Socials by Ampersand
Sign in Get started

Legal

Privacy Policy

How we collect, use and protect your personal data and the content you publish through Socials by Ampersand. No third-party trackers, no ad sales, no AI training on your content. Just what we need to run the Service, kept in Switzerland.

Last updated · 4 May 2026 · Version 1.0 · Controller: Ampersand Labs GmbH · Jurisdiction: Switzerland (FADP) · Data location: CH only.

1. Who we are

Ampersand Labs GmbH (“we”) is the controller of personal data processed in connection with the Socials by Ampersand website and Service. We are registered in the Commercial Register of the Canton of Zürich and based at Flüelastrasse 10, 8048 Zürich, Switzerland.

2. Data we collect

We collect the minimum necessary to operate the Service:

  • Account data: name, company, email address, billing address, VAT ID where applicable.
  • Authentication data: hashed passwords, 2FA seeds, login timestamps, IP of last login.
  • Billing data: invoices, payment method tokens (we never store full card numbers — they are tokenised by our payment processor).
  • Workspace content: the posts you draft, the media you upload, the schedules you set, the comments and approvals exchanged with team members and clients.
  • Network access tokens: OAuth tokens issued to us by social networks you connect, used solely to publish on your behalf and read back the metrics you ask us to display.
  • Service usage data: application logs, error logs, support tickets, performance metrics, audit trail of who scheduled or approved what.
  • Website data: aggregated, IP-anonymised analytics from this marketing website (visit count, page, referrer). No third-party trackers.

We do not use Google Analytics, Facebook Pixel, advertising cookies or any cross-site tracking. We do not read your direct messages on connected networks unless a feature explicitly requires it and you have opted in.

3. Why we use it

  • To provide, secure, monitor and improve the Service.
  • To publish the posts you schedule, on the networks you authorise, at the times you choose.
  • To bill you, send invoices and answer your support requests.
  • To meet our legal obligations (e.g. accounting retention).
  • To detect, investigate and prevent abuse, fraud or attacks against our infrastructure.

We do not sell your personal data. We do not use the content you publish, your media or your network tokens to train AI models. Where AI compose features are offered, prompts and drafts are processed in-region with no retention beyond the immediate request.

4. Legal basis

Processing is based on the Swiss Federal Act on Data Protection (FADP) and, where the GDPR applies, on:

  • performance of the contract (Art. 6(1)(b) GDPR) — to deliver the Service;
  • legal obligation (Art. 6(1)(c) GDPR) — for accounting, tax and security records;
  • legitimate interests (Art. 6(1)(f) GDPR) — for fraud prevention and infrastructure security.

5. Connected networks

When you connect a social account (Instagram, LinkedIn, TikTok, X, YouTube, Bluesky, Mastodon, Pinterest, Threads, Facebook, Google Business), the network grants us a scoped access token. We hold that token in encrypted storage in Switzerland and use it only to:

  • publish content you have explicitly scheduled;
  • read the public metrics we display in your dashboard;
  • refresh the token before it expires.

You can revoke the connection at any time from inside the Service or from the network's own settings. Revocation deletes the token within 24 hours.

6. Sub-processors

We share data only with carefully vetted sub-processors, exclusively as needed to deliver the Service. The current list:

  • Exoscale (Akenes SA, Lausanne, CH) — Swiss cloud infrastructure: application servers, database, object storage and backups.
  • Stripe Payments Europe — payment processing only (card tokenisation; we never see your full card number).
  • Brevo — transactional email delivery (account, billing, support replies, this contact form), with EU data residency.
  • The connected social networks themselves — Meta, ByteDance, X, Google, LinkedIn, etc. — when you publish through us. They process the content you send under their own terms.

An up-to-date list is maintained in our DPA & FADP statement. We notify customers of new sub-processors at least 30 days before they are engaged.

7. Where data lives

All workspace content, account profiles, billing data, network tokens and backups are stored exclusively in Switzerland, in tier-3 datacenters in Zürich and Geneva. We do not transfer customer data to the United States, the United Kingdom or any other jurisdiction outside Switzerland and the EEA, except for the unavoidable transmission to a connected social network when you publish a post to it.

8. Retention

  • Account & workspace data: for the duration of the contract plus 30 days after termination, then permanent deletion.
  • Network access tokens: until you revoke the connection, plus 24 hours.
  • Billing & tax data: 10 years (Swiss commercial law obligation).
  • Application access & security logs: up to 90 days, then anonymised.
  • Backups: rolling 30-day window (Single), 60 days (Atelier), 90 days (Atlas).

9. Your rights

You have the right to access, rectify, restrict, port and delete your personal data, and to object to processing. You may also lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland or your local supervisory authority in the EU.

To exercise any of these rights, email privacy@ampersand.ch from the address linked to your account. We respond within 30 days.

10. Contact

Privacy questions or requests:

  • Email: privacy@ampersand.ch
  • Post: Ampersand Labs GmbH — Privacy, Flüelastrasse 10, 8048 Zürich, Switzerland

This policy may evolve. Material changes are announced via email at least 30 days in advance.