General Notes and Mandatory Information
Provider and Responsible Party
Christina Elisabeth Wälchli
- Zetteli App -
Rütiweg 3
CH-8803 Rüschlikon
E-Mail: privacy@zetteli-app.com
The operators (hereinafter referred to as "Zetteli App", "we", "us") of this application/app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and these data privacy notices.
When you use this application/app (hereinafter referred to as "Zetteli"), various personal data are collected. Personal data is data with which you can be personally identified. These data privacy notices explain which data we collect and what we use it for. They also explain how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Types of Collected Data
The Zetteli App collects personal data from its users. The personal data that Zetteli App processes, either on its own or through third parties, includes:
First name; Last name; Username; Password in a form not readable by the provider; Usage data; Device information; Region; Number of users; Number of sessions; Session duration; Application executions; Application updates; App starts; Operating systems; Email; Data transmitted while using the service; Various types of data; User ID; Phone number; Country; Application information; Device logs; Universally Unique Identifier (UUID).
Personal data may be provided voluntarily by the user or, in the case of usage data, may be collected automatically when Zetteli is used.
Unless otherwise specified, the provision of all data requested by the Zetteli App is mandatory. If the user refuses to provide the data, it may result in the Zetteli App not being able to offer its services to the user. In cases where the Zetteli App expressly identifies the provision of personal data as voluntary, users may choose not to provide this data without any consequences for the availability or functionality of the service.
Any use of cookies - or other tracking tools - by Zetteli App or third-party service providers used by Zetteli App serves the purpose of providing the service requested by the user and all other purposes described in this document.
Users are responsible for all third-party personal data obtained, published, or shared by Zetteli App and confirm that they have obtained the consent to transfer any third-party personal data to Zetteli App.
Nature and Location of Data Processing
Processing Methods
The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access, unauthorized forwarding, modification, or destruction of data.
Data processing is carried out using computers or IT-based systems in an organized manner, following procedures and methods that specifically aim at the stated purposes. In addition to the controller, other internal or external parties – and in the case as necessary, appointed by the controller as data processors (such as technical service providers, courier companies, hosting providers, IT companies, or communication agencies) - may operate the Zetteli App and thus have access to the data.
Legal Basis for Processing
The provider may only process the personal data of users in accordance with Art. 6 of the GDPR if one of the following applies:
• Users have given their consent for one or more specific purposes.
• Data collection is necessary for the performance of a contract with the user and/or for pre-contractual measures resulting from it.
• Processing is necessary to fulfill a legal obligation to which the provider is subject.
• Processing is related to a task carried out in the public interest or in the exercise of official authority vested in the provider.
• Processing is necessary to protect the legitimate interests of the provider or a third party.
In any case, the provider will gladly provide information about the specific legal basis on which the processing is based, especially whether the provision of personal data is a statutory or contractual requirement or a prerequisite for entering into a contract.
Location
Data is processed at the provider's headquarters and at any other location where the entities involved in the data processing are located.
Depending on the user's location, data transfers may involve transferring the user's data to a country other than their own. To learn more about the place of processing of the transferred data, users can consult the section with detailed information on the processing of personal data.
Storage Duration
Personal data will be processed and stored for as long as required by the purpose for which it was collected.
Therefore:
• Personal data collected for the purpose of performing a contract between the provider and the user will be stored until the complete fulfillment of that contract.
• Personal data collected to protect the legitimate interests of the provider will be retained for as long as necessary to fulfill these purposes. Users can obtain more information about the provider's legitimate interests in the relevant sections of this document or by contacting the provider.
• Furthermore, the provider is allowed to store personal data for a longer period if the user has consented to such processing, as long as the consent is not revoked. Additionally, the provider may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.
After the retention period expires, personal data will be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the retention period has expired.
Purposes of Processing
Personal data about the user is collected so that the provider can deliver the service and furthermore comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of the user or third parties), and detect malicious or fraudulent activities.
In addition, data is collected for the following purposes:
• Backend Infrastructure
• Registration and Login via Zetteli
• Registration and Login via Third Parties
• Analytics
• Managing Contacts and Sending Messages
• Managing Contact Requests
• Platform Services and Hosting
• Performance Testing of Content and Features (A/B Testing)
• Commercial Engagement
Users can find detailed information about these processing purposes and the personal data used for each purpose in the "Detailed Information on the Processing of Personal Data" section of this document.
