Datenschutzerklärung

01 Controller

The controller responsible for data processing on this website and the squibble/email service is:

02 Data We Collect

Waitlist & account data

When you join the waitlist or create an account, we collect your email address and, optionally, your name and company. This data is used solely to communicate with you about the service and to provision access.

Email metadata

To operate the email gateway, we process message identifiers, delivery timestamps, bounce classifications, and suppression status. Recipient email addresses are stored only in hashed form in logs. Message bodies are never stored or logged beyond the duration of a single dispatch.

Engagement events

Open and click tracking records the message UUID, event type, and timestamp. No recipient email address or persistent IP address is stored for tracking events.

Access logs

Our servers record standard access logs (IP address, request path, HTTP status, response time) for security and operational purposes. Health-check endpoints are excluded from logging. Logs are retained for 30 days.

Encrypted SMTP credentials

SMTP credentials provided by customers are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256) and are never transmitted outside the service infrastructure. See the Security page for full details.

03 Purpose & Legal Basis

04 Storage & Retention

All data is stored in Switzerland. We do not use subprocessors that store personal data outside Switzerland or the EU/EEA. Switzerland is recognised by the European Commission as providing an adequate level of data protection under GDPR Article 45.

• Access logs: 30 days, then deleted.
• Email metadata & delivery records: retained for the duration of the customer contract plus 12 months, then deleted.
• Suppression lists: retained indefinitely to honour unsubscribe requests and prevent redelivery.
• Account & waitlist data: retained for the duration of the relationship. Deleted within 30 days of a deletion request or account termination.
• SMTP credentials: deleted immediately upon account or mailbox deletion.

05 Subprocessors

We use the following subprocessors. All are EU/CH-resident or operate under an EU adequacy decision. No US-based subprocessors hold customer data at rest.

We will notify customers of any material changes to this subprocessor list at least 14 days in advance via the registered account email address.

06 Your Rights

Under the revFADP and GDPR you have the following rights regarding your personal data:

• Access (Art. 25 revFADP / GDPR Art. 15): request a copy of all personal data we hold about you.
• Rectification (GDPR Art. 16): request correction of inaccurate data.
• Erasure (GDPR Art. 17): request deletion of your data where there is no overriding legal obligation to retain it.
• Restriction (GDPR Art. 18): request that we restrict processing while a dispute is resolved.
• Portability (GDPR Art. 20): receive your data in a structured, machine-readable format.
• Objection (GDPR Art. 21): object to processing based on legitimate interest.

We respond to all data requests within 30 days. To exercise any of these rights, email hello@squibble.ch with the subject line Data Request and a description of your request.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

07 Changes to this Policy

We may update this privacy policy as the service evolves or as legal requirements change. Material changes will be communicated to registered users by email at least 14 days before they take effect. The current version is always published at email.squibble.ch/datenschutz.

Last updated: May 2026

08 Contact

For privacy questions, data requests, or DPA enquiries: