This Privacy Policy describes how Chalet Butler ("we", "us", or "our") collects, uses, and protects your personal information when you use our service.

Data Controller

The data controller responsible for your personal information is:
Benjamin Lüscher (Chalet Butler)
Emmenhofallee 20, 4552 Derendingen, Switzerland
Email: info@chaletbutler.com

1. Information We Collect

Personal Information

• Account Data: Email address, name, password (encrypted)
• Property Data: Property names, addresses, WiFi information, check-out instructions, recommendations
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Usage Data: Property view counts, analytics data

Automatically Collected Information

• Browser type and version
• Device information
• IP address (anonymized)
• Cookies and similar technologies

2. How We Use Your Information

We use your personal information to:

• Provide and maintain our service
• Process payments and subscriptions
• Send important service updates
• Improve our service and user experience
• Comply with legal obligations

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide our service and fulfill our contract with you (account management, property hosting, payment processing)
• Legitimate Interest: Service improvement, security measures, and fraud prevention
• Consent: Optional analytics cookies and marketing communications (you can withdraw consent at any time)
• Legal Obligation: Compliance with applicable laws and regulations

3. Data Storage and Security

Your data is stored securely using Google Firebase infrastructure with the following protections:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted data at rest
• Regular security audits
• Access controls and authentication

4. Third-Party Services

We use the following third-party services that may collect data:

• Google Firebase: Authentication, database, file storage. Data Processing Agreement in place with GDPR safeguards.
• Stripe: Payment processing. PCI-DSS compliant. We do not store credit card information.
• Google Analytics: Usage analytics with IP anonymization enabled. Requires your explicit consent via our cookie banner. You can opt-out at any time through cookie settings or browser extensions.

5. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected users without undue delay via email
• Provide information about the nature of the breach and steps taken to mitigate harm
• Offer guidance on protective measures you can take

6. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Portability: Receive your data in a portable format
• Objection: Object to certain data processing
• Withdraw Consent: Withdraw consent at any time

7. Data Retention

We retain your personal data only as long as necessary to provide our service and comply with legal obligations. When you delete your account, your data is permanently removed within 30 days.

8. Cookies

We use cookies for:

• Essential cookies: Required for authentication and service functionality. These cannot be disabled as they are necessary for the service to work.
• Analytics cookies: Google Analytics cookies to understand usage patterns and improve the service. These are optional and require your explicit consent.

When you first visit our service, you'll see a cookie consent banner with options to:

• Accept all: Enable all cookies including analytics
• Essential only: Use only required cookies
• Customize: Choose which optional cookies to enable

You can change your cookie preferences at any time through your account settings or by clearing your browser cookies. Note that disabling essential cookies may prevent parts of the service from functioning properly.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place through standard contractual clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

• Email: info@chaletbutler.com
• Address: Chalet Butler, Benjamin Lüscher, Emmenhofallee 20, 4552 Derendingen, Switzerland