Detailed Information on the Processing of Personal Data
Personal data is collected for the following purposes using the following services:
Platform Services and Hosting
These services aim to host and operate the main components of the Zetteli App application, allowing Zetteli to be offered from a unified platform. These platforms provide the provider with a wide range of tools – such as analytics and comment functions, user and database management, e-commerce, and payment processing – which involve the processing of personal data. Some of these services operate with geographically distributed servers, making it difficult to determine where personal data is stored.
App Store Connect (Apple Inc.)
Zetteli is distributed in Apple's App Store, a platform for distributing mobile applications provided by Apple Inc. App Store Connect allows the provider to manage Zetteli in Apple's App Store. Depending on the configuration, App Store Connect provides the provider with statistical data on user engagement and app discovery, marketing campaigns, sales, in-app purchases, and payments to measure Zetteli's performance. App Store Connect only collects such data from users who have agreed to share it with the provider. Users can find more information about how to opt out through their device settings here. Processed personal data: User ID; Unique Device Identifier for Advertising (e.g., Google Ad ID or IDFA); Purchase history; Usage data; Product interaction; Search history; Tracker; Universally Unique Identifier (UUID); Advertising data. Processing location: United States – Privacy Policy.
Google Play Store (Google Ireland Limited)
Zetteli is distributed in the Google Play Store, a platform for distributing mobile apps provided by Google Ireland Limited.
By distributing this application through this channel, Google collects usage and diagnostic information and shares it with the provider. Most of this information is processed on an opt-in basis. Users can deactivate this analytics function directly through their device settings. Users can find more information on managing analytics settings on this page. Processed personal data: Usage data. Processing location: Ireland – Privacy Policy.
Backend Infrastructure
These types of services are designed to host data and files so that Zetteli can be managed and used. Furthermore, these offerings can provide a ready-made infrastructure that handles specific functions or entire components for Zetteli.
Firebase Cloud Firestore and Firebase Cloud Functions (Google Ireland Limited)
Firebase Cloud Firestore and Firebase Cloud Functions are web hosting and backend services provided by Google Ireland Limited. Processed personal data: Usage data; Various types of data as described in the privacy policy of the service. Processing location: Germany – Privacy Policy.
Performance Testing of Content and Features (A/B Testing)
With the services contained in this section, the provider can track and analyze the response of users to the app's traffic or their behavior after changes were made to Zetteli in terms of structure, text, or other components.
Firebase Remote Config (Google Ireland Limited)
Firebase Remote Config is a service provided by Google Ireland Limited for conducting A/B tests and configurations. Processed personal data: Various types of data as described in the service's privacy policy. Processing location: Germany – Privacy Policy.
Registration and Login via Zetteli
By registering or logging in, users authorize the Zetteli App to identify them and grant them access to specific services. Personal data is exclusively collected and stored for registration and identification purposes. Only data that is necessary to provide the service desired by the user is affected.
Direct Registration
Users register by filling out the registration form and providing their personal data directly via Zetteli. Processed personal data: Name or username; Email; Password in a form not readable by the provider.
Registration and Login via Third Parties
By registering or logging in, users authorize the Zetteli App to identify them and grant them access to specific services. Depending on what is stated below, third parties may provide registration and login services. In this case, Zetteli App may access some data stored by these third parties for registration or identification purposes. Some of the services listed below may collect personal data for targeting and profiling purposes. For more information, please refer to the description of each service.
Firebase Authentication (Google Ireland Limited)
Firebase Authentication is a registration and login service provided by Google Ireland Limited. To simplify the sign-up and login process, Firebase Authentication can use third-party identity services and store the information on their platform. Processed personal data: Last name; Username; Password; First name. Processing location: Germany – Privacy Policy.
Facebook Oauth (Meta Platforms Ireland Limited)
Facebook Oauth is a registration and login service provided by Meta Platforms Ireland Limited, connected to the Facebook network. Processed personal data: Tracker; Various types of data. Processing location: Ireland – Privacy Policy.
