Guard.ch Logo

Data Processing Agreement (DPA)

Last Updated: November 14, 2025

Effective Date: November 14, 2025

1. Introduction and Scope

This Data Processing Agreement ("DPA") is incorporated into and forms part of the Terms of Service between you ("Customer," "Controller," or "you") and Guard.ch ("Guard.ch," "Processor," "we," or "us"). For our full legal information, please see our Imprint.

This DPA governs the processing of Personal Data in accordance with:

  • The Swiss Federal Act on Data Protection (FADP/revDSG)
  • The EU General Data Protection Regulation (GDPR) - where applicable
  • Other applicable data protection laws

1.1 Applicability

This DPA applies when:

  • Customer uses Guard.ch services and processes Personal Data as a Data Controller
  • Guard.ch processes Personal Data on behalf of Customer in the course of providing services
  • Customer is subject to Swiss FADP, EU GDPR, or similar data protection laws

1.2 Definitions

For purposes of this DPA:

"Personal Data" means any information relating to an identified or identifiable natural person as defined under applicable Data Protection Laws.

"Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, restriction, erasure, or destruction.

"Data Controller" means the entity that determines the purposes and means of Processing Personal Data (typically the Customer).

"Data Processor" means the entity that Processes Personal Data on behalf of the Controller (Guard.ch).

"Sub-processor" means any third party engaged by Guard.ch to Process Personal Data on behalf of the Customer.

"Data Protection Laws" means Swiss FADP, EU GDPR, and any other applicable data protection and privacy laws.

"Data Subject" means the identified or identifiable natural person to whom Personal Data relates.

"Supervisory Authority" means the Swiss Federal Data Protection and Information Commissioner (FDPIC) or other competent data protection authority.

2. Roles and Responsibilities

2.1 Data Controller

Customer as Data Controller: When you use Guard.ch services and process Personal Data within your virtual machines (VMs), you act as the Data Controller. You determine:

  • What Personal Data is processed in your VMs
  • The purposes for which Personal Data is processed
  • The legal basis for processing
  • Data retention periods
  • Data subject rights procedures

2.2 Data Processor

Guard.ch as Data Processor: Guard.ch processes only account-related Personal Data and VM metadata on your behalf. Guard.ch acts as a Processor for:

  • Account information (email, name, authentication data)
  • VM metadata (VM IDs, creation times, usage statistics)
  • Billing and payment information
  • Access logs and session data

Important Limitation: Guard.ch does not process, access, or monitor the content stored within your VMs. We have no technical capability to view or control what you do inside your VMs. Therefore:

  • Guard.ch is not a Data Processor for any Personal Data you store, process, or transmit within your VMs
  • You are solely responsible for all Personal Data processing within your VMs
  • You must implement appropriate technical and organizational measures within your VMs

2.3 Guard.ch as Data Controller

For certain processing activities, Guard.ch acts as an independent Data Controller:

  • Processing necessary to provide, maintain, and improve Guard.ch services
  • Payment processing (jointly with Stripe)
  • Compliance with legal obligations
  • Security and fraud prevention
  • Website analytics (Google Analytics)
  • Advertising (Playwire)

For these activities, our Privacy Policy governs the processing.

3. Processing Details

3.1 Subject Matter of Processing

Guard.ch processes Personal Data to provide virtual machine management services, including:

  • Account creation and authentication
  • VM provisioning, operation, and termination
  • Billing and payment processing
  • Technical support and troubleshooting
  • Security monitoring and abuse prevention

3.2 Duration of Processing

Processing occurs:

  • For the duration of the contractual relationship between Customer and Guard.ch
  • During the data retention periods specified in our Privacy Policy
  • Until Customer requests data deletion (subject to legal retention requirements)

3.3 Nature and Purpose of Processing

Guard.ch processes Personal Data for the following purposes:

  • Service Provisioning: Creating, managing, and operating Customer VMs
  • Authentication: Validating user identity and managing access
  • Billing: Generating invoices and processing payments via Stripe
  • Support: Providing technical assistance and troubleshooting
  • Security: Monitoring for abuse, unauthorized access, and security threats
  • Legal Compliance: Meeting Swiss tax, accounting, and legal obligations

3.4 Types of Personal Data Processed

Guard.ch processes the following categories of Personal Data:

Account Data:

