Privacy policy Liquid App

Version 1.0 — Last updated: 18 November 2025

This Privacy Policy describes how Liquid Network GmbH processes personal data when you use the Liquid App (“App”).
It applies exclusively to the App. The website has its own, separate privacy policy.

1. Controller

Liquid Network GmbH
Steinackerstrasse 1
5210 Windisch, Switzerland
E-mail: support@liquid-app.ch

Liquid Network GmbH is the controller responsible for all data processing described in this policy.

2. Data We Process

We process personal data that you provide directly as well as data generated when you use the App.

2.1 Data you provide directly

·       Name (required)

·       E-mail address (required)

·       Profile picture (optional, camera or photo upload)

·       Date of birth (optional)

·       Address (optional)

2.2 Banking and financial data (via SIX bLink — read-only)

When you connect a bank account, we process:

·       IBAN

·       Transactions (amount, date, description, merchant/sender/recipient)

·       Account balances

·       Technical connection identifiers (tokens, encrypted)

No payments are initiated.
Bank access is strictly read-only via SIX bLink (AIS).

2.3 App and device information

·       User ID

·       Device ID

·       Crash data (Sentry, Apple/Google)

·       Performance and usage data (PostHog, pseudonymised)

2.4 Content you store in the App

·       Profile picture

·       Wishlist items

2.5 Support data

Support is handled via e-mail; no chat data is stored within the App.

We do not collect geolocation data, contacts, microphone data, or any form of background tracking.

3. How We Collect Data

Data is collected:

Directly

·       when creating an account

·       when connecting bank accounts

·       when using App features

·       when granting system permissions (camera, biometric authentication, notifications)

Indirectly

·       through technical events such as crash reports, performance metrics, usage analytics

·       from service providers that support App operations and analytics

4. Purposes of Processing & Legal Bases

4.1 Purposes

We process data for:

·       Providing core App functions (multibanking, budgeting, wishlist, recurring payments)

·       Categorising and identifying recurring or transfer transactions (including AI support)

·       Subscription management (RevenueCat)

·       Security, stability, fraud prevention, error resolution

·       Customer support

·       Product analytics to improve the App

·       Compliance with legal obligations

4.2 Legal bases (CH-DSG compliant)

·       Contract / pre-contractual measures
Provision of all App functionalities including multibanking (read-only).

·       Consent

o   Camera (profile picture)

o   Push notifications

o   FaceID / biometric authentication

o   AI processing (USA) within the scope of this policy

·       Overriding interests

o   security, stability, fraud prevention

o   product analytics without cross-app tracking

o   maintaining and improving App functionality

·       Legal obligations

o   mandatory retention of security/audit logs

5. AI Processing (Google Gemini, USA)

We use AI to:

·       identify transfers

·       detect recurring payments

·       enrich transaction information

5.1 Data transmitted to AI

Only the necessary transaction fields are transmitted, e.g.:

id, vendor, info, amount, date, userId, transactionType

Sensitive fields are masked or pseudonymised where possible.

5.2 Location & risk

AI processing is performed in the USA.
We use:

·       Standard Contractual Clauses (SCCs)

·       technical safeguards such as encryption (in transit & at rest)

·       pseudonymisation / minimisation

Data is not used for model training.

6. Bank Connections via SIX bLink (AIS)

·       Bank access is authorised exclusively via the bank’s Consent Flow.

·       Access is read-only; no payments are triggered.

·       Tokens are stored encrypted in Switzerland.

·       Access can be revoked by contacting support or by deleting the account.

Supported banks are listed at www.liquid-app.ch.

7. Recipients / Service Providers

We work with the following processors and partners:

·       AWS (Switzerland) — hosting, databases, logs

·       SIX bLink — multibanking connectivity

·       RevenueCat — subscription management for Apple/Google

·       PostHog — product analytics (pseudonymised)

·       Sentry — crash reporting

·       Hostpoint (Switzerland) — e-mail delivery

·       Apple/Google — device-level system crash/performance data

Categories of service providers

·       IT/cloud infrastructure

·       security and monitoring services

·       payment/subscription processors

·       analytics and debugging tools

·       professional advisers (legal, tax, technical)

All providers process data only as instructed and for defined purposes.

8. International Data Transfers

App data is primarily stored in Switzerland.

Transfers outside Switzerland may occur when using:

·       Google Gemini (USA)

·       Sentry and PostHog (depending on region)

Safeguards:

·       Standard Contractual Clauses (SCCs)

·       encryption and access controls

·       pseudonymisation / minimisation

A residual risk of foreign government access may exist.

9. Disclosure

We may disclose personal data where necessary:

·       to comply with legal obligations

·       to protect the App’s security

·       to enforce or defend rights and claims

·       to prevent or investigate misuse

·       upon lawful requests from authorities

10. Data Security

We implement appropriate technical and organisational measures:

·       TLS encryption

·       encryption at rest

·       role-based access control (least privilege)

·       MFA and secret management

·       regular updates and vulnerability management

·       defined incident response processes

·       confidentiality obligations for staff and service providers

11. Storage & Deletion

·       User data is stored until the account is deleted.

·       Backup copies are deleted after 7 days.

·       Security/audit logs are retained for 7 years (legal requirement).

·       Upon account deletion, all personal data is immediately erased, except where retention is mandatory.

 

12. Social Media & External Links

The App may contain links to external websites or services.
We are not responsible for their privacy practices.
If we import data from such channels into our systems, it is processed under this Policy.

 

13. Profiling

We do not carry out profiling for marketing or behavioural targeting, and we do not use automated decision-making with legal or significant effects.

Functionality such as recognising recurring payments is for product purposes only and involves no cross-app tracking.

 

14. Your Rights

You have the following rights under Swiss law:

·       Access

·       Rectification

·       Erasure

·       Data portability

·       Restriction of processing

·       Objection (where applicable)

·       Withdrawal of consent

·       Right to lodge a complaint with the Swiss supervisory authority

Identity is verified using your name and e-mail address.

Contact: support@liquid-app.ch

 

15. Changes to this Privacy Policy

We may update this Policy from time to time.
Significant changes will be displayed within the App.
The version currently published in the App is binding.

 

16. Contact

Liquid Network GmbH
Steinackerstrasse 1
5210 Windisch, Switzerland
E-mail: support@liquid-app.ch