Privacy policy

Last updated: 24/04/2026

  1. General policy

    CashCtrl Ltd. takes the security of your data very seriously. We treat your personal data strictly confidential and secure it with appropriate technical and organizational security measures.

    Usage of the CashCtrl website as well as the CashCtrl Forum is generally possible without divulging personal information. For the «CashCtrl» application you sign up with your e-mail address and the name of your organization. Whenever we receive personal information from you, we do so by asking you specifically, not behind your back.

    All data that you enter on our sites (including names, addresses, e-mail addresses, accounting data, etc.) is never passed on to third parties without your explicit permission.

    Please be aware that the secure transferral of your data on the internet (e.g. by e-mail communication or via your browser) is not completely in our control and can potentially be compromised by malicious actors (e.g. via viruses). We recommend that you adequately protect your computer against viruses and use strong passwords.

  2. Legal basis of data processing

    The processing of your data is done for the fulfillment of a contract, according to the FADP (Federal Act on Data Protection, Switzerland). The subject of this contract is the registration and usage of the web application «CashCtrl».

  3. Usage of the website and cookies

    You can visit our website and inform yourself about our offerings without divulging personal information. While you are browsing on our website, our server stores and keeps data that your browser automatically sends to us in so-called log files. They are:

    • Type of browser / browser version
    • Which operating system you use
    • Your preferred language
    • Referral URL (which website you are coming from)
    • Hostname and IP address of your computer
    • Date and time of the server request

    This information is used to optimize and improve our offerings, and to detect and protect ourselves from malicious actors. This data is analyzed anonymously without revealing personal information.   We use cookies and an analytics tool (Matomo: Open Source, anonymized and self-hosted in Switzerland) on our website to figure out how to improve our website. Cookies are small pieces of text that the website can store on your computer (which is explicitly authorized by your browser). Cookies cannot harm your computer or contain any viruses.

  4. Third-party email providers (Google, Microsoft, etc.)

    If a user explicitly connects their email account with CashCtrl in order to send emails through third-party email providers such as Google Gmail or Microsoft 365, CashCtrl may request access to certain account data via OAuth.

    CashCtrl only requests the permissions required to send emails on behalf of the user. CashCtrl does not access inbox contents, contacts, calendars, files, or other unrelated account data unless explicitly stated and authorized by the user.

    Data obtained from Google, Microsoft, or other third-party providers is used exclusively to provide the functionality explicitly requested by the user.

    CashCtrl does not use such data for advertising, profiling, analytics unrelated to service delivery, or resale.

    CashCtrl's use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

  5. Protection of third-party account data

    OAuth tokens and related credentials are stored securely and encrypted at rest.

    Data transmitted between users, CashCtrl, and third-party providers is encrypted using HTTPS/TLS.

    Access to such data is restricted to authorized systems and personnel only where necessary for technical support, maintenance, or security purposes.

    CashCtrl implements appropriate technical and organizational measures to protect such data against unauthorized access, disclosure, alteration, or destruction.

    CashCtrl does not sell third-party account data to third parties.

    CashCtrl does not share such data with third parties except where required to provide the service or comply with legal obligations.

  6. Retention and deletion of third-party account data

    OAuth credentials are stored only for as long as the user maintains an active connection between their account and CashCtrl.

    Users may revoke access at any time by:

    • removing the connection in their CashCtrl account settings, or
    • revoking CashCtrl's access directly through their third-party account settings.

    Once the connection is removed, stored OAuth tokens are deleted or permanently invalidated.

    If a user deletes their CashCtrl account, associated OAuth credentials are also deleted.

    Backup copies containing such data are automatically deleted according to standard backup retention policies.

  7. Contact

    If you have questions about this privacy policy or the protection of your data by CashCtrl Ltd. please contact:

    CashCtrl Ltd.
    Operating data security officer
    Pumpwerkstrasse 33
    4142 Münchenstein
    Switzerland
    E-Mail: privacy (at) cashctrl.com