  • Email addresses
  • First and last names (optional)
  • OAuth profile information (if using Google/Microsoft login)
  • WebAuthn/passkey credentials (public keys and metadata)
  • Team/organization names and logos (for team accounts)

Technical Data:

  • IP addresses
  • Session IDs and timestamps
  • Browser user agent strings
  • VM metadata (IDs, creation times, images, server assignments, usage duration)
  • API keys and access tokens

Billing Data:

  • Billing email addresses
  • Stripe customer IDs
  • Payment transaction metadata (not card details)

Logs and Analytics:

  • Access logs (IP addresses, timestamps, URLs)
  • Error logs and diagnostic information
  • Website analytics data (via Google Analytics)

Communications:

  • Support tickets and email correspondence
  • Customer feedback and inquiries

Important: Guard.ch does not process the content of Customer VMs. Any Personal Data stored, processed, or transmitted within VMs is the sole responsibility of the Customer.

3.5 Categories of Data Subjects

Data Subjects whose Personal Data may be processed include:

  • Customer account holders
  • Team members and authorized users
  • Customer's employees, contractors, or representatives
  • Customer's end users (if applicable, for data processed within VMs - Customer's responsibility)

4. Customer's Obligations as Data Controller

As a Data Controller, Customer is responsible for:

4.1 Lawfulness of Processing

  • Ensuring a valid legal basis exists for all Personal Data processing (consent, contract, legal obligation, legitimate interest, etc.)
  • Obtaining necessary consents from Data Subjects
  • Providing required privacy notices to Data Subjects

4.2 Compliance with Data Protection Laws

  • Complying with all applicable Data Protection Laws
  • Implementing appropriate technical and organizational measures within VMs
  • Conducting Data Protection Impact Assessments (DPIAs) when required
  • Maintaining records of processing activities

4.3 Data Subject Rights

  • Responding to Data Subject requests (access, rectification, erasure, restriction, portability, objection)
  • Managing consent and opt-out preferences
  • Handling complaints from Data Subjects

4.4 Instructions to Guard.ch

  • Customer instructs Guard.ch to process Personal Data solely for the purposes described in this DPA and as necessary to provide Guard.ch services
  • Customer may provide additional documented instructions via email to support@guard.ch
  • Guard.ch will inform Customer if, in its opinion, an instruction violates Data Protection Laws

4.5 VM Content Security

  • Customer is solely responsible for securing Personal Data within VMs
  • Customer must implement encryption, access controls, and security measures appropriate to the sensitivity of data processed in VMs
  • Customer must ensure third parties accessing Customer's VMs comply with Data Protection Laws

5. Guard.ch's Obligations as Data Processor

5.1 Processing Instructions

Guard.ch will:

  • Process Personal Data only on documented instructions from Customer (via this DPA and the Terms of Service)
  • Not process Personal Data for any other purpose unless required by Swiss or EU law
  • Inform Customer if we believe an instruction violates Data Protection Laws

5.2 Confidentiality

Guard.ch ensures that:

  • Persons authorized to process Personal Data are subject to confidentiality obligations
  • Access to Personal Data is restricted to employees and contractors who need access to provide Guard.ch services
  • All personnel are trained on data protection requirements

5.3 Technical and Organizational Measures

Guard.ch implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures:

  • Encryption in transit (TLS 1.3 for all connections)
  • Encryption at rest for sensitive data
  • VM isolation using Kubernetes (K3S) and KVM/libvirt
  • Network segmentation and firewalls
  • Access controls and authentication (WebAuthn, OAuth 2.0, MFA support)
  • Secure authentication mechanisms
  • Regular security updates and patching
  • Automated VM deletion and data wiping

Organizational Measures:

  • Access management and least-privilege principles
  • Employee confidentiality agreements
  • Security awareness training
  • Incident response procedures
  • Vendor security assessments
  • Regular security reviews
  • Documentation of processing activities

Infrastructure Security:

  • Hosted in secure Hetzner data centers (Helsinki, Finland) with physical security controls
  • DDoS protection via Cloudflare
  • Redundant infrastructure for availability
  • Regular backups of infrastructure (not VM content)

For details, see our Security Policy.

5.4 Sub-processors

5.4.1 General Authorization

Customer provides general authorization for Guard.ch to engage Sub-processors to process Personal Data, subject to the conditions in this section.

