PRIVACY
POLICY.

Who We Are

StarFlux is an intelligent automation agency based in the Canton of Graubünden, Switzerland. We provide automation systems, AI agents, and custom technology solutions to businesses and agencies.

Data Controller:
StarFlux
Canton of Graubünden, Switzerland
Email: [email protected]
(Full registered details to be updated upon company registration.)

Data We Collect

We collect personal data in the following ways:

Data You Provide Directly

• Name and email address when you contact us, submit a form, or book a call
• Business name, role, and project details shared during consultations
• Communication content — emails, messages, and meeting notes exchanged with us
• Billing information if you purchase a service (processed via our payment provider)

Data Collected Automatically

• IP address and approximate location (country/region level)
• Browser type, device type, and operating system
• Pages visited, time on page, and referring URL
• Cookies and similar tracking technologies (see Section 8)

Data From Third Parties

• Analytics data from services such as Google Analytics or equivalent
• Information shared via integrations you authorise (e.g. connecting your CRM or tools as part of a project)

How We Use Your Data

We use your personal data for the following purposes:

• To respond to enquiries and communicate with you about our services
• To deliver the automation systems and services you have engaged us to build
• To process payments and manage billing
• To send service-related communications (project updates, support, invoices)
• To improve our website, services, and user experience based on analytics
• To comply with legal obligations and enforce our Terms of Service
• To send occasional marketing communications, only with your explicit consent

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects without your knowledge.

Legal Basis for Processing

Under the Swiss nDSG, we process your personal data on the following legal bases:

• Contract performance — processing necessary to deliver services you have requested
• Legitimate interests — operating and improving our business, communicating with prospects, security monitoring
• Legal obligation — compliance with Swiss law, tax obligations, and regulatory requirements
• Consent — for marketing communications and non-essential cookies, where we have obtained your explicit consent

Data Sharing

We share your data only where necessary and only with trusted parties:

• Service providers — hosting providers, payment processors, analytics tools, and email platforms used to operate our business. These providers are contractually bound to protect your data.
• Professional advisors — lawyers and accountants where required for legal or financial compliance
• Legal authorities — where we are required to disclose data under Swiss law or a valid legal order
• Business transfers — in the event of a merger, acquisition, or sale of business assets, your data may be transferred as part of that transaction

We do not share your data with any third party for their own marketing purposes.

International Data Transfers

Some of our service providers may process data outside of Switzerland. Where this occurs, we ensure appropriate safeguards are in place, including:

• Transfers to countries recognised by the Swiss Federal Council as providing adequate data protection
• Standard contractual clauses approved by the Swiss Federal Data Protection Commissioner (FDPIC)
• Other lawful transfer mechanisms under the nDSG

You may request information about the specific safeguards applicable to any international transfer by contacting us at [email protected].

Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy:

• Client data — retained for the duration of our engagement and for up to 10 years thereafter to comply with Swiss commercial and tax law
• Enquiry and contact data — retained for up to 2 years from last contact
• Marketing data — retained until you withdraw consent or unsubscribe
• Website analytics — typically retained in aggregated or anonymised form

Once the applicable retention period expires, your data is securely deleted or anonymised.

Cookies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us operate and improve the site.

Types of Cookies We Use

• Essential cookies — required for the website to function. Cannot be disabled.
• Analytics cookies — help us understand how visitors use the site (e.g. pages visited, time on site). Used only with your consent.
• Preference cookies — remember your settings and choices across visits.

You can control non-essential cookies through your browser settings or our cookie consent tool. Disabling certain cookies may affect the functionality of our website.

Your Rights

Under the Swiss nDSG, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you
• Right to rectification — you may request correction of inaccurate or incomplete data
• Right to erasure — you may request deletion of your data where we have no legal basis to continue holding it
• Right to restriction — you may request that we limit how we use your data in certain circumstances
• Right to data portability — you may request your data in a structured, machine-readable format
• Right to object — you may object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:

• Encrypted data transmission (TLS/HTTPS) across all our systems
• Access controls limiting data access to authorised personnel only
• Regular security assessments and updates
• Secure data deletion procedures when retention periods expire

While we take every reasonable precaution, no data transmission or storage system can be guaranteed as completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the FDPIC as required by Swiss law.

Minors

Our services are intended for businesses and individuals aged 18 or over. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services following any update constitutes your acceptance of the revised policy.

Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact us:

We aim to respond to all privacy-related requests within 30 days of receipt.