Roundwork AI
Sign in

Privacy Policy

Privacy Policy

Melzer Labs

Gaissbergstrasse 2, CH-8280 Kreuzlingen

Legal form: Sole proprietorship

UID: CHE-217.593.064

Commercial register: Canton of Thurgau

Effective: April 2026

1. Data Controller

Responsible for data processing:

Melzer Labs

Gaissbergstrasse 2

CH-8280 Kreuzlingen

Switzerland

Legal form: Sole proprietorship

UID: CHE-217.593.064

Commercial register: Canton of Thurgau

2. Scope

This Privacy Policy applies to the platform "LessonPlan" and describes the type, scope, and purpose of the collection and use of personal data.

Personal data is processed in accordance with the Swiss Federal Act on Data Protection (FADP/nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. Data Collected

3.1. Registration Data

  • First and last name
  • Email address
  • Password (stored encrypted)
  • Role (Student, Partner/Instructor)

3.2. Profile Data (Partners)

  • Teaching address and geolocation data
  • Profile description and photos
  • Calendar data (when Google Calendar integration is enabled)
  • Tax and business information (via Stripe Connect)

3.3. Usage Data

  • Booking data (times, duration, status)
  • Credit transactions
  • Page views and interactions

3.4. Payment Data

  • Stripe customer ID
  • Payment references and transaction data
  • Billing information (processed and stored by Stripe)

4. Purposes of Data Processing

Data is processed for the following purposes:

  • Providing and operating the Platform
  • Booking and payment processing
  • Communication (booking confirmations, cancellations, system notifications)
  • Partner onboarding and identity verification (KYC via Stripe)
  • Platform improvement and bug fixing
  • Compliance with statutory retention obligations

5. Legal Basis

  • Contract performance: Registration, booking, payment processing.
  • Legitimate interest: Platform security, fraud prevention, service improvement.
  • Consent: Optional features such as calendar integration, marketing communications.
  • Legal obligation: Tax record retention, AML/KYC compliance.

6. Data Sharing with Third Parties

Personal data is shared with the following third-party providers as necessary for Platform operation:

ProviderPurposeLocation
Google Firebase / CloudHosting, database, authentication, analytics (with consent)EU/US
Google Firebase App Hosting (Google Cloud CDN)Edge caching and delivery of the web applicationEU/US
StripePayment processing, Partner onboarding (KYC)EU/US
Google Calendar APICalendar synchronization (optional; requires separate OAuth consent)EU/US
Google Maps / Geocoding / Places APIAddress autocomplete and geocoding for instructor locations (server-to-server only)EU/US
Google Gemini AIAI-assisted page building and instructor setup features; instructor profile content (names, descriptions) may be sent for processingEU/US
OpenStreetMap Foundation (tile.openstreetmap.org)Map tile delivery when a visitor displays the instructor discovery map. Your IP address and browser user-agent are transmitted to the OSMF for the purpose of serving the tiles.UK / global CDN
jsDelivr (Cloudflare, Fastly)CDN for third-party stylesheets and scripts (Bootstrap) loaded inside published instructor pages. Your IP address and the requested URL are transmitted to the CDN provider.Global

Appropriate data processing agreements are in place with processors we engage directly (Google, Stripe). OpenStreetMap and jsDelivr are content delivery networks that receive connection metadata (IP, user-agent) when your browser fetches map tiles or third-party script/stylesheet assets; no personal account information is sent to them by us.

7. International Data Transfers

Data may be transferred to countries outside Switzerland and the EU (notably the US). Protection is ensured through appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions).

8. Data Security

We implement appropriate technical and organizational measures to protect personal data:

  • Encrypted data transmission (TLS/HTTPS)
  • Encrypted storage of sensitive data
  • Access restrictions and role-based permissions
  • Regular security reviews

9. Retention and Deletion

  • Account data is retained as long as the account is active.
  • Upon account deletion, personal data is removed immediately. Financial records required by tax law are retained for the legally mandated retention period (in Switzerland: up to 10 years) with personal identifiers minimized.
  • Transactional email records are deleted as part of account deletion.

10. Cookies and Tracking

The Platform uses technically necessary cookies for authentication and session management. Analytical cookies (Firebase Analytics) are only activated after the user provides explicit consent via the cookie consent banner displayed on first visit. No tracking occurs before consent is given. Consent preferences are stored locally and can be changed at any time.

11. Rights of Data Subjects

You have the following rights:

  • Access: Information about what data is stored about you.
  • Rectification: Correction of inaccurate data.
  • Erasure: Deletion of your data, subject to statutory retention requirements.
  • Data portability: Provision of your data in a common format.
  • Objection: Against processing based on legitimate interests.
  • Withdrawal of consent: At any time, without affecting the lawfulness of prior processing.

Please direct requests to the address listed in Section 1.

12. Changes

This Privacy Policy may be updated at any time. Material changes will be communicated via email or in-app notification.

13. Contact

For privacy-related questions, contact:

Melzer Labs

Gaissbergstrasse 2

CH-8280 Kreuzlingen

Switzerland

Legal form: Sole proprietorship

UID: CHE-217.593.064

Commercial register: Canton of Thurgau