Last updated: April 16th, 2025
BePaid Sàrl ("BePaid", "we", "us or our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our website and Software-as-a-Service platform BePaid.ch (the “Service”). It is designed to comply with the Swiss Federal Act on Data Protection (FADP) and other applicable Swiss laws. By using BePaid.ch, you agree to the collection and use of information in accordance with this Privacy Policy.
The data controller responsible for your personal data is BePaid Sàrl, c/o DM Fiduciaire Sàrl, Rue des Jordils 40, 1025 St-Sulpice, Switzerland. If you have questions or requests regarding your personal data, you may contact us at this address or through our contact page on the website. (For privacy-specific inquiries, please include “Privacy Request” in your message.)
We only collect personal data that is necessary for providing our Service and operating our business. This includes:
Account Information: When you create an account, we collect your name and email address. If you register an organization on BePaid, we may also collect your organization or company name and related details (e.g. company address, identification number, VAT number).
Profile and Usage Data: Information you provide in your user profile or organization profile (such as contact details or business information) and any preferences. We also collect data about your use of the Service, such as features you use and the time, frequency and duration of your activities.
Invoice and Document Data: Content you input or upload to the Service, such as invoices or documents generated through the platform. This may include information about your customers or business partners (e.g. names, addresses, email addresses, and invoice details). Important: If you input personal data about third parties (for example, invoice recipients), you are responsible for ensuring you have the legal right to do so. We treat such data as confidential and process it only to provide our Service to you (see Section 5).
Payment Information: If you subscribe to a paid tier, payment details (such as credit card information or other payment data) are collected via our third-party payment processor (Stripe). BePaid does not store your full payment card details on our servers; that information is handled securely by Stripe. We may retain transaction records (e.g. the last four digits of your card, payment dates, and amounts) for billing history.
Technical Data: When you use BePaid.ch, our systems and third-party analytics services collect certain technical data automatically. This includes your IP address, browser type, device information, operating system, unique device identifiers, and cookie identifiers. We also log information about how you arrived at our site (e.g. referral URLs) and how you interact with our Service (such as pages viewed, links clicked).
Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your interaction with our website. This can include your preferences and browsing behavior on our site. (See Section 8 below, Cookies and Tracking Technologies, for more details.)
Communications: If you contact us (for example, through a contact form or support request) or subscribe to our newsletter/updates, we will collect the information you provide (such as your name, email address, and the content of your message). We may also keep records of our correspondence with you.
We do not intentionally collect any sensitive personal data (such as information about health, religious beliefs, etc.) through BePaid.ch. We ask that you do not provide this type of information on the platform.
We collect personal data in the following ways:
Directly from You: Most information is provided directly by you. For example, you provide personal data when registering an account, filling out profile or organization details, creating invoices, or contacting support.
Through Your Use of the Service: We automatically collect technical and usage data as you interact with our website and app (via cookies, server logs, and other similar technologies). This includes analytical information gathered as you navigate and use features.
Third-Party Services: We receive certain data from third-party services that we integrate with. For instance, when you make a payment, our payment processor provides us with confirmation of payment and basic details (but not your full card number). Similarly, our user authentication provider and analytics providers may collect data and share insights with us as described below in Section 6.
Cookies and Tracking Tech: As mentioned, our site uses cookies and tracking technologies (managed by us or by our service providers) to gather information automatically. This helps with things like keeping you logged in, remembering preferences, and analyzing usage patterns.
We process your personal data only for specific and legitimate purposes. In accordance with Swiss law (and aligning with principles similar to the EU GDPR), our primary purposes and legal grounds for processing are:
Providing and Operating the Service: We use account, profile, and invoice data to create and maintain your user account, allow you to create and manage invoices or documents, and to generally perform the contract with you (Article 6(1)(b) GDPR-equivalent principle for contract performance). This includes enabling core features of the SaaS platform, authenticating you when you log in, and saving your work.