Google OAuth (Google Ireland Limited)
Google OAuth is a registration and login service provided by Google Ireland Limited, connected to the Google network. Processed personal data: Various types of data as described in the service's privacy policy. Processing location: Ireland – Privacy Policy.
Sign in with Apple (Apple Inc.)
Sign in with Apple is a registration and login service provided by Apple Inc. When users need to provide their own email address, Sign in with Apple can generate a unique relay address for the user, which automatically sends messages to the user's verified personal email address. This keeps the user's actual email address unknown to the provider. Processed personal data: User ID; Email; Country; Last name; Password; Phone number; First name. Processing location: United States – Privacy Policy.
Managing Contacts and Sending Messages
These types of services allow the management of a database of email contacts or any other contact information to communicate with the user. The services may also collect data about the date and time a message from the user was read, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.
Firebase Cloud Messaging (Google Ireland Limited)
Firebase Cloud Messaging is a messaging service provided by Google Ireland Limited. Firebase Cloud Messaging allows the owner to send messages and notifications to users across platforms such as Android, iOS, and the web. Messages can be sent to individual devices, device groups, specific topics, or specific user segments. Processed personal data: Various types of data as described in the service's privacy policy. Processing location: Germany – Privacy Policy.
Managing Contact Requests
With this type of service, Zetteli App can manage contact requests received by email or other channels, e.g., the contact form. The personal data processed depends on the information provided by the user in the messages and the communication methods used (e.g., email address).
Contact Form “Ideas & Feedback”
This privacy notice informs you about the collection, processing, and use of personal data in connection with our contact form in Zetteli. When you use our "Ideas & Feedback" contact form, we collect the following data you enter: Email address, name, first name, username, and any other information you voluntarily provide. This data is used to process your request and provide you with an appropriate response.
Please note that the contact form is linked to the email domain zetteli-app.com hosted on Zoho Mail. The data you enter via the contact form is forwarded to our email service platform Zoho Mail and stored there. Zoho Mail is a service of Zoho Corporation Pvt. Ltd. Please refer to Zoho Mail's privacy policy for more information on their privacy practices.
We do not directly share the data collected via the contact form with third parties unless required by law or with your explicit consent.
Please be aware that the transmission of information over the internet is not entirely secure. Although we take appropriate measures to protect your data, we cannot guarantee the security of the information transmitted through the contact form. Any transmission is therefore at your own risk.
Analytics
With the services listed in this section, the provider can monitor traffic and analyze user behavior.
Google Analytics for Firebase (Google Ireland Limited)
Google Analytics for Firebase or Firebase Analytics is an analytics service provided by Google Ireland Limited. More information about Google's use of data can be found in Google's partner policy.
Firebase Analytics may share data with other tools provided by Firebase, such as Crash Reporting, Authentication, Remote Config, or Notifications. Users can review this privacy policy to find a detailed explanation of the other tools used by the owner. Zetteli App uses identifiers for mobile devices and cookie-like technologies to run the Google Analytics for Firebase service. Users can opt out of certain Firebase features through the corresponding mobile device settings, such as through mobile device ad settings, or by following the instructions in other sections of this privacy policy regarding Firebase if applicable. Processed personal data: Application executions; Application updates; Number of users; Number of sessions; App starts; Operating systems; Device information; Usage data; Region; Session duration; Tracker. Processing location: Ireland – Privacy Policy.
Commercial Engagement
This privacy notice informs you about the collection, processing, and use of personal data in connection with our participation in affiliate programs.
Our app is registered with various affiliate programs, which allow us to enable sales and other conversions tracking through so-called affiliate links placed in our app.
When you click on an affiliate link in our app and make a purchase or perform another desired action, we may receive a commission from the respective affiliate program. As part of this process, personal data may be collected to track transactions and calculate commissions. The collected data may include: Date and time of the click on the affiliate link, IP address, used browser, operating system, information about the advertised product or service, and possibly other information necessary for processing the transaction.
Please note that we have no direct control over the data collected by the affiliate programs. The privacy practices of individual affiliate programs are subject to the privacy notices and terms of these programs. We recommend reading the privacy notices of the respective programs to learn more about their privacy practices.
We do not collect personal data in connection with your use of affiliate links or affiliate programs unless you voluntarily provide this data via other forms or features in our app.
