Skip to main content

Privacy Policy

Introduction and Scope:
 This Privacy Policy explains how Capptoo AG (“Capptoo,” “we,” “us,” or “our”) collects, uses, and discloses personal data when you use our website (https://capptoo.com) or otherwise interact with us (for example, by contacting us via online forms or email). It applies to all personal information collected through Capptoo’s websites and related communications with external parties. By using our website or providing personal information to us, you agree to the processing of your information as described in this Privacy Policy. We are committed to ensuring that your privacy is protected in compliance with applicable laws.

Personal Data We Collect:
 We may collect and process the following categories of personal data:

  • Information You Provide Voluntarily: When you interact with us, for example by filling out a contact form, signing up for newsletters, or contacting us by email/phone, you may provide personal information such as your name, company name, job title, email address, telephone number, postal address, or other contact details. Any personal data you send us voluntarily (e.g. messages describing your needs or inquiries) is collected and used for the purposes described in this Policy. Personal information in this context refers to any information that identifies you as an individual or that relates to an identifiable person (this can include business contact details and other information you choose to share with us).

  • Information Collected Automatically: When you visit our website, we and our third-party analytics providers may automatically collect certain technical data about your device and browsing actions. This data may include your IP address (and general geographic location inferred from it), device and browser type, operating system, referral URLs, pages viewed, the dates/times of access, and other information about how you navigated or used our site. We collect this information through cookies and similar tracking technologies (as described below) and through our server logs. Although we do not normally use this data to identify you, it may be considered personal data under applicable laws because it can relate to your device. We treat such identifiers and combined usage information as personal data when required by law.

  • Cookies and Tracking Technologies: Our website uses “cookies” and similar technologies to enhance user experience and analyze web traffic. Cookies are small text files placed on your device that allow us to recognize your browser and capture certain information. For instance, we may use analytics cookies to understand which pages are most frequently visited, or functional cookies to remember your preferences. These technologies help us provide a better website experience and relevant content. You have the ability to accept or decline non-essential cookies via our cookie consent banner. Most web browsers also allow you to adjust settings to refuse or delete cookies. Please note that if you disable cookies, some features of our site may not function properly.

  • Information from Other Sources: On occasion, we may receive personal data about individuals from third-party sources. For example, if you engage with Capptoo via social media or LinkedIn, or if your information is publicly available through professional directories, we might collect such information for our business development purposes. We only obtain data from reputable sources and will treat any such acquired personal data in accordance with this Privacy Policy. (No sensitive personal data is gathered in this way, only business-related contact information.)

How We Use Personal Data (Purposes of Processing):
 We use the personal data collected for the following purposes:

  • Providing and Improving Our Services: To respond to your inquiries or requests (for example, if you submit a “Contact Us” form, we will use your contact information to get in touch and discuss your project). We also process personal data as necessary to operate and improve our website, products, and services. For instance, analyzing how users navigate our site helps us optimize content and user experience.

  • Communication and Marketing: To communicate with you about our offerings, industry insights, or events if you have requested this information or consented to receive marketing communications. For example, we may send you newsletters or updates about Capptoo’s services if you subscribe. You can opt out of marketing emails at any time by clicking the unsubscribe link in the message or contacting us directly. We will not send you promotional communications unless permitted by law (we obtain your prior consent where required). Transactional or informational communications (such as responses to a specific inquiry you sent us) are not considered marketing and may be sent as needed.

  • Analytics and Performance: To analyze website usage and measure the effectiveness of our marketing. We process data (including cookie and device data) to understand how visitors use our site, which pages or content are popular, and how our campaigns are performing. This helps us refine our digital strategies and provide content that is more relevant to our audience. We may use third-party analytics tools (e.g., Google Analytics) that collect information on our behalf; however, these providers are not allowed to use the data for their own purposes. All analytics data is processed in aggregated form where possible.

  • Legal and Security Purposes: To protect the security and integrity of our website, business, and users. For example, we may process personal data as needed to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities. We may also use and retain personal information to fulfill our legal obligations (such as record-keeping or compliance with government requests) and to establish or defend legal claims.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a related purpose that is compatible with the original intent. If we need to process your personal data for an unrelated purpose, we will notify you and obtain your consent or ensure another legal basis applies.

Legal Bases for Processing:
 We rely on the following legal grounds to process personal data, as required under the General Data Protection Regulation (GDPR) and equivalent laws:

  • Consent: In many cases, we ask for your consent to process your personal data. For instance, when you submit your information via our website forms, you consent to our use of that information to respond to you. Similarly, we obtain your consent before setting non-essential cookies or sending you marketing emails. Where we rely on consent, you have the right to withdraw it at any time (for example, by opting out of emails or contacting us), which will apply going forward. (Withdrawal of consent does not affect the lawfulness of processing we conducted before the withdrawal.)

