Privacy Policy

melzerLabs

Gaissbergstrasse 2, CH-8280 Kreuzlingen

Effective: April 2026

1. Data Controller

Responsible for data processing:

melzerLabs

Gaissbergstrasse 2

CH-8280 Kreuzlingen

Switzerland

2. Scope

This Privacy Policy applies to the platform "LessonPlan" and describes the type, scope, and purpose of the collection and use of personal data.

Personal data is processed in accordance with the Swiss Federal Act on Data Protection (FADP/nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. Data Collected

3.1. Registration Data

First and last name
Email address
Password (stored encrypted)
Role (Student, Partner/Instructor)

3.2. Profile Data (Partners)

Teaching address and geolocation data
Profile description and photos
Calendar data (when Google Calendar integration is enabled)
Tax and business information (via Stripe Connect)

3.3. Usage Data

Booking data (times, duration, status)
Credit transactions
Page views and interactions

3.4. Payment Data

Stripe customer ID
Payment references and transaction data
Billing information (processed and stored by Stripe)

4. Purposes of Data Processing

Data is processed for the following purposes:

Providing and operating the Platform
Booking and payment processing
Communication (booking confirmations, cancellations, system notifications)
Partner onboarding and identity verification (KYC via Stripe)
Platform improvement and bug fixing
Compliance with statutory retention obligations

5. Legal Basis

Contract performance: Registration, booking, payment processing.
Legitimate interest: Platform security, fraud prevention, service improvement.
Consent: Optional features such as calendar integration, marketing communications.
Legal obligation: Tax record retention, AML/KYC compliance.

6. Data Sharing with Third Parties

Personal data is shared with the following third-party providers as necessary for Platform operation:

Provider	Purpose	Location
Google Firebase / Cloud	Hosting, database, authentication	EU/US
Stripe	Payment processing, Partner onboarding (KYC)	EU/US
Google Calendar API	Calendar synchronization (optional)	EU/US

Appropriate data processing agreements are in place with all processors.

7. International Data Transfers

Data may be transferred to countries outside Switzerland and the EU (notably the US). Protection is ensured through appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions).

8. Data Security

We implement appropriate technical and organizational measures to protect personal data:

Encrypted data transmission (TLS/HTTPS)
Encrypted storage of sensitive data
Access restrictions and role-based permissions
Regular security reviews

9. Retention and Deletion

Account data is retained as long as the account is active.
After account deletion, personal data is removed within 90 days, unless statutory retention obligations apply.
Accounting and tax records are retained for the legally required duration (in Switzerland: 10 years).

10. Cookies and Tracking

The Platform uses technically necessary cookies for authentication and session management. Analytical or marketing cookies are only used with explicit consent.

11. Rights of Data Subjects

You have the following rights:

Access: Information about what data is stored about you.
Rectification: Correction of inaccurate data.
Erasure: Deletion of your data, subject to statutory retention requirements.
Data portability: Provision of your data in a common format.
Objection: Against processing based on legitimate interests.
Withdrawal of consent: At any time, without affecting the lawfulness of prior processing.

Please direct requests to the address listed in Section 1.

12. Changes

This Privacy Policy may be updated at any time. Material changes will be communicated via email or in-app notification.

13. Contact

For privacy-related questions, contact:

melzerLabs

Gaissbergstrasse 2

CH-8280 Kreuzlingen

Switzerland