Calyroc

Privacy policy

Last updated: July 2026

This page has been translated for your convenience; only the French version is legally binding in the event of a dispute or discrepancy in interpretation.

2

Data controller

The controller responsible for data collected through this site is Thomas Prud'homme, operating the sole proprietorship Calyroc. Full contact details are in the legal notice.

4

Data collected

Contact form: name, email address, indicative budget and message — used only to respond to your request, never sold or used for marketing purposes without explicit consent.

Traffic measurement: Umami Cloud, a cookieless solution with no personal identifier, used only to understand overall site traffic (page views, general origin, device type).

Conversational assistant (Ask Calyroc): messages exchanged with the assistant are processed by AI to generate a reply, but are not retained beyond the current conversation session.

5

Recipients, processors and international transfers

This site relies on the following providers to operate, each acting as a processor within the meaning of the nLPD and the GDPR:

Cloudflare, Inc. (United States): site hosting, anti-spam protection for the contact form (Turnstile), and the AI infrastructure behind the conversational assistant.

Stripe Payments Europe, Ltd.: online payment processing (project deposits and balances).

Resend (United States): transactional emails (confirmations, notifications, payment receipts).

Umami Cloud: anonymous, cookieless traffic measurement.

Some of these providers process data outside Switzerland and the European Economic Area, notably in the United States. These transfers rely on the European Commission's Standard Contractual Clauses or an equivalent compliance mechanism offered by each provider.

6

Retention period

Data submitted through the contact form is kept for as long as necessary to handle your request, then for a further 12 months to allow for possible follow-up, unless a business relationship continues beyond that period.

Invoicing and accounting records are kept for 10 years, in accordance with art. 958f of the Swiss Code of Obligations.

Messages exchanged with the conversational assistant are not retained beyond the current conversation session.

7

Your rights

Under the nLPD, the GDPR and the UK GDPR, you have the following rights over your personal data: access, rectification, erasure (subject to the statutory retention periods mentioned above), restriction of processing, objection to processing, data portability, and withdrawal of consent where processing relies on it.

To exercise any of these rights, write to hello@calyroc.com. You also have the right to lodge a complaint with the competent data protection authority: the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) in Switzerland, the data protection authority of your country of residence if you are located in the European Union, or the Information Commissioner's Office (ICO, ico.org.uk) if you are located in the United Kingdom.

8

Automated decision-making

Calyroc does not carry out any fully automated decision-making that produces legal effects or similarly significantly affects you, including profiling.

9

Representative in the European Union and the United Kingdom

Calyroc is a Swiss sole proprietorship with no establishment in the European Union or the United Kingdom. Its processing of EU or UK residents' data through this site remains occasional, does not involve any special category of data, and is unlikely to result in a high risk to data subjects' rights and freedoms: no representative has therefore been designated to date under Art. 27 GDPR or its UK equivalent. This will be reassessed if Calyroc's activity evolves.

10

Cookies

This site uses no audience-measurement or advertising cookies — the analytics solution used (Umami) works without cookies or personal identifiers. No consent banner is therefore displayed.

11

Security

Calyroc implements reasonable technical and organizational measures to protect your data: encrypted connections (HTTPS), data access limited to Thomas Prud'homme, and reliance on providers that are themselves bound by contractual security obligations.

12

Changes to this policy

This policy may be updated to reflect changes to the site or to applicable regulation. The last-updated date appears at the top of this page.