  • Legitimate Interests: We may process personal data as necessary for our legitimate interests, provided those interests are not overridden by your data protection rights. For example, it is in our legitimate interest to understand how our website is used (analytics), to secure our services, and to communicate with existing clients or prospects in a B2B context. When we rely on legitimate interests, we carefully consider and balance any potential impact on your rights. You have the right to object to processing based on our legitimate interests in certain cases (see “Your Rights” below).

  • Contractual Necessity: If you become a client of Capptoo (for example, through a service agreement), we will process your personal data as needed to perform that contract or to take pre-contractual steps at your request. This includes using contact and payment information to deliver services and invoices. (Note: This mostly applies to our business clients and partners rather than website visitors.)

  • Legal Obligations: In some situations, we need to process personal data to comply with a legal or regulatory obligation. For instance, we may retain transaction records for tax law compliance or disclose information if required by a court order or government regulation.

We will clarify the specific legal basis for processing your personal data if required and will only rely on consent or legitimate interests as a basis when permitted under applicable law. If you have any questions about the legal bases for our data processing, you can contact us for more information.

How We Share Personal Data:
 We treat your personal information with care and confidentiality. We do not sell your personal data to third parties. However, we may share personal data in the following circumstances, and always in accordance with data protection law:

  • Service Providers: We share information with third-party companies who provide services on our behalf (sometimes called “processors” or “sub-processors”). These include, for example, website hosting providers, analytics services, customer relationship management (CRM) software providers, email marketing platforms, and IT support. These service providers process personal data only under our instructions and for the purposes outlined in this Policy. We contractually require them to protect personal data with appropriate security measures and to use it solely for providing services to Capptoo.

  • Business Partners: In certain cases, we may partner with other organizations or consultants to deliver projects or organize events. If you register for an event co-hosted by Capptoo and a partner, or if we collaborate with a partner on a service you requested, we might need to share your contact information with that partner. We will do so only as necessary and will inform you at the time of data collection if such sharing will occur. All partners are expected to safeguard your data in line with applicable laws.

  • Legal Requirements and Protection: We may disclose personal data if required to do so by law or legal process (for example, in response to a subpoena or court order), or to comply with obligations under applicable regulations. We may also disclose data when we believe in good faith that it is necessary to investigate or prevent fraud, protect our rights, property, or safety (or those of our users or others), or to address violations of our terms or the law.

  • Corporate Transactions: If Capptoo is involved in a merger, acquisition, reorganization, or sale of some or all of its assets, personal data may be transferred to the parties involved in the transaction as part of due diligence or completion of the transaction. In such cases, we will ensure your data remains protected and will inform you of any significant changes in ownership or use of your personal information.

In all cases where personal data is shared with third parties, we only share the minimum information necessary for the purpose, and we ensure that appropriate contractual protections (such as Data Processing Agreements) are in place to safeguard your information. A list of our key third-party service providers can be provided upon request. We remain responsible for the handling of your personal data by any service providers acting on our behalf.

International Data Transfers:
 Capptoo AG is based in Switzerland, and our website servers and service providers may be located in Switzerland, the European Economic Area (EEA), or other countries. If you are accessing our site from outside Switzerland, be aware that your personal data will be transferred to and processed in Switzerland (which is recognized by the EU as providing an adequate level of data protection).

Additionally, because we operate globally, some of the third parties we use to store or process data (such as cloud hosting or email services) may be in countries outside of Switzerland or the EEA – for example, the United States. Whenever we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place to protect your information as required by law. These safeguards may include:

  • Relying on an adequacy decision by relevant authorities (for instance, transfers from the EU/EEA to Switzerland are permitted because Switzerland is deemed to have adequate protection).

  • Where transfers are made from the EEA or Switzerland to countries not deemed adequate (such as the U.S.), implementing standard contractual clauses (SCCs) or equivalent legal data transfer agreements approved by regulators, which contractually oblige the recipient to protect your data to EU/Swiss standards.

  • In some cases, obtaining your explicit consent for the transfer, or transferring data as necessary to perform a contract with you (e.g., if you are an international client).

You can request more information about the international transfer of your personal data or obtain a copy of the appropriate safeguard measures by contacting us. We continuously monitor the legal developments around data transfers and will adjust our practices to remain compliant.

Data Retention:
 We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The exact duration we keep data depends on the type of information and the context in which it was provided:

  • Contact information (such as names, emails, phone numbers) collected via inquiries or newsletter sign-ups will be kept as long as we have an ongoing relationship with you. If you are not an active client or subscriber, we typically retain such information for a reasonable period (for example, up to 2 years) to follow up on potential business or in case you reach out again. If you unsubscribe from communications or request deletion, we will remove or anonymize your contact data promptly (unless we need to keep it for legal reasons).

