Privacy Policy

Last updated: 22 March 2026

1. Who We Are (Controller)

PackLite is operated by Brian Patrick Douglas, Hügelistrasse 5, 9535 Wilen bei Wil, Switzerland (info@packlite.ch). This person / entity is the data controller within the meaning of the Swiss Federal Act on Data Protection (nDSG) and the EU General Data Protection Regulation (GDPR) where applicable.

2. What Personal Data We Collect

  • Account data: your name, email address, and hashed password when you register.
  • Usage data: hiking trips, gear items, and preferences you enter into the app.
  • Billing data: payment information is processed exclusively by Stripe, Inc. We store only your Stripe customer/subscription ID – we never see your full card number.
  • Technical data: server access logs (IP address, browser, timestamp) retained for up to 30 days for security and debugging purposes.
  • Session cookies: one first-party, strictly necessary session cookie is set after login. No third-party tracking or advertising cookies are used.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR / Art. 31(2)(a) nDSG): account and usage data are processed to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR / Art. 31(2)(b) nDSG): server logs are kept to detect abuse and ensure security.
  • Consent (Art. 6(1)(a) GDPR / Art. 31(2)(a) nDSG): you give consent to these terms when you create your account.
  • Legal obligation: we may retain data as required by applicable Swiss law (e.g. commercial records under OR Art. 958).

4. Data Sharing & Third Parties

  • Stripe, Inc. – payment processing. Stripe is GDPR-compliant and processes data under its own privacy policy. Data may be transferred to the United States under the EU–US Data Privacy Framework.
  • Hosting provider – servers are hosted on Fly.io. Only infrastructure access (backups, monitoring) applies; they have no access to your personal data beyond what is technically necessary.
  • We do not sell, rent, or share your personal data with any other third parties.

5. Data Retention

Your account data is stored for as long as your account is active. After account deletion, all personal data is purged within 30 days, except where a longer retention period is required by Swiss law (e.g. 10-year retention of financial records under OR Art. 958f).

6. Your Rights

Under the nDSG (and GDPR where applicable) you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC – www.edoeb.admin.ch) or your local EU supervisory authority

To exercise any of these rights, please contact us at info@packlite.ch.

7. Cookies

PackLite sets one strictly necessary session cookie (_session_id) after you log in. This cookie expires when you close your browser or log out. No analytics, advertising, or third-party cookies are set. Because only strictly necessary cookies are used, no cookie consent banner is required under Swiss and EU law; however we disclose this here for full transparency.

8. Security

Passwords are stored as bcrypt hashes and are never readable in plaintext. All data is transmitted over HTTPS (TLS 1.2+). Access to production data is restricted to the operator.

9. Changes to This Policy

We will notify registered users by email of any material changes at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact

Brian Patrick Douglas
Hügelistrasse 5
9535 Wilen bei Wil, Switzerland
info@packlite.ch