Payment Processing: We use your payment information to process subscription fees for paid tiers. This is necessary to provide the paid services you request. Payment data is handled via Stripe under strict security, and processing is based on fulfilling our contract with you for paid services.
Communication: We process your contact information to send transactional communications (e.g. verification emails, password reset links, invoices or billing notices, important service announcements). We may also send you informational or promotional emails about new features or updates if you have opted-in or if it’s within our legitimate interest to inform existing customers about our services. You can unsubscribe from marketing emails at any time.
Service Improvements and Analytics: We use usage data, cookies, and analytics to understand how our Service is used and to improve its functionality and user experience. The legal basis for this is our legitimate interest in developing and enhancing our services. We ensure that any analytics data is processed in a privacy-friendly manner (for example, by anonymizing IP addresses where possible) and in compliance with applicable law.
Security and Fraud Prevention: We may process data (such as IP addresses and account activity) to monitor for suspicious or fraudulent activity and to maintain the security of our platform, users, and systems. This processing is based on our legitimate interests in protecting our Service and compliance with legal obligations to safeguard data.
Legal Compliance: We process personal data as required to comply with Swiss law and other applicable laws – for example, retaining certain transaction records for accounting and tax purposes, or responding to lawful requests by authorities.
Marketing and Future Development: With your consent (where required), we might use your contact information to send newsletters or special offers. Additionally, we may use aggregated anonymous data derived from personal data to analyze business metrics, improve our marketing strategies, or develop new services. In the future, we reserve the right to use or share anonymized, aggregated data (data that cannot identify you personally) for business purposes, which may include industry benchmarking, research, or even resale of such anonymized data. Any such activity will not involve disclosing your identity or personal details.
Note: Where we rely on your consent (for example, for optional cookies or marketing communications), you have the right to withdraw consent at any time. If we process your data based on legitimate interests, we have balanced those interests against your data protection rights to ensure no undue impact on your privacy. If you have questions about the legal basis of specific processing activities, feel free to contact us.
We treat your personal data with care and confidentiality. We do not sell your personal data to third parties for their own marketing. However, we do share certain data with trusted third-party service providers and partners who help us operate our Service. These third parties process data only on our instructions and for the purposes described in this Policy. The key third-party services we use and the data they handle include:
Stripe (Payment Processing): We use Stripe to handle subscription payments by credit card or other methods. When you enter payment information, that data is transmitted directly to Stripe. Stripe processes your payment details (such as card number, billing name and address, email, and payment amount) to charge your chosen payment method. We receive confirmation of payment and basic details (such as a transaction ID, card type, and last four digits) for record-keeping. Stripe may act as an independent data controller for some processing (e.g., anti-fraud checks). For details, see Stripe’s privacy policy on how they safeguard your information.
Clerk (Authentication and User Management): Our platform uses Clerk for user account authentication and management. Clerk handles data such as your email address, password (encrypted), and authentication tokens to securely manage logins and sessions. This service may set cookies or store identifiers in your browser to keep you logged in. Clerk processes your information only to enable secure login/signup and manage user accounts on our behalf.
Google Analytics (Website Analytics): We utilize Google Analytics to collect information about how visitors use our website. Google Analytics uses cookies and similar technologies to gather data like your IP address (anonymized where possible), device information, and browsing actions on BePaid.ch. This helps us analyze website traffic and usage patterns. The information generated will be transmitted to and stored by Google (which may be on servers outside Switzerland, e.g., in the EU or the United States). We have configured Google Analytics in compliance with privacy best practices (such as IP anonymization) and do not allow Google to use the analytics data for their own purposes beyond providing us the analytics service. You can opt out of Google Analytics as described in Section 8 (Cookies & Tracking).
Vercel Analytics (Platform Analytics): Our website is hosted on Vercel, which provides built-in analytics regarding site performance and usage. This may involve collecting data similar to web analytics (page requests, geolocation based on IP, etc.). Vercel processes such data to help us monitor uptime, performance, and user experience.
