Effective 2026-05-19. We update this document when our processing changes.
1 · Who we are
Epoch42 Ventures GmbH ("we", "Epoch42") operates this website at epoch42.ch.
- AddressDammstrasse 16, 6300 Zug, Switzerland
- Contactsam@epoch42.ch
We are the data controller for the personal data described below, as defined by the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).
2 · What we collect, when, and why
We process the minimum personal data necessary to operate this site. The categories below are exhaustive.
A · Contact form (/contact)
- WhatName, email address, message content. Country and region derived from request headers.
- WhenOnly when you submit the form.
- WhyTo respond to your inquiry (Swiss FADP Art. 31 par. 1; GDPR Art. 6(1)(b) pre-contractual / 6(1)(f) legitimate interest).
- RetentionTwo years after our last communication, unless you ask us to delete earlier.
B · Newsletter signup
- WhatEmail address. Country and region derived from request headers. Attribution metadata (the page you signed up from, the referring site, UTM parameters if present in the URL).
- WhenOnly when you submit the signup form.
- WhyTo send you future research notes when we choose to publish them (consent; Swiss UWG Art. 3 par. 1 let. o; GDPR Art. 6(1)(a)).
- RetentionUntil you unsubscribe, then 30 days for audit purposes.
Signing up does not subscribe you to a recurring newsletter. We will email you only after you confirm via a separate opt-in email when we begin sending.
C · Analytics (only with your consent)
- WhatAn anonymous session identifier stored in a first-party cookie. Pages visited, scroll depth, time on page, links clicked, theme preference. Country and region (never raw IP addresses). Browser family, operating system, device type.
- WhenOnly if you click "Accept" in the consent prompt. No analytics data is collected before you consent.
- WhyTo understand which research is read, so we write better (Swiss FADP Art. 31 par. 1; GDPR Art. 6(1)(a) consent).
- RetentionSession record 365 days. Granular events 90 days. Outbound link clicks 365 days.
D · Aggregate web statistics (Cloudflare Web Analytics, no consent required)
- WhatPage-view counts aggregated without persistent identifiers. No cookies set. No personal data stored.
- WhenEvery page load.
- WhyLightweight understanding of site health (Swiss FADP Art. 31 par. 1; GDPR Art. 6(1)(f) legitimate interest in service operation).
- RetentionManaged by Cloudflare; we do not retain raw data.
E · Security and abuse prevention
- WhatA salted hash of your IP address (the raw IP is discarded immediately). Cloudflare's bot score header. User-agent string parsed into family / OS / device.
- WhenOn every form submission.
- WhyTo rate-limit form submissions and reject automated abuse (Swiss FADP Art. 31 par. 1; GDPR Art. 6(1)(f) legitimate interest in service security).
- Retention30 days.
We do not process any other personal data. We do not run third-party advertising, behavioural tracking, or social-media pixels.
3 · Cookies and similar technologies
The complete list of cookies this site may set:
| Cookie | Purpose | Lifetime | Consent |
|---|---|---|---|
| e42_consent | Records your tracking preference | 1 year | No |
| e42_theme | Remembers your light / dark choice | 1 year | No |
| e42_sid | Anonymous analytics session id | 1 year | Yes |
| __cf_bm | Cloudflare bot-management challenge | 30 min | No |
| cf_clearance | Cloudflare anti-DDoS clearance | 30 days | No |
Without your consent, only the functional and essential cookies above are set. You can withdraw analytics consent at any time below.
4 · Recipients of your data
We use the following processors. Each operates under a written data-processing agreement and provides appropriate safeguards for cross-border transfers (EU Standard Contractual Clauses or equivalent).
- Cloudflare, Inc. (United States, with EU data localization). Hosting (Cloudflare Pages), DNS, edge security, web analytics, transactional email relay (MailChannels), email routing.
- MailChannels Corp. (Canada, operated through Cloudflare). Outbound transactional email delivery for contact and notification messages.
We do not sell or share personal data with third parties for marketing or advertising.
5 · International transfers
Your data is processed primarily in the European Union and Switzerland. Some processing (Cloudflare's edge network) may occur in the United States or other regions with adequate data protection (Swiss Federal Council list) or under EU Standard Contractual Clauses. Switzerland's adequacy decision under GDPR remains in force.
6 · Your rights
Regardless of where you live, you have the following rights:
- Access — ask what data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — ask us to delete your data.
- Restriction — ask us to stop processing.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdrawal of consent — withdraw at any time. Withdrawal does not affect prior processing.
To exercise any right, email sam@epoch42.ch from the address on file, or use the self-service forms (available once Plan 2 ships):
We respond within 30 days.
If you are unhappy with how we have handled your data, you may complain to:
- The Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland — edoeb.admin.ch.
- Your local EU/EEA data protection authority if you live in the EU/EEA.
7 · Do Not Track and Global Privacy Control
We honour the Do Not Track (DNT) header and Global Privacy Control (Sec-GPC) signal. If your browser sends either, we automatically refuse analytics consent on your behalf — no cookie is set, no events are recorded.
8 · Automated decision-making
We do not perform automated decision-making, profiling, or scoring that has legal or similarly significant effects on you.
9 · Children
This site is not directed at children under 16. We do not knowingly process data from anyone under 16. If you believe a child has provided us data, email sam@epoch42.ch and we will delete it.
10 · Security
We use industry-standard encryption (HTTPS, TLS 1.3) for all transmissions. Our data store (Cloudflare D1) is encrypted at rest. Access to administrative views is gated by hardware-token-class identity verification (Cloudflare Access).
11 · Changes
We update this policy when our processing changes. The "Effective" date at the top reflects the current version. For material changes, we will surface a notice on the site for 30 days.
12 · Contact
- Data protectionsam@epoch42.ch
- PostalEpoch42 Ventures GmbH, Dammstrasse 16, 6300 Zug, Switzerland