Privacy Policy
Last updated: April 18, 2026
1. Who We Are
Hackathons Plus Diagnostic (“the Service”) is operated by Vitalis Group SA, a company registered under Swiss law with its registered office at c/o Barney Associés SA, Chem. de Roseneck 5, 1006 Lausanne, Switzerland (“we”, “us”, “our”).
For any privacy-related inquiries, you can reach us at contact@hackathons-plus.ch.
2. What Data We Collect
We collect the following categories of personal data:
Account information
Your name, email address, and optional profile details (role, sector, company size, geography) that you provide when creating an account.
Challenge and diagnostic data
The business challenges you submit, AI-generated diagnostic results, intervention plans, and any associated outputs.
Payment information
We do not store credit card details. Payment processing is handled by Stripe, Inc. We store your Stripe customer ID and transaction references to manage your subscription.
Usage and technical data
Browser type, device information, IP address, and cookies necessary for the functioning of the Service (see our Cookie Policy for details).
3. Why We Process Your Data
We process your personal data for the following purposes and legal bases:
AI-generated diagnostics and recommendations are provided as decision-support tools only. They do not constitute automated decision-making with legal or similarly significant effects on individuals. We may process diagnostic and behavioural data to generate aggregated insights and recommendations.
4. Third-Party Services
We share personal data with the following third-party processors, all of which maintain appropriate data protection measures:
Supabase, Inc. (United States) — Authentication, database hosting. Data may be transferred to the EU/US under standard contractual clauses.
OpenAI, Inc. (United States) — AI processing of your challenge statements and generation of diagnostics. We send the text content of your challenges to OpenAI’s API to generate diagnostic outputs, intended to provide decision-support insights and structured recommendations. We do not intentionally transmit account identifiers (such as your name or email) or payment information. Your data is processed via OpenAI’s API and is not used by us to train AI models, and is not used by OpenAI to train its models.
Stripe, Inc. (United States) — Payment processing. Subject to Stripe’s own privacy policy.
Resend, Inc. (United States) — Transactional email delivery (OTP codes, payment confirmations).
Vercel, Inc. (United States) — Website hosting and delivery.
5. International Data Transfers
Some of our third-party service providers are located in the United States. Where personal data is transferred outside of Switzerland or the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we delete or anonymise your personal data without undue delay, except where retention is required for legal, regulatory, security, or backup purposes. Residual copies may remain in secure backups for up to 7 days before being permanently deleted. Payment records may be retained for up to 10 years to comply with Swiss accounting and tax obligations.
6.A Automated Processing and Profiling
We use automated systems, including artificial intelligence, to analyse the business challenges you submit and generate structured diagnostics and recommendations. This may involve profiling based on the information you provide (such as company size, sector, or type of challenge). These outputs are intended solely to support decision-making and do not produce legal or similarly significant effects.
7. Your Rights
Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights:
Access — Request a copy of the personal data we hold about you.
Rectification — Request correction of inaccurate data.
Erasure — Request deletion of your data (available via your Account page).
Data portability — Request your data in a structured, machine-readable format.
Objection — Object to processing based on legitimate interests.
Restriction — Request that we limit the processing of your data.
Withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at contact@hackathons-plus.ch. We will respond within 30 days, which may be extended where permitted by law in case of complex or multiple requests.
8. Security
We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS), secure authentication (OTP codes), access controls, and restricted access to systems and data. Where applicable, data is stored in secure environments with logical and physical safeguards. While no method of transmission over the Internet is completely secure, we take reasonable steps to protect your information.
9. Children’s Privacy
The Service is intended for business professionals and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
10. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU, your local supervisory authority.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The “Last updated” date at the top of this page indicates when the policy was last revised.