Further Information on the Processing of Personal Data
Push Notifications
Zetteli App can send push notifications to the user to achieve the purposes mentioned in this privacy policy.
In most cases, users can decline the receipt of push notifications by accessing their device settings, such as mobile phone notification settings, and then adjusting these settings for Zetteli, for some, or all applications on the respective device. Users should be aware that disabling push notifications can negatively affect the Zetteli App and its usability.
User Rights
Users can exercise specific rights concerning their data processed by the provider. To the extent legally permissible, users particularly have the right to do the following:
Revoke their consent at any time. If the user has previously consented to the processing of personal data, they can revoke their consent at any time.
Object to the processing of their data. The user has the right to object to the processing of their data if the processing is based on a legal basis other than consent. Further details on this are provided below.
Access their data. Users have the right to know if data is being processed by the provider, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data.
Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the provider will not process their data for any purpose other than storing it.
Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from the provider.
Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used, and machine-readable format, and if technically feasible, to have it transmitted to another controller without any hindrance.
Lodge a complaint. Users have the right to file a complaint with the relevant supervisory authority.
Details about the right to object to processing
If personal data is processed in the public interest, in the exercise of an authority granted to the provider, or for the protection of the legitimate interests of the provider, the user can object to such processing by providing a justification based on their particular situation.
Users are reminded that they can object to the processing of personal data for direct marketing purposes at any time without providing any reasons. Should the user object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
How to exercise these rights
Any requests to exercise user rights can be directed to the provider through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the provider as early as possible and always within one month. The provider will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed unless this proves impossible or involves disproportionate effort. The provider will inform the user about these recipients if the user requests it.
Additional Information on Data Collection and Processing
Legal Measures
The user's personal data may be processed by the provider for the purpose of enforcing rights in court or in preparation for legal proceedings resulting from improper use of Zetteli or its related services. The user acknowledges that the provider may be obliged to disclose personal data upon request of public authorities.
System Logs and Maintenance
Zetteli App and third-party services may collect files that record interaction with Zetteli (system logs) or use other personal data (e.g., IP address) for this purpose for operational and maintenance purposes.
Information not contained in this Privacy Policy
Further details about the collection or processing of personal data can be requested from the provider at any time using the contact details provided.
Changes to this Privacy Notice
The provider reserves the right to make changes to this Privacy Notice at any time by notifying users on Zetteli and/or, where technically and legally feasible, by sending a notification to users through any contact information available to the provider. Users are therefore advised to regularly check this page and, in particular, to check the date of the last modification listed at the bottom. If changes relate to data usage based on user consent, the provider will, if necessary, seek new consent.
Definitions
Personal Data (or Data) - Any information that, directly or in combination with other information, determines or can determine the identity of a natural person.
Usage Data - Information automatically collected by Zetteli App (or third-party services used by Zetteli App), such as the IP addresses or domain names of the computers used by users who use Zetteli, the URI addresses, the time of the request, the method used to submit the request to the server, the size of the received response file, the numeric code indicating the status of the server response (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the user, the various time details per visit (e.g., how much time spent on each page of the application) and the details about the path followed within an application, especially the sequence of pages visited, and other parameters about the device operating system and/or the user's IT environment.
User - The individual using Zetteli, who, unless otherwise specified, coincides with the data subject.
Data Subject - The natural person to whom the personal data refers.
Data Processor (or Data Supervisor) - The natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, as described in this privacy policy.
Data Controller (or Owner) - The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures concerning the operation and use of Zetteli. Unless otherwise specified, the data controller is the natural or legal person through whom Zetteli is offered.
Zetteli (or this Application) - The hardware or software tool by which the personal data of the user is collected and processed.
Service - The service offered by Zetteli App as described in the relative terms (if available) and on this site/application.
European Union (or EU) - Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area (EEA).
Cookies - Small sets of data stored in the user's device.
Tracker - Any technology - e.g., cookies, unique identifiers, web beacons, embedded scripts, E-Tags, or fingerprinting - allowing users to be traced, for instance by enabling access to or storage of information on the user's device.
Legal Notice
This privacy policy has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This privacy policy relates solely to Zetteli App unless stated otherwise within this document.
Last update: November 1, 2025.