Legal & Privacy
Last updated: 27 May 2026
Privacy Policy
This policy describes how nectr collects and handles personal data in accordance with the Swiss Federal Act on Data Protection (nFADP / revDSG), in force since 1 September 2023.
Data we collect
We collect only what is strictly necessary to provide the service:
- Your email address, used to identify your account.
- A hashed and salted version of your password. We cannot read or recover your password in plain text.
- The URLs you submit and the converted markdown output, stored to provide your saved links.
- Technical metadata for security and abuse prevention: your IP address and browser user-agent, recorded with login sessions (which you can review and revoke in Settings) and in our security audit log.
- API keys you generate, stored only as a salted hash — the full key is shown to you once and is never stored.
- Aggregate view analytics for your saved links: a viewer classification (for example, a human visitor or a named AI crawler) and a timestamp. This does not include IP addresses or other personal data.
- If you subscribe to a paid plan, billing information is collected and processed by our payment provider, Paddle, acting as Merchant of Record. We never receive or store your full card details. (Paid plans are not yet active.)
We do not sell your personal data or track your location, and we collect nothing beyond what is needed to operate the service and keep your account secure.
How your data is used
Your data is used solely to operate the service. We do not sell your personal data, and we share it only with service providers who help us run nectr — currently our payment provider, Paddle, for billing — never for their own purposes. Converted content is never used to train machine learning or AI models.
Analytics
We use Matomo for website analytics, self-hosted on our own instance on Infomaniak in Switzerland. Analytics are cookieless — no tracking cookie is set in your browser. IP addresses are anonymised before storage. No data is sent to third-party analytics providers.
Data storage and security
All data is stored on servers located in Switzerland. Passwords are hashed using bcrypt. Email addresses and submitted URLs are encrypted at rest using AES-256-GCM. Data is transmitted over HTTPS at all times.
Data retention
Account data is retained for as long as your account is active. In accordance with the nFADP principle that personal data must not be kept longer than necessary, we apply the following policy:
- Active accounts — data is retained indefinitely while you continue to use the service.
- Inactive accounts — if your account has had no activity for 12 months, you will receive an email notification. If you do not log in within 30 days of that notification, your account and all associated data will be permanently deleted.
- Account deletion — you may delete your account at any time from the Settings page. All personal data is removed immediately and cannot be recovered.
Anonymised analytics data does not contain personal information and is retained for statistical purposes.
Your rights
Under the nFADP, you have the right to access, correct, or request deletion of your personal data. To exercise any of these rights, contact us at hello@nectr.ch. We will respond within 30 days.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page.