Statsig (Feature Analytics and A/B Testing): We use Statsig to roll out features and perform A/B testing or feature gating. Statsig may collect certain usage events and a pseudonymous user identifier to determine which feature variant you experience and to analyze results. This helps us improve the Service by testing new functionalities. Statsig is a third-party that processes data on our behalf solely for product analytics/improvement.
Brevo (Email Delivery & Marketing): Brevo (formerly Sendinblue) is our email service provider for sending out emails such as account verification emails, password resets, notification emails, and any newsletters or marketing communications. We share your email address and name (as needed) with Brevo to deliver these messages. If you unsubscribe from marketing emails, we will mark your email address in Brevo to not receive those communications. Brevo stores email data on servers (primarily in the EU) and is obligated to protect it under strict confidentiality.
Hosting and Storage (AWS): All our application data, including the information you input and files generated (like invoice PDFs), is stored on secure servers provided by Amazon Web Services (AWS) located within the European Union (primarily in data centers within the EU region). AWS acts as a data processor storing and safeguarding the data under our instructions. AWS implements industry-standard security measures to protect stored data.
Other Service Providers: In addition to the above, we may use other tools or services to help run BePaid (for example, analytics or error tracking tools, customer support systems, etc.). We will update this Privacy Policy if we add any significant new data processors. All third-party providers are carefully vetted to ensure they have appropriate data protection measures in place. They are only given access to the data necessary for their function and are contractually obligated to process personal data in compliance with applicable privacy laws and this Policy.
Legal Requirements and Business Transfers: In certain situations, we may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government request). Additionally, if BePaid Sàrl is involved in a merger, acquisition, sale of assets, or other business transaction, personal data may be transferred to the successor or acquiring entity as part of that transaction under the duty of confidentiality and continued protection consistent with this Policy.
We do not share your personal data with third parties for purposes other than those outlined above without your consent.
Storage Location: Your data is primarily stored in secure data centers within the European Union (EU). In particular, our main databases and file storage reside on AWS servers in the EU. Storing data in the EU ensures that it is protected under standards comparable to Swiss data protection law (the EU is recognized by Swiss authorities as providing an adequate level of data protection). All data at rest in our databases is protected by encryption and other security measures.
International Transfers: While we aim to store and process data in Switzerland or the EU, some of our third-party service providers may process data in other countries. Notably, certain providers (like Google Analytics, Stripe, Statsig, Clerk) may transfer or access personal data in the United States or other jurisdictions outside Switzerland/EU. When personal data is transferred outside of Switzerland or the EU, we take steps to ensure it remains protected:
We only transfer data to countries that have been officially recognized as providing an adequate level of data protection or implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the Swiss authorities or EU Commission, combined with additional security measures as needed.
For example, for data sent to the United States (a country that may not have adequate data protection laws per Swiss/EU standards), we rely on SCCs in our contracts with those service providers and ensure that additional technical measures (like encryption in transit and at rest) are in place.
Our service providers are obligated to handle personal data in compliance with applicable privacy laws and to provide appropriate protections no matter where the data is processed.
You can contact us if you have questions about the specific safeguards in place for exporting your personal data to a third country.
Data Security: We take data security very seriously. We implement technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption of data in transit (our website is served over HTTPS/TLS, meaning data exchanged between your browser and our servers is encrypted).
Encryption of sensitive data at rest where applicable (for example, passwords are hashed and stored securely via our authentication provider; any payment details are handled by Stripe using their security protocols).
Firewalls and access controls to restrict access to databases and servers. Only authorized personnel and service providers with a need-to-know are permitted access to personal data, and they are bound by confidentiality.
Regular backups of data to protect against accidental loss and to aid in recovery in case of system failure. (We maintain backups to ensure availability and integrity of data in case of IT issues, but note that this is a precautionary measure and not a guarantee against all data loss.)
Monitoring and alert systems to detect potential security breaches or anomalies in system access. We also ensure our team is trained in data protection best practices.