5.4.2 Current Sub-processors

Guard.ch currently engages the following Sub-processors:

  1. Stripe, Inc. (USA) - Payment processing
  2. Hetzner Online GmbH (Finland) - Infrastructure hosting and data storage
  3. OVH US LLC (USA) - Infrastructure hosting for US customer VM sessions (no persistent data storage)
  4. Cloudflare, Inc. (USA) - DNS, CDN, and DDoS protection
  5. Axiom, Inc. (USA) - Log aggregation and monitoring (30-day retention)
  6. Google LLC (USA) - OAuth authentication (optional) and analytics
  7. Microsoft Corporation (USA) - OAuth authentication (optional)
  8. Playwire LLC (USA) - Advertising services

A current, detailed list of Sub-processors is available at: guard.ch/subprocessors

5.4.3 Sub-processor Requirements

Guard.ch ensures that Sub-processors:

  • Are bound by written agreements imposing data protection obligations equivalent to this DPA
  • Implement appropriate technical and organizational measures
  • Comply with applicable Data Protection Laws
  • For transfers outside Switzerland/EEA: Provide appropriate safeguards (Standard Contractual Clauses, EU-US Data Privacy Framework, etc.)

5.4.4 Notice of Changes

Guard.ch will notify Customer of any intended changes to Sub-processors (addition or replacement) via:

  • Email to Customer's account email address
  • Update to the Subprocessors List at guard.ch/subprocessors
  • Minimum 30 days' advance notice (when reasonably possible)

5.4.5 Objection Rights

Customer may object to a new or replacement Sub-processor on reasonable data protection grounds by notifying Guard.ch within 30 days of notification. If Customer objects:

  • Guard.ch will use reasonable efforts to make available a change in service or recommend a commercially reasonable alternative
  • If no alternative is available, Customer may terminate the affected services with 30 days' written notice

5.5 Data Subject Rights Assistance

Guard.ch will assist Customer in responding to Data Subject requests by:

Providing Tools:

  • Self-service account management for updating account information
  • Data export functionality for account data
  • Account deletion tools

Responding to Requests:

  • If Guard.ch receives a Data Subject request directly, we will redirect it to Customer (unless prohibited by law)
  • Guard.ch will provide reasonable assistance to Customer in responding to requests
  • Customer is primarily responsible for responding to Data Subject requests related to data within VMs

Timeframe: Guard.ch will respond to assistance requests within 10 business days.

5.6 Security Breach Notification

In the event of a Personal Data breach affecting Customer data:

Notification Timeframe:

  • Guard.ch will notify Customer without undue delay and, where feasible, within 72 hours of becoming aware of the breach

Notification Contents:

  • Description of the nature of the breach
  • Categories and approximate number of Data Subjects affected
  • Categories and approximate number of Personal Data records affected
  • Name and contact details of Guard.ch's contact point (support@guard.ch)
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach and mitigate adverse effects

Investigation and Remediation:

  • Guard.ch will investigate the breach and take appropriate measures to contain and remediate it
  • Guard.ch will cooperate with Customer in investigating the breach
  • Guard.ch will document the breach and response measures

Customer's Notification Obligations:

  • Customer remains responsible for notifying Supervisory Authorities and Data Subjects as required by Data Protection Laws
  • Guard.ch will provide reasonable assistance to Customer in meeting these obligations

5.7 Data Protection Impact Assessments and Audits

DPIAs: Guard.ch will provide reasonable assistance to Customer in conducting Data Protection Impact Assessments (DPIAs) when required by Data Protection Laws, by providing information about Guard.ch's processing activities, security measures, and Sub-processors.

Audits and Inspections: Customer has the right to conduct audits and inspections to verify Guard.ch's compliance with this DPA, subject to the following:

  • Documentation: Guard.ch will make available documentation demonstrating compliance with this DPA (security policies, certifications, audit reports)
  • Audit Rights: Customer may conduct on-site audits or inspections upon reasonable written notice (minimum 30 days) and at reasonable intervals (not more than once per year unless required by a Supervisory Authority)
  • Scope: Audits must be conducted during business hours, not disrupt Guard.ch operations, and be subject to confidentiality obligations
  • Costs: Customer bears the costs of audits unless the audit reveals material non-compliance
  • Third-Party Auditors: Customer may use independent third-party auditors approved by Guard.ch (approval not unreasonably withheld)

Guard.ch may provide third-party audit reports (e.g., SOC 2, ISO 27001) in lieu of on-site audits, subject to confidentiality agreements.

