Legal
DPA & FADP statement
Our Data Processing Agreement, sub-processor list and FADP statement. Aligned with the Swiss Federal Act on Data Protection and the EU GDPR. Pre-signed: by using the Service, you accept these terms; you can also countersign a PDF copy on request.
Last updated · 4 May 2026 · Version 1.0 · Processor: Ampersand Labs GmbH · Frameworks: FADP & GDPR · Sub-processor changes: 30-day notice.
1. Scope
This Data Processing Agreement (“DPA”) supplements the Terms of Service between you (Customer) and Ampersand Labs GmbH (Processor) and applies whenever Ampersand processes personal data on your behalf as part of Socials by Ampersand. It is designed to satisfy Article 28 GDPR, the Swiss Federal Act on Data Protection (FADP, in force 1 September 2023) and applicable cantonal data-protection legislation.
2. Roles & subject matter
- Customer is the controller of personal data contained in posts, captions, media, audience interactions and connected-network metadata processed through the Service.
- Ampersand is the processor, acting only on the documented instructions of the Customer (which include the Customer's configuration, scheduled actions and the Terms of Service).
- Subject matter: drafting, scheduling, approval workflow, publishing, and metric collection across third-party social networks.
- Duration: the term of the underlying agreement.
- Categories of data: account holders' identifiers (name, email, login metadata), content of posts, media you upload, audience identifiers visible inside connected networks (e.g. comment authors).
- Categories of data subjects: Customer's employees, clients and freelancers; audiences and commenters on connected networks.
3. Processing on instruction
Ampersand processes Customer personal data only:
- to provide the Service as described in the Terms;
- per the Customer's documented instructions (including those given through the Service interface);
- to comply with mandatory Swiss law (in which case Ampersand will inform the Customer in advance unless that law forbids it).
4. Confidentiality
All Ampersand personnel with access to Customer personal data are bound by written confidentiality obligations and have completed FADP/GDPR awareness training.
5. Technical & organisational measures
Ampersand implements appropriate technical and organisational measures to protect personal data, including:
- encryption in transit (TLS 1.3) and at rest (AES-256) for all storage and backups;
- OAuth tokens stored in an envelope-encrypted secrets store, scoped per workspace;
- role-based access control with mandatory 2FA for all engineers;
- least-privilege production access via short-lived, audit-logged sessions;
- daily encrypted backups, restorable to point-in-time within the last 24 hours;
- tier-3 datacenters in Switzerland with biometric and 24/7 physical access control;
- vulnerability scanning, dependency-update automation and at least one independent penetration test per year;
- documented incident-response plan with clear escalation paths.
6. Sub-processors
The Customer authorises Ampersand to engage the sub-processors listed below. Ampersand will inform the Customer of any intended addition or replacement at least 30 days in advance, giving the Customer the opportunity to object on reasonable grounds.
| Sub-processor | Purpose | Location |
|---|---|---|
| Akenes SA (Exoscale) | Cloud infrastructure: compute, database, object storage, backups | Lausanne / Zürich, CH |
| Stripe Payments Europe | Card tokenisation & subscription billing | Dublin, IE |
| Brevo (Sendinblue SAS) | Transactional email (account, billing, contact form) | Paris, FR (EU residency configured) |
| Connected social networks | Publishing & metric retrieval, on Customer instruction only | Various (per network) |
7. Assistance with rights requests
Ampersand will, taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures in fulfilling its obligation to respond to data-subject requests, and to demonstrate compliance with FADP/GDPR Articles 32–36 (security, breach notification, impact assessment, prior consultation).
8. Breach notification
Ampersand will notify the Customer without undue delay, and in any case within 72 hours of becoming aware, of any personal-data breach affecting Customer data. Notifications include the nature of the breach, categories and approximate number of records affected, likely consequences, and measures taken or proposed.
9. Audits
Ampersand makes available all information necessary to demonstrate compliance with this DPA. The Customer may, no more than once per year and upon 30 days' written notice, request a remote audit, which Ampersand may satisfy by providing recent third-party audit reports, penetration-test summaries and policy excerpts. On-site audits may be agreed for documented, material concerns and at the requesting party's expense.
10. Return & deletion
On termination, Ampersand will, at the Customer's choice, delete or return all Customer personal data and existing copies, and will delete it from systems within 30 days of termination, except where Swiss law requires retention (e.g. accounting records).
11. International transfers
Customer personal data is stored exclusively in Switzerland. Where transfers to a sub-processor outside Switzerland or the EEA are unavoidable (e.g. publishing a post to a US-headquartered network at the Customer's instruction), Ampersand relies on the European Commission's Standard Contractual Clauses with the Swiss FDPIC addendum, plus, where relevant, a Transfer Impact Assessment.
12. Contact
- Privacy & DPA matters: privacy@ampersand.ch
- Security incidents: security@ampersand.ch
- Postal: Ampersand Labs GmbH — Privacy, Flüelastrasse 10, 8048 Zürich, Switzerland
Need a counter-signed PDF for procurement? Email privacy@ampersand.ch with your company details and we'll return one within two business days.