ProcessFlow LogoProcessFlow

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how ProcessFlow (“we”, “us”) processes personal data when you visit processflow.dev or interact with our contact form. We comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP / revFADP).

1. Controller

ProcessFlow
Albulastrasse 50
8048 Zürich, Switzerland
Email: info@processflow.dev

2. What We Collect and Why

2.1 Server logs

When you load any page, our hosting provider automatically processes technical data needed to deliver the page: your IP address, the requested URL, the HTTP status, the referring page, your user agent, and the timestamp. This data is processed on the basis of our legitimate interest (Art. 6 (1)(f) GDPR) in operating a stable, secure website. Logs are retained for a maximum of 30 days and are not used to build a profile.

2.2 Analytics — Umami (cookieless)

We use a self-hosted instance of Umami Analytics to measure aggregated visitor numbers. Umami runs on our own server in Germany. It does not use cookies and does not track you across sites. IP addresses are anonymized and discarded after the request; Umami stores only a daily, per-site hash that cannot be linked to a person. Because no personal data is shared with third parties and no identifiers persist on your device, no consent banner is required.

Legal basis: legitimate interest (Art. 6 (1)(f) GDPR) in understanding traffic to improve the site. The script is loaded from analytics.processflow.dev.

2.3 Contact form

When you submit our contact form, we process the name, email address, and message you provide in order to respond to your request (Art. 6 (1)(b) GDPR — pre-contractual / contractual measures, or Art. 6 (1)(f) for general inquiries). Delivery of the resulting email is handled by Resend (Resend, Inc., USA) as our processor under Art. 28 GDPR. Resend is certified under the EU–U.S. Data Privacy Framework. Messages are retained for as long as needed to handle the conversation and any follow-up, then deleted.

3. Cookies

We do not use marketing, advertising, or third-party tracking cookies. The site may use technical local-storage entries solely to remember your light/dark mode preference. These never leave your browser.

4. Recipients and Transfers

Your data is processed by the following providers acting on our behalf:

  • Hosting / CDN (page delivery)
  • Umami Analytics (self-hosted, Germany)
  • Resend, Inc. (transactional email, USA — DPF-certified)

Where data is transferred outside the EU/EEA or Switzerland, we rely on EU Standard Contractual Clauses and/or the EU–U.S. Data Privacy Framework as appropriate.

5. Your Rights

Under the GDPR and the Swiss FADP you have the right to: access your data (Art. 15), rectify it (Art. 16), erase it (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object to processing based on legitimate interests (Art. 21), and withdraw any consent you have given. You may also lodge a complaint with a supervisory authority — for Swiss residents the FDPIC (edoeb.admin.ch); EU residents can contact the authority in their country of residence.

To exercise any of these rights, email info@processflow.dev.

6. Security

The site is served over HTTPS with up-to-date TLS. Our analytics and contact-form infrastructure run on hardened servers with regular updates.

7. Changes to This Policy

We may update this policy when our processing changes or when the law requires. The current version always lives at this URL with the “Last updated” date at the top.