Home / Legal / Privacy Policy

Privacy Policy

How we collect, use, and protect your personal data in compliance with GDPR and Swiss data protection laws.

Last updated: February 2026

1 Introduction

PumpCycle AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Swiss Headquarters: We comply with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws.

2 Information We Collect

2.1 Information You Provide

Account Information

Name, email address, company name, job title when you register

Payment Information

Billing address and payment details (processed securely by our payment provider)

User Content

Pump datasheets, documents, and data you upload to the Service

Communications

Messages you send to us via email or support channels

2.2 Information Collected Automatically

Usage Data

Pages visited, features used, searches performed

Device Information

Browser type, operating system, device identifiers

Log Data

IP address, access times, referring URLs

Cookies

See Section 7 below

2.3 Information from Third Parties

  • Authentication Providers: If you sign in via Google, Microsoft, or SSO, we receive your name and email
  • Integration Partners: If you connect SAP or other systems, we receive equipment and asset data you authorize

3 How We Use Your Information

We use your information for the following purposes:

Purpose Legal Basis (GDPR)
Provide and operate the Service Contract performance
Process payments Contract performance
Send service notifications Contract performance
Respond to support requests Contract performance
Improve our Service Legitimate interest
Send marketing emails (with consent) Consent
Prevent fraud and abuse Legitimate interest
Comply with legal obligations Legal obligation

4 How We Share Your Information

We do not sell your personal information.

4.1 Service Providers

Third parties that help us operate our Service:

Cloud Hosting

Google Cloud Platform

Authentication

Clerk (identity management)

Payment Processing

Stripe

Analytics

Privacy-focused (no personal data sharing)

AI Processing

Google Vertex AI (document extraction)

Error Tracking

Sentry (application error monitoring)

Email

SendGrid (transactional email delivery)

4.2 Other Sharing

  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • Legal Requirements: We may disclose your information if required by law or in response to valid legal process.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

5 Data Retention

We retain your information as follows:

Account Data Until deletion + 30 days backup
User Content Until deletion (unless published)
Published Data Indefinitely (attributed)
Payment Records 7 years (legal requirement)
Log Data 90 days

6 Your Rights

Under GDPR and Swiss law, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate personal data

Erasure

Request deletion ("right to be forgotten")

Restriction

Request restriction of processing

Portability

Receive data in machine-readable format

Objection

Object to legitimate interest processing

Withdraw Consent

Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at privacy@pumpcycle.dev. We will respond within 30 days.

7 Cookies and Tracking

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website.

7.2 Cookies We Use

Type Purpose Duration
Essential Authentication, security, session management Session / 30 days
Functional Remember preferences (language, theme) 1 year
Analytics Understand usage patterns (anonymized) 1 year

7.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

8 International Data Transfers

Your information may be transferred to and processed in countries outside your residence, including the United States (for certain cloud services). We ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses (SCCs)
  • Swiss-U.S. Data Privacy Framework
  • Adequacy decisions where applicable

9 Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption

TLS 1.3 in transit, AES-256 at rest

Security Audits

Regular security reviews and dependency scanning

Access Controls

Strong authentication requirements

Employee Training

Data protection best practices

Incident Response

Documented procedures for security incidents

10 Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12 Contact Us

For questions about this Privacy Policy or to exercise your rights:

Data Protection Contact

PumpCycle AI

privacy@pumpcycle.dev

You also have the right to lodge a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). In the EU, this is your local data protection authority.

13 Additional Information for EU/EEA Residents

If you are located in the European Union or European Economic Area:

  • The data controller is PumpCycle AI
  • Our legal bases for processing are described in Section 3
  • You may contact our representative in the EU at privacy@pumpcycle.dev