← Back to Home

Privacy Policy

Last updated: February 17, 2026

Introduction

This Privacy Policy explains how Comitto ("we," "us," or "our"), operated by Nico Wyss in Switzerland, collects, uses, and protects your personal information when you use our Service.

We are committed to protecting your privacy and complying with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

1.1 Information You Provide

When you create an account and use our Service, we collect:

  • Account Information: Email address, password (encrypted), display name, and optional profile photo
  • User Content: Photos you upload as proof of goal completion, bet descriptions, comments, and other content you create
  • Bet Data: Goals you set, financial stakes, participants, completion status, and IOU records

1.2 Information Automatically Collected

  • Usage Data: Pages visited, features used, time spent on the app, and interaction patterns
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Analytics: We use privacy-focused analytics (Plausible Analytics) to understand how users interact with the Service

1.3 OAuth Authentication

If you sign up using Google or Apple OAuth, we receive basic profile information from these providers (name, email, profile picture) as permitted by your OAuth provider settings.

2. How We Use Your Information

We use your information to:

  • Provide the Service: Create and manage your account, facilitate bets, track IOUs, and enable communication between users
  • Improve the Service: Analyze usage patterns, identify bugs, and develop new features
  • Communicate with You: Send account notifications, bet updates, and important service announcements
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws and legal obligations

Legal Basis (GDPR): We process your data based on (a) your consent, (b) performance of our contract with you, (c) our legitimate interests in operating the Service, or (d) legal obligations.

3. How We Share Your Information

3.1 With Other Users

Your display name, profile photo, and bet-related content (goals, photos, comments) are visible to users you interact with (bet partners, group members). Your email address is not shared with other users.

3.2 With Service Providers

We use the following third-party services:

  • Supabase: Database and authentication (hosted in EU)
  • Plausible Analytics: Privacy-focused website analytics (GDPR-compliant, no cookies)
  • Email Service: Transactional emails (account verification, notifications)
  • Image Storage: Photo uploads for bet proof (stored via Supabase)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose your information if required by law, in response to valid legal requests, or to protect our rights, property, or safety.

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

3.5 What We Don't Do

We do NOT:

  • Sell your personal data to third parties
  • Use your data for targeted advertising
  • Share your email or contact information with other users

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or security purposes.

Specific retention periods:

  • Account data: Deleted within 90 days of account deletion
  • User photos: Deleted with your account or when you remove them
  • Analytics data: Aggregated and anonymized (retained indefinitely)
  • Legal records: Retained as required by law

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication mechanisms

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

6. Your Privacy Rights

Under GDPR and Swiss law, you have the following rights regarding your personal data:

6.1 Right to Access

You can request a copy of the personal data we hold about you. You can view most of your data directly in your account settings.

6.2 Right to Rectification

You can update or correct your personal information through your account settings or by contacting us.

6.3 Right to Deletion

You can request deletion of your account and personal data at any time. Go to Settings → Account → Delete Account, or contact us at privacy@comitto.app.

6.4 Right to Data Portability

You can request a copy of your data in a machine-readable format (JSON or CSV). Contact us to request data export.

6.5 Right to Object or Restrict Processing

You can object to or request restriction of certain data processing activities. Note that this may limit your ability to use certain features.

6.6 Right to Withdraw Consent

Where we process data based on your consent, you can withdraw that consent at any time through your account settings.

6.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
  • EU: Your national Data Protection Authority

To exercise any of these rights, contact us at privacy@comitto.app. We will respond within 30 days.

7. Cookies and Tracking

We use minimal cookies and tracking technologies:

  • Essential Cookies: Required for authentication and security (session cookies)
  • Analytics: Plausible Analytics (cookieless, privacy-friendly)
  • Consent Preferences: Stores your cookie consent choices

You can manage cookie preferences through the cookie banner or your browser settings. Disabling essential cookies may affect functionality.

8. International Data Transfers

Your data is primarily stored in the European Union (via Supabase EU region). If data is transferred outside the EU/Switzerland, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with GDPR and Swiss law.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will notify you via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Controller: Nico Wyss

Email: privacy@comitto.app

Location: Switzerland

This Privacy Policy is effective as of February 17, 2026. By using Comitto, you acknowledge that you have read and understood this Privacy Policy.