Privacy Policy
How cobank handles personal data under the revised Swiss Federal Act on Data Protection (revFADP) and the EU General Data Protection Regulation (GDPR).
This page summarises how cobank handles personal data today. We are finalising a fuller privacy notice; until it is published, this summary together with the sub-processor list describes our processing, and you can exercise any data-protection right via the contact below.
What cobank processes, in brief
cobank reads invoices and returns a verifiable emission figure. The personal data involved is limited to what that task and a paid account require:
- Account and authentication — name, email, and workspace membership, held with our database and auth provider in the EU.
- Billing — subscription and payment details, processed by our payment provider.
- Invoice processing — invoice images and text are passed to our OCR and language-model providers to extract line items. Two of these providers process data outside the EU; see the sub-processor list.
- Hosting and delivery — our hosting and content-delivery provider.
We also use Vercel's cookieless Web Analytics to measure aggregate traffic — it sets no cookies and stores no identifier on your device. The current list of providers, their purpose, the data categories, and the processing region is on the sub-processor page.
Contact
For access, correction, deletion, or any other data-protection request, write to: