Legal
Privacy Policy
Last updated: 2 July 2026
This Privacy Policy explains how DoData by Bernarding processes personal data when you visit this website, contact DoData, submit feedback, request a free AI scan, or use related services.
Controller
DoData by Bernarding
Marcus Bernarding
Zürichstrasse 12
8600 Dübendorf
Switzerland
Email: legal@do-data.ch
Phone: +41 76 262 54 51
For privacy questions or data subject requests, contact DoData by email. Please include enough context for DoData to identify the relevant interaction or record.
Scope
This policy is written for the Swiss Federal Act on Data Protection and also describes GDPR-relevant information where the EU or EEA data protection rules apply.
Data DoData processes
- Technical access data such as IP address, date and time, browser or device information, requested pages, referrer information, and security or error logs.
- Contact form and feedback data such as name, company, email address, phone number, message, feedback category, and related submission metadata.
- Free AI scan data such as business name, website, city, business category, contact details, notes, public business information, scan inputs, scan results, and follow-up records.
- Audio, transcript, or message content if you choose to use dictation or transcription features.
- Communication data from email, telephone, or WhatsApp conversations.
- Project, lead, customer, and administrative data needed to provide, improve, secure, or document DoData services.
Purposes
- Operate, secure, troubleshoot, and improve the website and DoData services.
- Respond to inquiries, feedback reports, bug reports, and other messages.
- Prepare, run, review, and explain free AI scan results and related business-readability analysis.
- Follow up on requested services or business opportunities.
- Maintain internal records, protect legal interests, and comply with legal obligations.
Legal bases where GDPR applies
- Your consent, for example when you submit a form or choose to use optional features.
- Pre-contractual or contractual necessity when DoData responds to inquiries or provides requested services.
- Legitimate interests in operating, securing, improving, and documenting DoData services.
- Legal obligations where records must be kept or disclosures are required by law.
Processors and recipients
DoData may use technical service providers for hosting, database, storage, backend operations, email, communication, automation, and security. This includes Supabase for application database, storage, and backend infrastructure where configured.
For AI scan, research, enrichment, transcription, and administrative workflows, submitted data and public business information may be processed with AI or model providers, including OpenAI where configured. Only data needed for the relevant workflow should be sent.
Lead, contact, or feedback submissions may be delivered to configured internal tools or webhook-based lead systems. If you contact DoData through WhatsApp, email, or telephone, those communication providers process data under their own technical and legal terms.
DoData does not sell personal data.
Public sources and AI analysis
For free AI scans and related services, DoData may evaluate publicly available business information such as websites, business listings, public contact information, public service descriptions, and other public evidence. AI-generated outputs are used as analysis and workflow support. No decision with legal or similarly significant effect is made solely by automated processing through the public website.
International transfers
Service providers may process data in Switzerland, the EEA, the United States, or other countries. Where data is transferred to countries without an adequate level of protection, DoData relies on appropriate safeguards such as contractual commitments, standard contractual clauses, provider data-processing terms, or other legally recognized safeguards where required.
Cookies and local storage
The public website is currently designed without non-essential marketing tracking cookies. Technical cookies, session data, or local storage may be used where necessary for operation, security, admin authentication, user preferences, or similar technical purposes.
Retention
DoData keeps personal data only as long as necessary for the purposes described in this policy, for follow-up on an inquiry or scan, for service documentation, for security, or for legal and accounting obligations. Retention periods can vary depending on the type of data and the business context. You may request deletion where applicable.
Your rights
Depending on the applicable law, you may have rights to access, correction, deletion, restriction, objection, data portability, and withdrawal of consent. You may also object to processing based on legitimate interests where the legal requirements are met.
In Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC/EDÖB). If GDPR applies, you may also contact the competent data protection authority in the EU or EEA.
Security
DoData uses reasonable technical and organizational measures to protect personal data. No website, email, API, or communication channel can be guaranteed to be completely secure.
Changes
DoData may update this Privacy Policy when services, tools, legal requirements, or processing practices change. The current version is published on this page.
