Privacy Policy
Idea2Create AG ("Idea2Create," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Swiss Federal Act on Data Protection (FADP/DSG) and the EU General Data Protection Regulation (GDPR).
Last updated: January 2026 · Effective date: January 2026
1. Data Controller
The data controller responsible for processing your personal data is:
Idea2Create AG
Bahnhofstrasse 100
8001 Zurich, Switzerland
Commercial Register: CHE-XXX.XXX.XXX
Data Protection Officer: privacy@idea2create.com
Phone: +41 44 XXX XX XX
2. Data We Collect
2.1 Information You Provide Directly
When you use our platform, we collect information you voluntarily provide:
| Category | Data Types | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed), profile photo | Account creation and authentication |
| Profile Information | Phone number, date of birth, country, organization name | Profile personalization and verification |
| Payment Information | Payment method details, billing address, transaction history | Processing payments and refunds |
| Content Data | Ideas, descriptions, images, documents you submit | Providing marketplace services |
| Communication Data | Support requests, feedback, correspondence | Customer support and service improvement |
2.2 Information Collected Automatically
When you access our platform, we automatically collect:
- Device Information: IP address, browser type and version, operating system, device identifiers
- Usage Information: Pages visited, features used, time spent, click patterns, search queries
- Location Information: Country and city based on IP address (not precise geolocation)
- Log Data: Access times, error logs, referring URLs
2.3 Information from Third Parties
We may receive information from:
- Authentication Providers: When you sign in with Google, we receive your name, email, and profile picture
- Payment Processors: Stripe provides transaction confirmations and fraud prevention data
- Analytics Services: Aggregated usage statistics and performance metrics
2.4 Special Categories of Data
We do not intentionally collect special categories of personal data (sensitive data) as defined by Art. 5 lit. c FADP and Art. 9 GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds under Swiss law (FADP) and GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Account management and authentication | Contract performance (Art. 6(1)(b) GDPR) |
| Processing transactions and payments | Contract performance (Art. 6(1)(b) GDPR) |
| Sending service-related communications | Contract performance / Legitimate interest |
| Marketing communications (with consent) | Consent (Art. 6(1)(a) GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f) GDPR) |
| Legal compliance (tax, anti-money laundering) | Legal obligation (Art. 6(1)(c) GDPR) |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f) GDPR) |
4. How We Use Your Data
4.1 Primary Purposes
- Creating and managing your user account
- Enabling you to create, publish, browse, and purchase Ideas
- Processing payments and maintaining transaction records
- Providing customer support and responding to inquiries
- Sending service notifications (transaction confirmations, security alerts)
- Enforcing our Terms of Service and preventing fraud
4.2 Secondary Purposes
- Improving and optimizing our platform and services
- Conducting analytics and research
- Developing new features and services
- Sending marketing communications (only with your consent)
- Personalizing your experience on the platform
4.3 AI Processing
We use artificial intelligence to analyze submitted Ideas and provide valuations. This involves:
- Automated analysis of Idea content for quality assessment
- Generation of AI-powered insights and recommendations
- Content moderation and compliance checking
No automated decisions with legal or similarly significant effects are made solely based on AI processing. Human review is always available upon request.
5. Data Sharing and Disclosure
5.1 Categories of Recipients
We may share your personal data with:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA (Standard Contractual Clauses) |
| Amazon Web Services | Cloud hosting and storage | EU (Frankfurt) |
| OpenAI | AI-powered analysis | USA (Standard Contractual Clauses) |
| Google (Analytics) | Usage analytics | USA (Standard Contractual Clauses) |
| Vercel | Platform hosting | USA (Standard Contractual Clauses) |
5.2 Legal Disclosures
We may disclose your data when required by law or to:
- Comply with legal obligations, court orders, or government requests
- Protect the rights, property, or safety of Idea2Create, users, or the public
- Detect, prevent, or address fraud, security issues, or technical problems
- Enforce our Terms of Service
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA). We ensure appropriate safeguards are in place:
- Adequacy Decisions: Transfers to countries with adequate data protection (per FDPIC/EU Commission)
- Standard Contractual Clauses: EU-approved contractual provisions for US-based processors
- Binding Corporate Rules: Where applicable for multinational processors
You may request a copy of the safeguards used by contacting privacy@idea2create.com.
7. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 2 years | Contract and legitimate interest |
| Transaction records | 10 years from transaction date | Swiss tax law (Art. 958f CO) |
| Payment data | 10 years from transaction date | Swiss tax and accounting law |
| Support communications | 5 years from resolution | Legitimate interest |
| Usage logs | 12 months | Security and legitimate interest |
| Marketing consent records | Duration of consent + 3 years | Legal compliance |
After the retention period expires, data is securely deleted or anonymized for statistical purposes.
8. Your Rights
Under Swiss data protection law (FADP) and GDPR, you have the following rights:
8.1 Right of Access (Art. 25 FADP, Art. 15 GDPR)
You have the right to request confirmation of whether we process your personal data and to receive a copy of that data.
8.2 Right to Rectification (Art. 32 FADP, Art. 16 GDPR)
You have the right to request correction of inaccurate personal data and completion of incomplete data.
8.3 Right to Erasure (Art. 32 FADP, Art. 17 GDPR)
You have the right to request deletion of your personal data when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- The data has been unlawfully processed
This right may be limited by legal retention obligations.
8.4 Right to Restriction (Art. 18 GDPR)
You may request restriction of processing in certain circumstances, such as while we verify the accuracy of your data.
8.5 Right to Data Portability (Art. 28 FADP, Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and to transmit it to another controller.
8.6 Right to Object (Art. 21 GDPR)
You have the right to object to processing based on legitimate interests, including profiling and direct marketing.
8.7 Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
8.8 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@idea2create.com. We will respond within 30 days (or 90 days for complex requests). We may need to verify your identity before processing your request.
8.9 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — https://www.edoeb.admin.ch
- EU: The supervisory authority in your country of residence
9. Cookies and Tracking Technologies
9.1 Types of Cookies
We use the following types of cookies:
| Category | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 1 year |
| Functional | Preferences, language settings, theme | 1 year |
| Analytics | Usage statistics, performance monitoring | 2 years |
9.2 Cookie Consent
Essential cookies do not require consent as they are strictly necessary for the platform to function. For non-essential cookies (analytics, marketing), we obtain your consent through our cookie banner.
9.3 Managing Cookies
You can manage cookies through your browser settings or our cookie preferences center. Disabling certain cookies may affect platform functionality.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication for staff
- Infrastructure: SOC 2 Type II certified cloud providers
- Monitoring: Continuous security monitoring and intrusion detection
- Training: Regular data protection training for employees
- Incident Response: Documented breach notification procedures
11. Children's Privacy
Our platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email and/or notice on our platform at least 30 days before taking effect. The "Last updated" date at the top indicates the most recent revision.
13. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
Data Protection Officer
Idea2Create AG
Bahnhofstrasse 100
8001 Zurich, Switzerland
Email: privacy@idea2create.com
Phone: +41 44 XXX XX XX
We aim to respond to all inquiries within 10 business days.