Privacy Policy

Who We Are

Magic Heidi is operated by Nathan Ganser, sole proprietor, based in Switzerland.

Contact for privacy matters:

• Email: hello@magicheidi.ch
• Website: https://magicheidi.ch

For complaints, you may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) at https://www.edoeb.admin.ch.

Where This Policy Applies

This Privacy Policy covers:

• The Magic Heidi mobile application (iOS and Android)
• The Magic Heidi desktop application (Mac and Windows)
• The Magic Heidi web application
• Our website at https://magicheidi.ch

By accessing the app, you accept our Terms of Service and this Privacy Policy. You cannot use Magic Heidi without accepting both.

Information Collected Automatically

Usage data:

• App features you use
• Error logs and crash reports
• Device type and operating system

We do not collect:

• Location data
• Contact lists
• Photos (unless you upload receipts)
• Browsing history

How We Use Your Data

We use your information for these specific purposes:

To Provide Our Services

• Generate legally compliant invoices
• Sync your data across devices
• Process your payments and subscriptions
• Send invoices and reminders to your clients

To Improve Magic Heidi

• Fix bugs and technical issues
• Understand which features need improvement
• Test new functionality

To Communicate With You

• Respond to support requests
• Send important product updates
• Share tips for using the app (only if you opt in)

Legal Basis for Processing

Under Swiss law and GDPR, we process your data based on:

• Contract: We need your data to provide the service you signed up for
• Consent: For optional communications, you choose to opt in
• Legitimate interest: For security, fraud prevention, and service improvement

All third-party providers have signed Data Processing Agreements (DPAs) with us and must comply with applicable data protection laws.

International Data Transfers

Some of our third-party providers process data outside Switzerland. We protect your data through:

• Swiss-U.S. Data Privacy Framework: Our U.S. providers are certified under this framework
• Standard Contractual Clauses: Where required, we use EU-approved contractual protections
• Adequacy decisions: We prioritize providers in countries with recognized data protection standards

Data Retention

We keep your data only as long as necessary:

When you delete your account, we permanently erase your personal and business data within 30 days. Some anonymized usage statistics may remain for product improvement.

Data Breach Notification

If a security breach affects your personal data, we will:

1. Notify the Swiss FDPIC within 72 hours (where required)
2. Contact you directly if there's high risk to your rights
3. Explain what happened and what we're doing about it

Cookies and Tracking

On Our Website

We use minimal cookies:

• Essential cookies: Required for the website to function
• Analytics cookies: Help us understand how visitors use our site (anonymized)

You can disable non-essential cookies in your browser settings.

In Our App

We don't use cookies in the mobile or desktop apps. We use secure authentication tokens instead.

Children's Privacy

Magic Heidi is designed for business use. We don't knowingly collect data from anyone under 16. If you believe a child has provided us with personal information, please contact us immediately.

Swiss Data Protection Rights (FADP)

As a Swiss resident, you have rights under the Federal Act on Data Protection (FADP), effective September 2023:

• Right to information about data processing
• Right to access your personal data
• Right to data portability
• Right to correction of inaccurate data
• Right to deletion ("right to be forgotten")
• Right to restrict processing
• Right to object to processing

The FADP requires us to implement Privacy by Design and Privacy by Default. We do this by collecting only necessary data and using privacy-protective default settings.

European Union Rights (GDPR)

If you're in the EU, UK, Liechtenstein, Norway, or Iceland, you have additional rights under GDPR:

• All rights listed above
• Right to lodge a complaint with your local supervisory authority
• Right to withdraw consent at any time
• Right not to be subject to automated decision-making

We don't make automated decisions that significantly affect you.

California Rights (CCPA/CPRA)

California residents have these rights:

• Right to know: What personal information we collect and why
• Right to delete: Request deletion of your personal information
• Right to opt-out: We don't sell personal information, so no opt-out is needed
• Right to non-discrimination: We won't treat you differently for exercising your rights

We do not sell your personal information. We don't share it for monetary or other valuable consideration.

Changes to This Policy

We may update this Privacy Policy when laws change or we modify our services. When we make significant changes:

1. We'll update the "Last updated" date
2. We'll notify you through the app or email
3. We'll ask for your consent if required

Continued use of Magic Heidi after changes means you accept the updated policy.

Questions?

We're happy to explain anything in this policy. Contact us:

Email: hello@magicheidi.ch

Mailing address: Nathan Ganser, Magic Heidi Route de Vaux 1, 1126 Vaux Switzerland

For unresolved privacy concerns, contact the Swiss Federal Data Protection and Information Commissioner:

• Website: https://www.edoeb.admin.ch
• Email: info@edoeb.admin.ch