Privacy policy
Last updated: July 2026
This page has been translated for your convenience; only the French version is legally binding in the event of a dispute or discrepancy in interpretation.
Legal framework
This policy describes how Calyroc (see the legal notice) collects, uses and protects the personal data of this site's visitors. It is written in accordance with the Swiss Federal Act on Data Protection (revFADP/nLPD, in force since 1 September 2023) and, for visitors located in the European Union or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR (Data Protection Act 2018).
Data controller
The controller responsible for data collected through this site is Thomas Prud'homme, operating the sole proprietorship Calyroc. Full contact details are in the legal notice.
Purposes and legal basis
Calyroc processes personal data for the following purposes, each resting on a distinct legal basis:
Responding to a contact request or preparing a quote: pre-contractual steps taken at the request of the data subject.
Delivering a project accepted by a client: performance of the contract concluded with that client.
Measuring site traffic anonymously: legitimate interest in understanding and improving the site.
Running the Ask Calyroc conversational assistant: legitimate interest in offering a decision-support tool, used only at the visitor's own initiative.
Data collected
Contact form: name, email address, indicative budget and message — used only to respond to your request, never sold or used for marketing purposes without explicit consent.
Traffic measurement: Umami Cloud, a cookieless solution with no personal identifier, used only to understand overall site traffic (page views, general origin, device type).
Conversational assistant (Ask Calyroc): messages exchanged with the assistant are processed by AI to generate a reply, but are not retained beyond the current conversation session.
Recipients, processors and international transfers
This site relies on the following providers to operate, each acting as a processor within the meaning of the nLPD and the GDPR:
Cloudflare, Inc. (United States): site hosting, anti-spam protection for the contact form (Turnstile), and the AI infrastructure behind the conversational assistant.
Stripe Payments Europe, Ltd.: online payment processing (project deposits and balances).
Resend (United States): transactional emails (confirmations, notifications, payment receipts).
Umami Cloud: anonymous, cookieless traffic measurement.
Some of these providers process data outside Switzerland and the European Economic Area, notably in the United States. These transfers rely on the European Commission's Standard Contractual Clauses or an equivalent compliance mechanism offered by each provider.
Retention period
Data submitted through the contact form is kept for as long as necessary to handle your request, then for a further 12 months to allow for possible follow-up, unless a business relationship continues beyond that period.
Invoicing and accounting records are kept for 10 years, in accordance with art. 958f of the Swiss Code of Obligations.
Messages exchanged with the conversational assistant are not retained beyond the current conversation session.
Your rights
Under the nLPD, the GDPR and the UK GDPR, you have the following rights over your personal data: access, rectification, erasure (subject to the statutory retention periods mentioned above), restriction of processing, objection to processing, data portability, and withdrawal of consent where processing relies on it.
To exercise any of these rights, write to hello@calyroc.com. You also have the right to lodge a complaint with the competent data protection authority: the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) in Switzerland, the data protection authority of your country of residence if you are located in the European Union, or the Information Commissioner's Office (ICO, ico.org.uk) if you are located in the United Kingdom.
Automated decision-making
Calyroc does not carry out any fully automated decision-making that produces legal effects or similarly significantly affects you, including profiling.
Representative in the European Union and the United Kingdom
Calyroc is a Swiss sole proprietorship with no establishment in the European Union or the United Kingdom. Its processing of EU or UK residents' data through this site remains occasional, does not involve any special category of data, and is unlikely to result in a high risk to data subjects' rights and freedoms: no representative has therefore been designated to date under Art. 27 GDPR or its UK equivalent. This will be reassessed if Calyroc's activity evolves.
Security
Calyroc implements reasonable technical and organizational measures to protect your data: encrypted connections (HTTPS), data access limited to Thomas Prud'homme, and reliance on providers that are themselves bound by contractual security obligations.
Changes to this policy
This policy may be updated to reflect changes to the site or to applicable regulation. The last-updated date appears at the top of this page.