Rechtliches & Compliance

Blue7A Legal Center

Transparenz für AGB, Datenschutz und Auftragsverarbeitung.

support@blue7a.ch

Privacy

Privacy Policy

Version 2026-02-05Updated 2026-02-05

Blue7A processes personal data solely to provide and secure the SaaS platform. Data is only shared with third parties when required for operation (e.g. hosting providers) or by legal obligation.

Processed data

  • Account data: name, email, roles/team membership, security logs (MFA, login timestamps).
  • Content data: uploaded drawings, production orders, comments. Primary storage in EU data centers.
  • Log data: requests, error logs, performance metrics for stability and security analysis.

Purpose & legal basis

  • Contract fulfillment and operation of the SaaS platform (Art. 6(1)(b) GDPR).
  • Security (e.g. attack detection, fraud prevention) and stability (monitoring, backup).
  • Optional communications for product updates (newsletter only with explicit consent).

Retention & deletion

  • Customer data is deleted or exported after contract end per agreed retention.
  • Backups rotate automatically; disaster recovery only upon customer approval.
  • Support tickets and audit logs are retained according to legal retention periods.

Data subject rights

  • Access, rectification, deletion, restriction and data portability per applicable law.
  • Requests to support@blue7a.ch with clear identification.
  • Complaints may be submitted to the FDPIC (Federal Data Protection and Information Commissioner, www.edoeb.admin.ch).

Data controller

  • Controller: Blue7A, Owner Michael Csako, Röthenbachstrasse 13, 3375 Inkwil, Switzerland.
  • Contact: support@blue7a.ch
  • No Data Protection Officer (DPO) is currently appointed; contact support@blue7a.ch for privacy inquiries.

Sub-processors

  • Supabase Inc. — Database & authentication (Hosting: EU, Frankfurt).
  • Vercel Inc. — Web hosting & deployment (Edge: EU/US).
  • Functional Software Inc. (Sentry) — Error monitoring (Hosting: EU, Frankfurt).
  • Resend Inc. — Email delivery (US, appropriate safeguards e.g. SCCs).
  • Cloudflare Inc. — File storage R2 (EU).
  • Additional sub-processors may be used; the current list is available upon request or in the DPA.

Retention periods

  • Account data: During the contract term and per contractual or legal obligations after termination.
  • Production data (orders, drawings): During the contract term; then deletion or export by agreement.
  • Log data (errors, performance): As long as needed for stability/security, typically short-term.
  • Backup data: Rotating backups per internal backup cycle.
  • Audit logs: Per applicable legal retention obligations.

International data transfers

  • Primary data location: EU data centers (Frankfurt/DE).
  • For third-country transfers, we use appropriate safeguards (e.g. EU Standard Contractual Clauses/SCCs).
  • No data is shared with third parties beyond listed or contractually agreed sub-processors.

Automated decisions

  • Blue7A does not make automated decisions within the meaning of Art. 22 GDPR about users.
  • Production planning (assigning orders to machines/employees) is a customer-controlled function and does not constitute profiling of natural persons.

Technical & organizational measures

Access controls (RBAC), encryption in transit/at rest, regular backups, audit logs and the least-privilege principle are standard. For a DPA (see below) we provide a full TOM overview.

View DPA