Privacy Policy

Last updated: March 2026

1. Introduction

Neologic Software AG, operating the appoman platform (“appoman”, “we”, “us”, or “our”), provides a cloud-based hotel and booking management platform available at appoman.ch. We are committed to protecting the personal data of our users, customers, and visitors in accordance with the Swiss Federal Act on Data Protection (Bundesgesetz über den Datenschutz, DSG) and, where applicable, the European Union General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and what rights you have. By using our website or services, you acknowledge that you have read and understood this policy.

2. Data We Collect

We collect personal data that you provide directly to us, as well as data generated automatically through your use of our services:

• Account data: When you register, we collect your full name, business email address, company name, phone number, and your chosen password (stored as a cryptographic hash).
• Billing data: We collect billing address and VAT number for invoice purposes. Payment card details are collected and processed exclusively by our payment processor, Stripe, Inc., and are never stored on our servers.
• Usage data: We automatically collect log data including your IP address, browser type and version, operating system, pages viewed, features used, timestamps of interactions, and referring URLs. This data helps us maintain service quality and detect security threats.
• Guest and reservation data: If you use appoman to manage hotel bookings, guest records (names, contact details, stay dates, preferences) are stored in your account. This data belongs to you as the data controller; appoman acts as a data processor.
• Support communications: When you contact our support team by email or chat, we retain those messages to provide assistance and improve our service.
• Cookie and tracking data: We use cookies and similar technologies as described in Section 9 below.

3. How We Use Your Data

We use your personal data for the following purposes:

• Service delivery: To create and manage your account, provide access to the appoman platform, and fulfil the contractual obligations set out in our Terms of Service.
• Billing and payments: To issue invoices, process subscription payments via Stripe, manage plan upgrades or downgrades, and handle refunds where applicable under Swiss law.
• Support and onboarding: To respond to your enquiries, resolve technical issues, and send onboarding communications to help you make the most of the platform.
• Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, abuse of the platform, and other illegal or unauthorised activity.
• Product improvement: To analyse aggregated usage patterns, conduct internal research, and improve the functionality, reliability, and user experience of our services.
• Legal compliance: To comply with applicable Swiss and international legal obligations, including tax record-keeping requirements under the Swiss Code of Obligations (OR).
• Marketing communications: With your explicit consent, to send you product updates, newsletters, and promotional offers. You may opt out at any time by clicking “Unsubscribe” in any email or by contacting us directly.

4. Data Storage and Security

All personal data processed by appoman is stored on servers located in Switzerland and the European Union, operated by Hetzner Online GmbH (Hetzner AG), a German cloud infrastructure provider with data centres in Nuremberg, Falkenstein, and Helsinki. Hetzner AG operates in compliance with ISO/IEC 27001 information security standards.

We implement industry-standard technical and organisational security measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Role-based access controls and principle of least privilege
• Regular automated backups with point-in-time recovery
• Intrusion detection and continuous monitoring
• Annual security audits and penetration testing

Despite our best efforts, no method of electronic transmission or storage is 100% secure. If you become aware of any security vulnerability or breach involving your data, please notify us immediately at info@appoman.ch.

5. Third-Party Services

We engage the following carefully selected third-party service providers who may process your personal data on our behalf. Each provider is bound by a Data Processing Agreement (DPA) ensuring adequate protection of your data:

• Stripe, Inc. (USA) – Payment processing. Stripe is certified as a PCI DSS Level 1 service provider. Data transfers to the USA are safeguarded by Standard Contractual Clauses (SCCs). Privacy policy: stripe.com/privacy
• Google LLC (USA) – reCAPTCHA v3 is used on our registration and contact forms to prevent automated abuse. Google may process your IP address and browser data to evaluate the likelihood that a form submission is human. Google’s privacy policy applies: policies.google.com/privacy
• Vercel, Inc. (USA) – Website hosting and edge delivery. Vercel may collect anonymised request logs. Data transfers are covered by SCCs.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy or to comply with our legal obligations:

• Account data: Retained for the duration of your active subscription plus 30 days after account closure, to allow for reactivation. After this period, account data is permanently deleted from our systems.
• Billing records: Retained for 10 years from the date of the transaction, as required under Swiss tax and accounting law (Art. 958f OR).
• Usage logs: Raw server logs are retained for 90 days, then automatically purged. Aggregated, anonymised analytics may be retained indefinitely.
• Support communications: Retained for 2 years after resolution of the support request.
• Guest/reservation data: As data processor, we retain this data on your behalf for as long as your account is active. Upon account deletion, this data is purged within 30 days.

7. Your Rights

Under the Swiss DSG and, where applicable, the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 25 DSG / Art. 15 GDPR): You may request a copy of all personal data we hold about you.
• Right to rectification (Art. 32 DSG / Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 32 DSG / Art. 17 GDPR): You may request deletion of your personal data, subject to our legal retention obligations.
• Right to data portability (Art. 20 GDPR): You may request your data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to restriction of processing (Art. 18 GDPR): In certain circumstances, you may request that we limit how we process your data.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit a written request to info@appoman.ch. We will respond within 30 days. We may ask you to verify your identity before processing sensitive requests. If you believe your rights have been violated, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

8. Cookies

Our website uses cookies — small text files stored in your browser — to ensure the proper functioning of the site and to improve your experience. We use the following categories of cookies:

• Strictly necessary cookies: Required for the website and platform to function (e.g., session authentication tokens). These cannot be disabled.
• Functional cookies: Remember your preferences such as language selection and dashboard layout.
• Analytics cookies: Used to understand how visitors interact with our website (page views, session duration). We use Vercel Analytics, which does not set persistent third-party cookies.
• Security cookies: Used by Google reCAPTCHA to distinguish human users from automated bots.

You may configure your browser to refuse cookies or to alert you when cookies are being sent. Disabling strictly necessary cookies may prevent parts of the platform from functioning correctly.

9. Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact our privacy team:

Neologic Software AG (appoman)
Privacy Team
Zurich, Switzerland
info@appoman.ch

We will make every effort to address your concerns promptly and in compliance with applicable Swiss data protection law.