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your data. However, in the unlikely event of a data breach that affects your personal data, we will follow applicable laws to inform you and the authorities of the incident and mitigate any impact.
What Are Cookies? Cookies are small text files stored on your device when you visit a website. They allow the website or third-party services to recognize your browser and remember information about your visit (such as your preferences or login status). Similar technologies include web beacons, pixels, and local storage.
How We Use Cookies: BePaid.ch uses cookies and similar technologies for several purposes:
Essential Cookies: These are necessary for the website to function properly. For example, when you log in, we use a session cookie to keep you logged in as you navigate between pages. Without these cookies, some features (like account login or secure areas) would not work.
Preference Cookies: We may use cookies to remember your preferences and settings, such as language preferences or other customizations, so you have a smoother experience on return visits.
Analytics Cookies: We use cookies from third parties like Google Analytics, Vercel Analytics, and Statsig to collect information about how users interact with our site (e.g., which pages are visited, for how long, and any errors encountered). This helps us improve the Service and understand user needs. These analytics cookies gather information in an aggregated form and generally do not identify you by name. For example, Google Analytics cookies may track how you navigated to our site and your browsing actions, but Google Analytics provides us this data in anonymized reports.
Marketing and Communication Cookies: If we run any marketing campaigns or use third-party tools to manage newsletters, cookies or pixels may be used to measure campaign effectiveness (for instance, to see if you opened an email or clicked a link). Currently, our primary use of cookies is for functionality and analytics; we do not heavily rely on advertising cookies. If that changes, we will update our policy and obtain any necessary consents.
Third-Party Cookies: Some cookies are placed by third-party services that we use. For example:
Google Analytics may set cookies (_ga, _gid, etc.) to recognize your browser and analyze usage.
Clerk (authentication) may set a cookie to manage your session securely.
Vercel Analytics may set cookies or use your browser’s local storage for performance tracking.
Brevo may use a tracking pixel in emails to help us know if an email was opened (only if you subscribed to communications).
We do not allow third parties to collect personal data from your device for their own advertising purposes on our site, but these providers may collect certain technical information about you to provide their services (subject to their privacy policies).
Cookie Consent and Opt-Out: By using our site, you are informed about our use of cookies. On your first visit, you may see a cookie notice or banner seeking your consent for non-essential cookies (especially if required by law). You can manage or delete cookies at any time through your browser settings. For example, you can usually set your browser to refuse all or some cookies, or to prompt you before accepting. However, please note that if you disable certain cookies, parts of our Service (especially login and core features) may not function properly.
For Google Analytics specifically, you can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on in your browser, which prevents Google Analytics from collecting information on websites you visit.
Our use of cookies is intended to be compliant with applicable laws. If you have any questions about cookie usage, you can contact us for more information.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to meet legal and business requirements. Retention periods will vary depending on the type of data and the purpose:
Account Data: We keep your account information (like your name, email, profile info, and organization data) for as long as your account remains active. If you decide to close your account, we will delete or anonymize your personal data within a reasonable time after the account is closed. (We may retain minimal information such as your email or transaction history if needed for our internal records, to resolve disputes, or to comply with legal obligations – but we will either delete or irreversibly anonymize such data wherever possible.)
Invoices and Documents: The content you generate (invoices, records) is stored on your behalf. You have control: you may delete specific invoices or data through your account interface. If you delete data, it will no longer be accessible to you via the Service. However, deleted data may persist in our backups for a short period before being permanently purged. We generally refresh backups regularly and do not keep old data beyond what is necessary for backup rotation.
Payment and Transaction Records: We keep payment transaction records and related billing information as long as required by Swiss accounting and tax laws. Typically, Swiss law may require retaining such records for 10 years. This means that even if you delete your account, we might retain invoice receipts or payment logs that constitute financial records, but we will not retain more personal information than needed in those records.
