Vestaliq

Privacy Policy

Last updated: 24 March 2026

1. Data Controller

Vestaliq (“we”, “us”, “our”) is the data controller responsible for your personal data. For all data protection enquiries, please contact us at privacy@vestaliq.app.

2. Types of Data We Collect

  • Account data: Name, email address, and any information you provide when registering or joining our waitlist.
  • Property data: Property addresses, maintenance requests, and associated documents that you or your tenants upload through the platform.
  • Usage data: Log data, IP addresses, browser type, pages visited, and session duration collected automatically when you use the service.
  • Communication data: Messages sent through our in-app chat and email correspondence with our support team.

3. Purpose of Processing

  • Providing, operating, and improving the Vestaliq service.
  • Communicating with you about your account, updates, and support requests.
  • Notifying waitlist members when access becomes available.
  • Detecting and preventing fraud, abuse, and security incidents.
  • Complying with legal obligations.

4. Retention Periods

Account and property data is retained for the duration of your active account plus 12 months following account closure, unless a longer retention period is required by law. Usage logs are retained for 90 days. Waitlist email addresses are retained until the waitlist programme ends or until you request deletion, whichever comes first.

5. Third-Party Processors

We engage the following sub-processors to operate the service. Each processor acts under a data processing agreement and handles data only as instructed by us:

  • Supabase — Database and authentication infrastructure. Data is hosted in the EU.
  • Vercel — Application hosting and edge network. Data may transit through global edge nodes.
  • Resend — Transactional email delivery (account notifications, magic links).
  • Anthropic — AI inference for maintenance triage and chat features. Only the minimum data required to process a request is transmitted.

6. Your Rights under the Swiss DSG

Under the Swiss Federal Act on Data Protection (DSG / nDSG), you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on our legitimate interests.

To exercise any of these rights, email us at privacy@vestaliq.app. We will respond within 30 days.

7. Cookies and Analytics

We use cookies and similar technologies to operate the service and, with your consent, to collect anonymised usage analytics. You can accept or decline analytics cookies via the banner displayed on your first visit. Essential cookies required for login and session management are always active.

8. International Transfers

Where personal data is transferred outside Switzerland, we ensure an adequate level of protection through standard contractual clauses or adequacy decisions recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

9. Contact

For any questions about this Privacy Policy or our data practices, contact us at privacy@vestaliq.app.