Privacy Policy

WAP Sàrl (hereinafter "we") operates the Bill Alps service. Protecting your personal data is a priority. This policy explains what data we collect, why and how we process it, in accordance with the Swiss Federal Act on Data Protection (nFADP) and the General Data Protection Regulation (GDPR) for our users in the EU/EEA.

Data controller

WAP Sàrl, Domdidier, Canton of Fribourg, Switzerland. Contact: info@bill-alps.ch.

Data collected

We collect the following data:

  • Account data: name, email address, password (hashed), provided during registration via Clerk (our authentication provider).
  • Billing data: information about your clients, invoices, amounts — required for the operation of the service.
  • Payment data: processed by Stripe. We do not store your credit card details.
  • Usage data: access logs, IP address, browser type — to ensure security and improve the service.
  • Cookies: technical cookies essential for the operation of the application (session, language preferences).

Purposes of processing

Your data is used to:

  • Provide, operate and improve the Bill Alps service.
  • Manage your account and authentication.
  • Process payments and subscriptions.
  • Send service-related notifications (reminders, confirmations).
  • Comply with our legal obligations.

Legal bases

Processing is based on: performance of the contract (provision of the service), your consent (registration), our legitimate interests (security, service improvement) and compliance with legal obligations.

Data sharing

We never sell your data. We work with the following processors:

  • Clerk — user authentication (United States, with standard contractual clauses).
  • Stripe — payment processing (United States, Privacy Shield certified).
  • Convex — backend database, hosted on AWS in Zurich, Switzerland.
  • OVH — website hosting (Gravelines, France).

International transfers

Some processors (Clerk, Stripe) are based in the United States. These transfers are governed by standard contractual clauses (SCCs) approved by the FDPIC and the European Commission, ensuring an adequate level of protection. Backend data is hosted in Switzerland (AWS Zurich) and the website in France (OVH Gravelines).

Data retention

Your data is retained as long as your account is active. If you delete your account, your personal data is deleted within 30 days, unless legal retention requirements apply (e.g. accounting data is retained for 10 years under Swiss law).

Your rights

Under the nFADP and GDPR, you have the following rights:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate data.
  • Right to erasure: request deletion of your data.
  • Right to data portability: receive your data in a standard format.
  • Right to object: object to processing in certain circumstances.
  • Right to withdraw your consent at any time.

Security

We implement appropriate technical and organisational measures to protect your data: encryption in transit (TLS) and at rest, strict access controls, regular backups and security monitoring.

Cookies

Bill Alps only uses technical cookies essential for the operation of the service (session management, language preferences). We do not use advertising or tracking cookies for marketing purposes.

Contact and complaints

For any questions regarding your personal data or to exercise your rights, contact us at info@bill-alps.ch. You may also file a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

Last updated: February 2026