Analytics Data: Analytics and log data is usually aggregated or anonymized, but raw logs might be kept for a short period for troubleshooting and security (typically a few weeks to a few months). Aggregated analytics reports do not identify individuals and may be kept longer for historical analysis.
Communications: If you contacted support or gave feedback, we may retain those communications for a period to ensure we have a history of your request and our response, especially if it’s a recurring issue. Support tickets and email communications might be retained for a couple of years, unless you request deletion of a particular conversation and we have no overriding interest to keep it.
Once the retention period expires or the purpose for processing has been achieved, we will either securely delete or anonymize your personal data. If complete deletion is not immediately feasible (for example, if data is stored in long-term backups), we will ensure the data remains safely stored and not used for any other purpose until deletion is possible.
Under Swiss data protection law (and closely aligned principles of the EU GDPR), you have certain rights regarding your personal data. We are committed to respecting your rights and have processes in place to help you exercise them. Your rights include:
Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data we hold about you. We will provide you with relevant information, such as the categories of data, purposes of processing, and the recipients or categories of recipients with whom the data is shared.
Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. You can also update most of your basic account information directly by logging into your BePaid account and editing your profile.
Right to Deletion (Right to be Forgotten): You may request that we delete your personal data. For example, you can delete certain data via your account (like removing an invoice or deleting your account entirely). We will comply with deletion requests provided we do not have a legitimate reason to retain the data (such as a legal obligation or a compelling business need as allowed by law). We will also instruct our processors to delete your data, where applicable.
Right to Data Portability: You have the right to receive personal data that you have provided to us in a structured, commonly used, machine-readable format, and to request that we transfer that data to another service provider where technically feasible. For example, you might ask for an export of your invoice data. Note that this right applies to personal data processed by automated means and where processing is based on your consent or necessary for a contract.
Right to Object to Processing: You have the right to object to certain processing of your data, particularly where we rely on “legitimate interests” as our legal basis. If you object, we will consider your request and will stop or limit processing unless we have overriding legitimate grounds to continue or the processing is necessary for legal claims. You also have an unconditional right to object to your personal data being used for direct marketing purposes – if you object, we will stop using your data for that purpose immediately.
Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive a newsletter, you can unsubscribe via the link in the email or by contacting us, and we will stop sending it. Withdrawal of consent does not affect the lawfulness of processing that occurred before you withdrew consent.
Right to Information: You have the right to be informed about how your data is being processed at the time of collection (which is the purpose of this Privacy Policy). We strive to provide all required information transparently herein.
Right to Lodge a Complaint: If you believe we have processed your personal data unlawfully or have violated your rights, you have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland. The FDPIC is the Swiss supervisory authority for data protection (website: https://www.edoeb.admin.ch). We would, however, appreciate the chance to address your concerns directly before you approach the FDPIC, so we encourage you to contact us first with any complaint.
How to Exercise Your Rights: You can exercise most of your rights by contacting us using the contact information in Section 2 or through the designated contact form on our website. For certain requests (access, portability, extensive deletion requests), we may need to verify your identity to ensure we don’t disclose data to the wrong person. We will respond to your requests as soon as possible and at latest within the timeframe required by law. In general, we will not charge a fee for handling a request, unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request (we will explain our reasoning in such case).
We may update or change this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by prominently posting a notice on our website or by sending an email to registered users. The “Last Updated” date at the top of this Policy indicates when the latest changes were made. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.
If we make changes that materially affect how your personal data is processed, we will obtain re-consent if required by law. Your continued use of BePaid.ch after the effective date of an updated Privacy Policy will signify your acceptance of the revised terms (to the extent permitted by law).
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
BePaid Sàrl
c/o DM Fiduciaire Sàrl
Rue des Jordils 40
1025 St-Sulpice
Switzerland
Website contact form: https://www.bepaid.ch/en/contact (or navigate to the "Contact Us" page on our site)
We will be happy to assist you and address any questions or issues you may have regarding privacy or data protection.