticated users with a Developer plan or higher. Contact data: We collect general business contact information (e.g. info@, contact@, office phone numbers) from public websites and official registries. We do not collect or store personal email addresses (e.g. firstname.lastname@company.com). Contact data is subject to automatic retention policies and periodic revalidation. Opt-out: If you are listed as an officer or contact person in a company profile on Pounce and wish to have your personal data removed, you may request suppression at any time by contacting hello@pounce.ch or using our online removal request form at pounce.ch/request-removal. Suppressed data will be permanently removed and will not be re-collected by our pipeline.
5. Legal Basis for Processing
Under nDSG (Art. 6): Processing is lawful when it is proportionate and serves a legitimate purpose. We process personal data to fulfill our contractual obligations (providing the Service) and based on our legitimate interests (improving the Service, preventing fraud). Under GDPR (Art. 6): (a) Contract performance — processing account data to provide the Service you subscribed to. (b) Legitimate interests — usage analytics to improve the Service, fraud prevention, and security. (c) Consent — marketing communications (opt-in only). (d) Legal obligation — retaining payment records for tax compliance (Swiss tax law requires 10-year retention of business records). Public company data processing: Trade register data is published by governments specifically for public access and transparency. Processing this data serves the legitimate interest of enabling B2B commerce and does not require individual consent.
6. How We Use Your Data
We use your personal data to: (a) create and manage your account, (b) authenticate your identity and maintain session security, (c) process payments and manage subscriptions via Stripe, (d) provide company intelligence, matching, and connection features, (e) send essential service notifications (account, billing, security), (f) improve the Service through aggregated, anonymized usage analytics, (g) detect and prevent fraud, abuse, or security threats, (h) comply with legal obligations. We do not use your personal data for: advertising profiling, sale to data brokers, automated decision-making with legal effects, or purposes incompatible with those stated here.
7. Data Sharing and Processors
We do not sell your personal data. We share data only with the following categories of processors, all bound by data processing agreements: Stripe, Inc. (payment processing) — Stripe is certified under the EU-US Data Privacy Framework. We share transaction data necessary for payment processing. Hetzner Online GmbH (infrastructure hosting) — Our servers are located in Hetzner data centers in Germany (Falkenstein, Nuremberg). Hetzner provides physical infrastructure only and does not access our data. No other third-party services receive your personal data. We do not use Google Analytics, Facebook Pixel, or any advertising trackers. We do not share data with data brokers or marketing platforms.
8. International Data Transfers
Your data is primarily stored and processed in the European Union (Germany) and Switzerland. Switzerland has been recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision, January 2024). For transfers to the United States (Stripe), we rely on: (a) Stripe's certification under the EU-US Data Privacy Framework, (b) Standard Contractual Clauses (SCCs) as a supplementary safeguard. We do not transfer personal data to countries without adequate data protection unless appropriate safeguards are in place.
9. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy: Account data — retained while your account is active. Deleted within 30 days of account deletion request. Session and authentication logs — 90 days, then automatically purged. Payment records — 10 years after the transaction (Swiss tax law, Art. 958f OR). Usage analytics — anonymized after 90 days; anonymized data retained indefinitely. Company data (public) — retained and updated as long as the source data remains publicly available. Upon account deletion, we erase your personal data within 30 days, except where retention is required by law.
10. Your Rights
Under nDSG and GDPR, you have the following rights: Right of access (Art. 25 nDSG / Art. 15 GDPR) — request a copy of the personal data we hold about you. Right to rectification (Art. 6 nDSG / Art. 16 GDPR) — request correction of inaccurate data. Right to erasure (Art. 17 GDPR) — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations. Right to data portability (Art. 28 nDSG / Art. 20 GDPR) — receive your data in a structured, machine-readable format (JSON or CSV). Right to restriction (Art. 18 GDPR) — request limitation of data processing. Right to object (Art. 21 GDPR) — opt out of processing based on legitimate interests. Right to withdraw consent — for consent-based processing (e.g., marketing emails), you may withdraw consent at any time. To exercise any of these rights, contact us at hello@pounce.ch with the subject line "Data Subject Request". We will respond within 30 days.
11. Data Export and Deletion
You may export your personal data at any time through your account settings or by contacting us at hello@pounce.ch. Exports are provided in JSON and CSV formats within 30 days of a verified request. To delete your account and personal data: use the account deletion option in your settings, or email us at hello@pounce.ch. Deletion is processed within 30 days. Some data may be retained longer where legally required (e.g., payment records). Deletion is irreversible.
13. Data Security
We implement appropriate technical and organizational measures to protect your personal data: Encryption in transit — TLS 1.3 for all connections. Encryption at rest — AES-256 for stored data. Password hashing — bcrypt with industry-standard cost factor. Access controls — role-based access, principle of least privilege. Infrastructure — dedicated bare-metal servers in ISO 27001 certified Hetzner facilities. No shared hosting. Monitoring — continuous security monitoring and regular security assessments. Incident response — we maintain an incident response plan in compliance with nDSG and GDPR.
14. Data Breach Notification
In the event of a personal data breach that poses a high risk to your rights: Under nDSG (Art. 24): We will notify the Federal Data Protection and Information Commissioner (FDPIC) as soon as possible. We will notify affected individuals if necessary for their protection. Under GDPR (Art. 33-34): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.
15. Children's Privacy
The Service is designed for business professionals and is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that personal data of a minor has been collected, we will delete it promptly.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when this policy was last revised. We encourage you to review this policy periodically.
18. Contact
Gugger Digital Services, Holzmoosrütisteig 1b, 8820 Wädenswil, Switzerland. Email: hello@pounce.ch. For data protection inquiries, use the subject line "Data Protection". For data subject requests (access, deletion, portability), use the subject line "Data Subject Request".
nDSG & GDPR Compliance Statement
Pounce is committed to protecting your privacy in full compliance with the Swiss Federal Act on Data Protection (nDSG, in force since September 1, 2023) and the EU General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently. We collect only data that is necessary for the stated purposes, keep it accurate, and retain it only as long as required. Your data is protected by appropriate technical and organizational security measures. You have the right to access, correct, delete, restrict, or port your data at any time. This policy does not constitute legal advice. For specific legal questions, please consult a qualified legal professional.