Security & Privacy

Your Data is Safe with MagicHeidi

Your invoices contain sensitive information—client details, payment terms, bank accounts. We built MagicHeidi with security as a foundation, not an afterthought. Swiss-hosted, Swiss-made, and designed to meet the strictest data protection standards.

Why Security Matters
for Freelancers

You might think cybersecurity is only a concern for large corporations. The reality tells a different story. Cyberattacks in Switzerland have increased dramatically, and small businesses are often targeted precisely because attackers assume they have weaker defenses.

💔

Client trust evaporatesOne breach can end relationships you spent years building

💸

Financial penalties hurtViolations can result in fines up to 250,000 CHF

⏰

Recovery takes timeRecreating lost data isn't just frustrating—it's expensive

Swiss Data Protection
You Can Trust

Your data never leaves Switzerland. Our servers are located within Swiss borders, giving you Swiss data sovereignty, lower latency, and complete legal clarity. Unlike some competitors who store backups abroad, we keep everything within Swiss borders.

🇨🇭 Swiss Hosted

🔐 Bank-Level Encryption

✅ nFADP Compliant

🇪🇺 GDPR Ready

🇨🇭

Hosted in Switzerland

Your information falls under Swiss jurisdiction

📋

Full nFADP Compliance

Privacy by Design built into the core

🇪🇺

GDPR Compatible

Work confidently with European clients

🔒

Swiss Data Sovereignty

No complex questions about which laws apply

Protection

How We Protect
Your Data

Behind the scenes, our engineering team works continuously to keep MagicHeidi secure with multiple layers of protection.

Passwordless Login

No passwords means nothing to hack. Sign in securely with Google, Apple, or email magic links. Your account is protected by the same enterprise-grade security that guards billions of accounts.

No password to steal or forget
Google & Apple's built-in security
Email magic links for simple access
Phishing-resistant authentication

Encrypted & Protected

Your data is protected by AES-256 encryption at rest and SSL/TLS in transit—the same standards used by banks and governments.

Bank-level encryption standards
Runs on Google Cloud Platform
Automatic security updates
DDoS protection built-in

Reliable Backups

Hardware failures, disasters, mistakes—we've got you covered. Your data is automatically backed up and can be restored quickly.

Automated daily backups
Stored in Swiss data centers
Quick recovery procedures
Export your data anytime

Swiss Data Residency

Your financial data stays in Switzerland, subject to some of the world's strictest privacy laws. No overseas transfers, no exceptions.

Data stored exclusively in Switzerland
Swiss privacy law protection
GDPR compliant
Full data portability

Infrastructure

Technical Security Measures

Our hosting infrastructure includes firewalls blocking unauthorized access, DDoS protection against attacks, and monitoring systems that alert our team to unusual activity. As a cloud service, MagicHeidi is always running the latest, most secure version.

Your Responsibility

Your Role in Security

Security is a partnership. While we handle the technical protection, there are simple steps you can take to maximize your account safety.

Use a Secure Login Method

Sign in with Google or Apple for the strongest protection—their security teams work around the clock so you don't have to.

Watch for Phishing

We'll never ask for login details via email. Always go directly to magicheidi.ch instead of clicking links in messages.

Keep Devices Updated

Your account is only as secure as your devices. Enable automatic updates on your computer and phone to stay protected.

Review Connected Apps

Periodically check which apps have access to your Google or Apple account. Remove any you no longer use or recognize.

Cross-Platform

Security on Every Device

MagicHeidi works on the web, Mac, Windows, and mobile. Security is consistent across all platforms with native apps, encrypted sync, and secure local storage.

🖥️
Native Desktop Apps
Same security without browser vulnerabilities
📱
Mobile Security
Secure local storage and encrypted connections
🔄
Seamless Sync
Data stays encrypted between devices
🌐
Web Protection
Full encryption on every connection

Invoices

Invoice #3
Magic Heidi
CHF 500
Jan 29
Invoice #2
Webbiger LTD
CHF 2000
Jan 24
Invoice #1
John Doe
CHF 600
Jan 20

Certifications & Compliance

Swiss Made Software

MagicHeidi is a member of the Swiss Made Software organization. This membership confirms our commitment to Swiss quality standards and local data handling practices.

Data Processing Agreements

Need a formal data processing agreement for your records or your clients? Contact us. We provide documentation that satisfies business requirements for data handling agreements.

Ongoing Compliance

Data protection laws evolve. We monitor regulatory changes and update our practices accordingly. When the nFADP came into effect in September 2023, MagicHeidi was already compliant. We'll be ready for future changes too.

FAQ

Security Questions Answered

Where is my data stored?

In Switzerland. Our servers are located within Swiss borders, and your data never leaves the country.

Is MagicHeidi GDPR compliant?

Yes. While MagicHeidi is a Swiss product, our security practices meet GDPR requirements. You can confidently use MagicHeidi for invoicing EU clients.

Can MagicHeidi employees see my invoices?

No. Your data is encrypted and access-controlled. Our team cannot view your invoices, expenses, or client information.

What happens if MagicHeidi has a data breach?

We have incident response procedures in place. In the unlikely event of a breach, we would notify affected users and the Federal Data Protection Commissioner as required by Swiss law.

How do I enable two-factor authentication?

Go to your account settings and look for the Security section. You can enable 2FA using an authenticator app like Google Authenticator or Authy. The setup takes about two minutes.

Can I export my data?

Yes, anytime. You maintain full ownership of your data and can export it in standard formats.

What encryption does MagicHeidi use?

We use TLS encryption for data in transit and AES-256 encryption for data at rest. These are industry-standard encryption methods used by banks and government agencies.

Is my QR-code invoice data secure?

Yes. Swiss QR-code invoices generated by MagicHeidi are created using secure processes. The QR codes contain only the necessary payment information and are transmitted using the same encryption as all other data.

Start Invoicing with Confidence

Swiss hosting. Bank-level encryption. Full compliance with Swiss data protection law. Focus on your work—we'll protect your data.

Try Magic Heidi Free Contact Security Team

App Store Google Play Microsoft Store Web App