LookupSwiss is a data processor under the EU General Data Protection Regulation (Regulation 2016/679) and a data controller under the Swiss Federal Act on Data Protection. This page explains how we honour both.
Get a machine-readable copy of every piece of personal data we hold about you, within 30 days.
Correct any inaccurate or outdated data via your dashboard, or by email.
“The right to be forgotten.” We hard-delete your account, all subscription records, and all usage counters within 30 days.
Receive your data in a structured, commonly-used JSON format — ready to move to another provider.
Pause processing while a dispute is being resolved, or object to any processing based on legitimate interest.
Read our full Privacy Policy at any time. We email all account holders 14 days before any material change.
If you process personal data of EU residents through our API, you are the controller and we are the processor under GDPR Art. 28. Our DPA is available on request and is signed automatically when you sign up for any paid plan. Email dpo@lookupswiss.ch to request a copy.
All primary databases are hosted on MongoDB Atlas in EU-Central (Frankfurt). Supabase Auth and Stripe both store data inside the EU. We do not transfer personal data outside the EEA except via Standard Contractual Clauses.
The phone numbers and email addresses submitted to /api/validate/* endpoints are processed in-memory only. They never touch a database, never appear in logs, and are never shared with anyone, including our sub-processors. We retain only anonymous per-day per-endpoint counters.
In the unlikely event of a personal-data breach affecting EU residents, we will notify the competent supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33, and notify affected users directly if the breach is likely to result in a high risk to their rights.
Our DPO can be reached at dpo@lookupswiss.ch. You also have the right to lodge a complaint with the Swiss FDPIC or your local EU supervisory authority.