5.8 Deletion and Return of Personal Data

Upon termination or expiration of the Terms of Service, or upon Customer's request, Guard.ch will:

Deletion:

  • Delete all Customer Personal Data (account data, VM metadata) within 30 days
  • Permanently delete all VM data immediately upon VM termination (this is automatic)
  • Certify in writing that deletion has been completed upon request

Exceptions:

  • Personal Data may be retained if required by Swiss or EU law (e.g., billing records for tax compliance - 10 years)
  • Backup copies stored for disaster recovery will be deleted within 90 days
  • Aggregated, anonymized data that cannot be re-identified may be retained

No Return: Due to the nature of our service (VMs are completely deleted upon termination), we do not return VM content. Customer is responsible for exporting any data from VMs before termination.

6. International Data Transfers

6.1 Primary Storage Location

All Customer data is stored in the European Union (Hetzner Helsinki data center, Finland).

6.2 Transfers to Third Countries

Personal Data may be transferred to Sub-processors in the United States (see Section 5.4.2). Guard.ch ensures appropriate safeguards for these transfers:

Transfer Mechanisms:

  • EU-US Data Privacy Framework (for certified companies: Stripe, Cloudflare, Google, Microsoft, OVH)
  • Standard Contractual Clauses (SCCs) approved by the Swiss FDPIC and European Commission
  • Binding Corporate Rules (where applicable)

Documentation: Customer may request copies of the transfer mechanisms (SCCs, Data Privacy Framework certifications) by contacting support@guard.ch.

6.3 No Persistent Data in the US

While VM sessions for US customers may run on OVH infrastructure in the United States (Hillsboro, Oregon), all persistent customer data (account information, billing data, metadata) is stored exclusively in Finland (EU).

7. Customer Warranties and Indemnification

7.1 Customer Warranties

Customer represents and warrants that:

  • Customer has all necessary rights and consents to provide Personal Data to Guard.ch
  • Customer's instructions to Guard.ch comply with applicable Data Protection Laws
  • Customer has provided required privacy notices to Data Subjects
  • Customer will comply with Data Protection Laws for all processing activities

7.2 Indemnification

Customer will indemnify and hold Guard.ch harmless from claims, liabilities, damages, and expenses arising from:

  • Customer's violation of Data Protection Laws
  • Customer's processing of Personal Data within VMs
  • Customer's instructions to Guard.ch that violate Data Protection Laws
  • Customer's failure to obtain necessary consents or provide required notices

8. Limitation of Liability

Guard.ch's total liability under this DPA is subject to the limitations of liability set forth in the Terms of Service.

For Personal Data breaches caused by Guard.ch's breach of this DPA, Guard.ch's liability will be governed by applicable Data Protection Laws and the Terms of Service.

9. Term and Termination

This DPA becomes effective when you accept the Terms of Service and remains in effect until:

  • Termination or expiration of the Terms of Service
  • All Personal Data has been deleted or returned in accordance with Section 5.8

Provisions that by their nature should survive termination (deletion obligations, confidentiality, indemnification, limitation of liability) will survive.

10. Order of Precedence

In the event of conflict between this DPA and the Terms of Service or Privacy Policy:

  1. This DPA takes precedence for data protection matters
  2. The Terms of Service take precedence for all other matters
  3. The Privacy Policy governs Guard.ch's role as an independent Data Controller

11. Governing Law and Dispute Resolution

This DPA is governed by Swiss law. Disputes will be resolved in accordance with the dispute resolution provisions in the Terms of Service.

12. Changes to This DPA

Guard.ch may update this DPA to reflect:

  • Changes in Data Protection Laws
  • Guidance from Supervisory Authorities
  • Changes to our processing activities or Sub-processors
  • Industry best practices

We will notify you of material changes via email and provide 30 days' notice (when reasonably possible). Continued use of Guard.ch services after changes become effective constitutes acceptance.

13. Contact Information

For questions, requests, or notices regarding this DPA:

Email: support@guard.ch

Postal Address: See our Imprint for full contact details.

Data Protection Officer: support@guard.ch

Effective Date: This Data Processing Agreement is effective as of November 14, 2025.

By using Guard.ch services, you acknowledge that you have read, understood, and agree to this Data Processing Agreement.