Last updated: 2026-06-18·Effective: 2026-06-18
This Privacy Policy explains how PlenDesk ("we", "us") collects, uses, and protects personal data in connection with myID, our software service for privacy-first QR tags and lost-and-found item recovery ("Services"). It is written to satisfy the Swiss Federal Act on Data Protection (nDSG, as revised in 2023) and the EU General Data Protection Regulation (GDPR) where applicable.
The controller responsible for your personal data is:
Jürgen Walter
Lindachstrasse 13
3038 Kirchlindach BE
Switzerland
Email: privacy@plendesk.com
PlenDesk is a Swiss sole proprietorship. If you have any question about this Policy or about how we process your personal data, please contact us at the email above.
When you use myID, we may collect:
We use carefully selected external service providers ("sub-processors") to operate the Services. Each has a signed Data Processing Addendum with PlenDesk under nDSG Art. 9 and where applicable GDPR Art. 28. Our current sub-processors:
| Provider | Purpose | Country | Legal basis for transfer | DPA |
|---|---|---|---|---|
Clerk clerk.com | Authentication, account management, and session security | United States | DPA, SCCs, and applicable data transfer safeguards | View DPA |
Convex convex.dev | Application database, server functions, and real-time data sync | United States | DPA, SCCs, and applicable data transfer safeguards | View DPA |
Vercel vercel.com | Hosting, edge routing, deployment, and web analytics | United States | DPA, SCCs, and applicable data transfer safeguards | View DPA |
Sentry sentry.io | Error monitoring, diagnostics, and security troubleshooting | United States | DPA, SCCs, and applicable data transfer safeguards | View DPA |
Some of these providers in turn rely on their own sub-processors (e.g. infrastructure providers such as AWS). A consolidated list is maintained via the DPA links above; we update this page when the underlying providers change.
Most of our providers are headquartered in the United States. Transfers from Switzerland and the EU are covered by the Swiss-US Data Privacy Frameworkand/or the European Commission's Standard Contractual Clauses, as referenced in each provider's DPA linked above. We do not transfer personal data to countries without an adequate level of protection unless such safeguards are in place.
If you delete your account, all personal data under our control is deleted within a few minutes via an automated cascade, except where a legal obligation (e.g. accounting) requires continued retention.
Under nDSG and GDPR you have the right to:
To exercise any of these rights, email privacy@plendesk.com. We respond within 30 days.
If you are in Switzerland and believe we process your data unlawfully, you may also lodge a complaint with the Federal Data Protection and Information Commissioner (EDÖB). If you are in the EU, you may lodge a complaint with your local data protection authority.
PlenDesk uses strictly functional cookies that are necessary to operate the Services (authentication session, CSRF protection). No advertising or cross-site tracking cookies are used.
Our administrator dashboards may use Sentry Session Replay to record UI interactions when an error occurs, strictly for debugging. Text input and media are masked by default; token-bearing public finder and contact pages are excluded from recording entirely.
We implement technical and organisational measures appropriate to the risk, including TLS encryption in transit, authentication via Clerk, role-based access control, and continuous error monitoring. Public finder pages use bot protection and rate-limiting to prevent abuse. Despite our efforts, no system is perfectly secure; please contact us immediately if you suspect a breach.
The Services are not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can delete it.
We may update this Policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be communicated through the Services.
This Policy is governed by Swiss law. Any disputes are subject to the exclusive jurisdiction of the competent courts of Kirchlindach, Switzerland.
Resend resend.com | Transactional emails such as account, support, and finder messages | United States | DPA, SCCs, and applicable data transfer safeguards | View DPA |
Polar polar.sh | Intended payment provider and Merchant of Record for paid checkout when enabled | United States | Payment processing terms and applicable data transfer safeguards | View DPA |