Privacy Policy

Last updated: December 2025

At FAVORO, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

Quick Summary

  • We only collect data necessary to provide the service
  • Your data is stored securely in the EU (Germany)
  • We do not sell your data to third parties
  • You can export or delete your data at any time
  • We use privacy-focused analytics (no cookies)

Data Controller

The data controller responsible for processing your personal data is:

andworks GmbH Bruggerstrasse 69 5400 Baden Switzerland

Email: hallo@andworks.ch

For privacy-related inquiries, please contact us at the email address above.

What Data We Collect

Account Information

When you create an account, we collect:

  • Your name
  • Your email address
  • Whether you've verified your email
  • Your marketing communication preferences

Legal basis: Contractual necessity (Art. 6(1)(b) GDPR) - required to provide the service.

Your Bookmarks

We store the bookmarks you create, including:

  • Areas (your bookmark categories)
  • Sections within those areas
  • Links (the URLs and labels you save)

Legal basis: Contractual necessity (Art. 6(1)(b) GDPR) - this is the core service you use.

Session Data

To keep your account secure, we store:

  • Your IP address when you log in
  • Your browser information (user agent)
  • When you last accessed your account

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - necessary for security and fraud prevention.

Login Codes

We send one-time codes to your email for passwordless login. These codes expire after 2 minutes and are not stored permanently.

Legal basis: Contractual necessity (Art. 6(1)(b) GDPR) - required for authentication.

How We Use Your Data

To Provide the Service

  • We use your email to send login codes so you can access your account
  • We store your bookmarks so you can access them from any browser
  • We track your session to keep you logged in securely

To Improve the Service

  • We use anonymized analytics to understand how people use FAVORO
  • We may use aggregate data to identify and fix issues

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - improving service quality.

Marketing (Only with Your Permission)

  • If you opt in, we may send you updates about new features
  • You can change this preference at any time in your settings

Legal basis: Consent (Art. 6(1)(a) GDPR) - only with your explicit permission.

How We Protect Your Data

Security Measures

  • All connections use HTTPS encryption
  • Passwords are never stored (we use secure one-time codes)
  • Your session data is stored securely
  • Backups are encrypted and performed twice daily

Data Storage Location

Your data is stored on secure servers in Falkenstein, Germany (EU), hosted by Hetzner Online GmbH. All data processing occurs within the European Union, ensuring full GDPR compliance.

Data Retention

Account Data

  • While active: We keep your data for as long as you have an account with us.
  • After deletion: When you delete your account, all your data is permanently removed within 30 days.

Session Data

  • Session lifetime: 2 hours of inactivity
  • Expired sessions are automatically cleaned up

Login Codes

  • Valid for 2 minutes only
  • Automatically deleted after use or expiration

Export Files

  • Available for download for 24 hours
  • Automatically deleted after expiration

Backups

  • All backups retained for 7 days
  • Daily backups retained for 30 days
  • Weekly backups retained for 8 weeks
  • Monthly backups retained for 4 months

Third-Party Services

We use a small number of trusted services, all of which process data within the EU or under appropriate safeguards:

Fathom Analytics (EU)

We use Fathom for website analytics. Fathom is privacy-focused:

  • No cookies
  • No personal data collected
  • GDPR compliant
  • Your browsing is not tracked across sites
  • Data processed in EU isolation mode

Email Delivery - Mailgun (EU Region)

We use Mailgun to send login codes to your email.

  • Only your email address is shared
  • Processed in the EU region
  • Used solely for delivering transactional messages

Marketing Emails - Mailcoach (SaaS)

If you opt in to marketing communications, we use Mailcoach to send updates.

  • You can unsubscribe at any time
  • Only used if you give explicit consent

International Data Transfers

Your data is primarily processed within the European Union (Germany). We do not transfer your personal data outside of Switzerland and the EU/EEA except:

  • When using third-party services listed above, all configured to use EU regions
  • If transfer is necessary, appropriate safeguards (Standard Contractual Clauses) are in place

Your Rights

Under GDPR and the Swiss Federal Act on Data Protection (FADP), you have the following rights:

Access Your Data

You can see all the data we store about you in your account settings.

Export Your Data

You can export all your bookmarks at any time from your settings. Exports are available for 24 hours and include all your areas, sections, and links.

Rectify Your Data

You can update your personal information at any time in your settings.

Delete Your Data

You can delete your account at any time. When you do:

  • All your bookmarks are permanently removed
  • Your personal information is deleted
  • This action cannot be undone

Object to Processing

You have the right to object to processing based on legitimate interests.

Data Portability

You can request your data in a machine-readable format (CSV export is available in settings).

Withdraw Consent

Where processing is based on consent (e.g., marketing emails), you can withdraw consent at any time.

Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). For EU residents, contact your local data protection authority.

To exercise any of these rights, contact us at hallo@andworks.ch.

Cookies

What We Use

  • Session cookies only: Required to keep you logged in
  • No advertising cookies: We don't show ads
  • No third-party tracking cookies: Fathom Analytics doesn't use cookies

Cookie Details

Cookie Purpose Duration
favoro_session Authentication 2 hours
XSRF-TOKEN Security (CSRF protection) 2 hours

Children's Privacy

FAVORO is not intended for children under 16. We do not knowingly collect data from children.

If we discover that we have collected personal data from a child under 16 without parental consent, we will:

  • Delete the data immediately
  • Terminate the associated account

If you believe a child under 16 has provided us with personal data, please contact us at hallo@andworks.ch.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • If the breach poses a high risk to you, we will notify you directly as soon as reasonably possible
  • We will document all breaches and our response actions

Changes to This Policy

If we make significant changes to this policy, we will notify you via email or through a notice in the application at least 30 days before the changes take effect.

Contact Us

If you have questions about your privacy or this policy, contact us at:

andworks GmbH Bruggerstrasse 69 5400 Baden Switzerland

Email: hallo@andworks.ch

This privacy policy is written in plain language to help you understand how we handle your data. We believe in transparency and keeping things simple.