Skip to content
ark.plan
Product How it works ark.suite Pricing
Request a quote
  • Product
  • How it works
  • ark.suite
  • Pricing
§ 04/06 // Legal [ARKPLAN-LEGAL-NLPD]

FADP Commitment

Last updated : 18 May 2026

  • / Last updated 18 May 2026
  • / Jurisdiction CH · Vaud
  • / Authoritative lang. French
  • / Reference ARKPLAN-LEGAL-NLPD

Last updated: 2026-05-18

1. Context — the 2023 revised FADP

The revised Swiss Federal Act on Data Protection (FADP, also "nLPD") entered into force on 1 September 2023. It replaces the 1992 FADP and strengthens the rights of data subjects as well as the obligations of controllers and processors. ark.plan has been designed from the outset to comply with this legal framework, even before opening its market to European customers subject to GDPR.

2. Why ark.plan is "FADP-first"

  • 100% Swiss hosting of application data at Infomaniak Network SA in Geneva.
  • Per-Instance isolation: each customer receives a dedicated Docker container and an isolated PostgreSQL database. No customer data is shared between Instances.
  • Encryption at rest for credentials and OAuth tokens in AES-256-GCM.
  • Application data stored exclusively in Switzerland: only the payment flow transits through Stripe Payments Europe Ltd. in Ireland (EU). Optional AI features, disableable at any time, involve a transfer of the relevant text to US subprocessors (Anthropic, OpenAI, Google) covered by Standard Contractual Clauses.
  • Cookieless analytics (self-hosted Umami), no third-party commercial tracker.

3. FADP obligations and our response

FADP articleObligationark.plan response
Art. 5Definitions (data, processing, profiling)Terminology used consistently across all our legal pages
Art. 6Principles: lawfulness, good faith, proportionality, purpose, accuracy, limited retentionPurposes and retention periods detailed in the Privacy Policy
Art. 8Data securityDocumented technical and organisational measures (DPA Annex A)
Art. 9Processing by a processorDPA annexed to the Terms, accepted upon subscription; public list of subprocessors
Art. 12Record of processing activitiesInternal record, not published, provided to the FDPIC upon request
Art. 16-17Cross-border disclosureApplication data in Switzerland; Stripe (EU) for payments; US AI subprocessors (Anthropic, OpenAI, Google) only if AI features enabled, covered by SCCs
Art. 19-21Duty to inform, automated decisionsCovered by the Privacy Policy; no automated decisions with legal effect
Art. 22Data protection impact assessment (DPIA)Carried out for CRM processing, available on motivated request
Art. 24Notification of data security breachesDocumented procedure, notification to the FDPIC within 72 hours
Art. 25Right of accessResponse within 30 days to our contact form
Art. 28Right to data portabilityCSV export available (other formats on the roadmap)
Art. 30Processing infringing personality rights, right to objectHandled by the privacy contact point
Art. 32Right to rectification and erasureResponse within 30 days, subject to accounting obligations
Art. 49Complaint to the FDPICContact details provided in the Privacy Policy

4. Cross-references

  • Privacy Policy — substantive information notices
  • Data Processing Agreement (DPA) — processing on behalf
  • Terms of Service — contractual framework

5. Data protection contact

our contact form — +41 78 448 60 02

In case of discrepancy between language versions, the French version prevails.

§ On this page

    ← Previous Cookie Policy
    [ All legal pages ]
    Next Data Processing Agreement (DPA) →
    ark.plan

    A scope tailored to your organisation.

    Tell us about your organisation and the features you need.

    Request a quote
    ark.plan

    Company

    ark.swiss Sàrl

    CHE-139.880.181

    Chemin de la Duchesne 13, 1806 St-Légier, Vaud, Suisse

    Hosted in Switzerland by Infomaniak.

    Contact

    • Contact form
    • [email protected]

    Legal links

    • Legal center
    • Terms
    • Privacy
    • Cookies
    • Legal notice
    • Data processing

    © 2026 ark.swiss Sàrl. All rights reserved.

    • 🇫🇷 Français
    • 🇬🇧 English [✓]
    • 🇩🇪 Deutsch