  • Analytics data (web usage information) is kept in aggregate form wherever possible. Raw website logs and cookie data are typically retained for a short period (e.g., 14 to 18 months) before being deleted or anonymized. This allows us to analyze trends over time but not to identify individual visitors beyond that retention window.

  • Client-related data (if you become a client) will be retained throughout the customer relationship and thereafter as required by law or our legitimate interests. For example, Swiss commercial law may require us to keep certain business records (which may include personal data like contact and transaction details) for 10 years. We securely archive such records and restrict access to them.

  • Job application data (if you applied for a position with Capptoo through our site) will be retained for the duration of the recruitment process and a period afterward as stated at the time of application (or as required by law). If not stated, we keep applicant data for up to 6 months in case other opportunities arise, unless you object to this.

When we have no ongoing legitimate need or legal obligation to process your personal data, we will either delete it or anonymize it. If deletion or anonymization is not immediately feasible (for example, because the data is stored in backup archives), we will securely store the data and isolate it from further processing until deletion is possible.

Data Security:
 We take the security of your personal data seriously. Capptoo implements appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, for example, encryption of data where appropriate, access controls to databases, and secure hosting environments. We also ensure that any third-party processors handling personal data on our behalf maintain adequate security practices.

However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You share and transmit information to us at your own risk. In the event of a data breach that poses a significant risk to your rights, we will notify you and the relevant authorities as required by law.

Your Rights:
 As an individual, you have certain rights regarding your personal data under applicable data protection laws. Subject to the conditions and exceptions defined in law, these rights may include:

  • Right to Be Informed: The right to receive clear and transparent information about how we collect and use your personal data (which this Privacy Policy is intended to provide).

  • Right of Access: The right to request a copy of the personal data we hold about you, as well as information on how we process it.

  • Right to Rectification: The right to ask us to correct or update any inaccurate or incomplete personal data.

  • Right to Erasure: The right to request deletion of your personal data (“right to be forgotten”) in certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and no other legal basis applies.

  • Right to Restrict Processing: The right to request that we limit the processing of your data (e.g., while we verify or investigate your concerns about accuracy or lawful processing, or you need us to preserve data for a legal claim).

  • Right to Data Portability: The right to obtain your personal data in a structured, commonly used, and machine-readable format and have it transferred to another controller where applicable (this typically applies to data you provided to us and that we process by automated means based on consent or contract).

  • Right to Object: The right to object to certain processing of your personal data. You have the absolute right to object to direct marketing (we will always honor an unsubscribe request). You can also object if we are processing your data based on legitimate interests or for statistical purposes, and you have particular reasons to stop such processing.

  • Rights Related to Automated Decision-Making: We confirm that we do not use your personal data for any automated decision-making processes that produce legal or similarly significant effects on you (including profiling within the meaning of GDPR Article 22). This means no purely algorithmic decisions are made about you by Capptoo without human involvement. If that ever changes, you would have the right to be informed and the right to request human review of any automated decision.

To exercise any of your rights, please contact us using the information provided in the “Contact Us” section. We may need to verify your identity before fulfilling certain requests (for example, to ensure that we do not disclose data to the wrong person). We will respond to your request within the timeframe required by law (generally within 30 days for GDPR, extendable if necessary). Exercising your rights is free of charge. However, if a request is manifestly unfounded or excessive (for instance, repetitive), we may charge a reasonable fee or decline to respond, as permitted by law.

Additionally, you have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data violates the law. If you are in Switzerland, you can contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). If you are in the European Union, you may contact the supervisory authority in your country of residence or work, or where an alleged infringement occurred. We encourage you to contact us first so we can address your concerns directly, but you have the right to reach out to the authorities at any time.

Third-Party Websites and Links:
 Our website may contain links to third-party websites or services (for example, social media pages or partner websites). This Privacy Policy applies only to Capptoo’s website and practices. Once you click a link to leave our site or engage with a third-party service, we do not have control over that third party’s content or privacy practices. We recommend you review the privacy policies of any external sites or services you visit. We are not responsible for the protection of any information you provide to third-party websites that are not controlled by Capptoo.

Changes to this Privacy Policy:
 We may update or revise this Privacy Policy from time to time, in order to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will post the updated Privacy Policy on this page and update the “Last Updated” date above. In case of significant changes, we may also notify you by additional means (such as by email or with a prominent notice on our homepage) if required by applicable law. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Policy constitutes acceptance of the revised terms.

Contact Us:
 If you have any questions, concerns, or requests regarding this Privacy Policy or how Capptoo AG handles your personal data, please contact us at:

  • Email: privacy@capptoo.com
  • Postal Mail: Capptoo AG,Churerstrasse 92i, 8808 Pfäffikon, Switzerland

We will be happy to assist you and address any issues you may have.

Big or small, every project starts with a conversation.

It takes only five seconds to connect! We take care of the rest.