Privacy Policy

Last updated: June 2026

1. Who We Are

Weqly is a scheduling and workforce management platform operated by Franco Novoa, a sole proprietor based in Muri bei Bern, Kanton Bern, Switzerland. We are the data controller for personal data processed about our account holders.

This policy is governed by the Swiss Federal Act on Data Protection (FADP/nFADP) and, where applicable to users in the EU/EEA, the EU General Data Protection Regulation (GDPR). For questions about this policy or your personal data, or to request our full postal address, contact us at [email protected].

2. What Personal Data We Collect

We collect the following types of personal data:

  • Account Information: Name, email address, password, profile picture
  • Workspace Information: Workspace name, role within the workspace
  • Scheduling Data: Shift assignments, leave requests, leave balances, work schedules
  • Usage Data: Login history, actions taken within the app
  • Billing Information: Payment details processed securely through Stripe (we do not store complete card numbers)

3. Legal Basis for Processing

We process your personal data based on:

  • Contract: Providing the scheduling services you requested
  • Legitimate Interest: Maintaining account security, preventing fraud, and improving our service
  • Legal Obligation: Complying with tax and accounting requirements

4. How We Use Your Data

We use your personal data to:

  • Provide and maintain our scheduling and workforce management services
  • Process payments and send billing-related communications
  • Send important service notifications (shift reminders, leave approvals, etc.)
  • Respond to your support requests
  • Improve our service based on usage patterns
  • Enforce our terms and policies

5. Who We Share Your Data With

We share your data with:

  • Stripe: Payment processing (payments, refunds, subscriptions). See Stripe's Privacy Policy
  • Service Providers: Hosting (Hetzner, Germany), email delivery (Postmark), and error monitoring (Sentry)
  • Your Workspace Administrators: May see your scheduling info
  • Legal Authorities: When required by law

We do not sell your personal data.

When an employer or organisation uses Weqly to manage its workforce, that organisation is the controller of its employees' scheduling data and we act as its processor. In that case we process such data on the organisation's documented instructions under a data processing agreement (DPA). Business customers can request our DPA by contacting us.

6. International Data Transfers

Our hosting is located in the European Union (Hetzner, Germany). Some of our other service providers (such as Stripe, Postmark, and Sentry) may process your data outside Switzerland and the European Economic Area, including in the United States. Where we transfer personal data to a country without an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses together with the Swiss addendum recognised by the Swiss Federal Data Protection and Information Commissioner, or the EU-U.S. Data Privacy Framework where applicable. You may request a copy of the relevant safeguards by contacting us.

7. Data Security

We implement encryption, access controls, and regular security reviews.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account and scheduling data: kept while your account is active. After account deletion, a 30-day grace period applies, after which the data is permanently erased.
  • Billing and transaction records: retained for up to 10 years after the relevant transaction, as required by Swiss accounting and tax law (Art. 958f of the Swiss Code of Obligations).
  • Error and security logs: retained for a limited period (typically up to 90 days) and then deleted or anonymised.

9. Your GDPR Rights

You have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Portability
  • Object
  • Withdraw Consent
  • Complain

You also have the right to lodge a complaint with a data protection authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch). If you are in the EU/EEA, you may complain to your national data protection authority.

To exercise any of these rights, contact us at [email protected].

10. Cookies

We use one essential cookie to operate the service: a session cookie that keeps you logged in. This cookie is strictly necessary and cannot be disabled without breaking core functionality.

We use Sentry for error monitoring and performance tracking. Sentry may record a sample of user sessions (approximately 10% of sessions and all sessions where errors occur) to help diagnose issues. When an error occurs, Sentry receives your user ID, email address, and browser context. This data is used solely to identify and fix bugs. Sentry's privacy policy applies to data processed on their platform.

We do not use analytics cookies or third-party advertising cookies.

11. Children's Privacy

Not intended for children under 16.

12. Changes to This Policy

We may update this policy and notify users of material changes.