Privacy Policy
Last updated: 28 March 2026
1. Introduction
This privacy policy describes how Grynn GmbH ("TAPR AI", "we", "us", or "our") collects, stores, uses, shares, and processes personal information on https://tapr.ch, https://cloud.tapr.ch, and their subdomains (collectively, the "Website").
Grynn GmbH is a company registered in Beringen, Canton of Schaffhausen, Switzerland. We encourage you to read this policy alongside our Terms of Service and Cookie Policy.
2. Scope
This policy applies to personal data collected through our Website and Services. It does not cover anonymised or aggregated data, nor does it govern third-party websites, applications, or services linked from our Website. Third-party data collection is subject to their own privacy policies.
3. Information We Collect
Contact Information
Name, email address, phone number, and company name provided when you create an account, request a demo, or contact us.
Billing Information
Billing name, address, VAT/tax identification numbers. Payment card details are processed by third-party payment providers; we receive only limited information such as the last four digits, payment amount, and timestamp.
Technical Information
IP address, browser type and version, operating system, screen resolution, pages visited, referring/exit pages, visit timestamps, approximate location, and clickstream data.
Service Data
Data you upload or process through our Services, including invoices, ERP connection details, and configuration settings.
KYC Information
Where required for Peppol network access, we may collect identity verification documents and business registration details as part of our Know Your Customer (KYC) process.
4. How We Collect Information
- Directly from you: When you create an account, submit a form, book a demo, or contact us.
- Automatically: Through cookies and analytics tools when you interact with our Website (see our Cookie Policy).
- From third parties: Payment providers, ERP systems you connect, and Peppol network participants.
5. How We Use Your Information
To Provide Our Services
Processing invoices, managing your account, providing support, sending service-related communications, and fulfilling our contractual obligations.
For Legitimate Business Purposes
Improving our products and services, detecting fraud, enforcing our terms, ensuring security, and complying with legal obligations.
For Marketing
With your consent, we may contact you about products, services, and offers. You can opt out at any time via the unsubscribe link in any marketing email or by contacting us.
6. Sharing Information with Third Parties
We may share your information with:
- Service providers: Hosting (Hetzner, Finland), analytics (PostHog), payment processors, and other providers operating under data processing agreements.
- Peppol network: As required for e-invoice delivery and receipt through the Peppol network.
- ERP providers: As necessary to maintain your configured integrations.
- Legal authorities: When required by law, regulation, court order, or governmental request.
- Corporate transactions: In the event of a merger, acquisition, or sale of assets, with prior notification to affected users.
We do not sell your personal data.
7. Your Rights
Under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Data portability: Receive your data in a structured, commonly used format.
- Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Restrict processing: Request temporary suspension of processing in certain circumstances.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at contact@grynn.ch.
8. Data Storage and Retention
Your data is hosted on Hetzner servers in Finland, within the European Economic Area.
- Active accounts: Data is retained for the duration of your account and 180 days after termination.
- Billing records: Retained as required by Swiss tax and commercial law.
- KYC records: Retained as required by applicable anti-money laundering regulations.
- Backups: May be retained for up to six months for disaster recovery purposes.
After the applicable retention period, data is securely deleted.
9. Data Security
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.
10. International Data Transfers
Your data is processed and stored within the EEA (Finland). Where data is transferred outside the EEA or Switzerland, we ensure appropriate safeguards are in place in accordance with FADP and GDPR requirements.
11. Children's Privacy
Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on our Website at least 14 days before taking effect. We encourage you to review this page periodically.
13. Contact
For questions about this privacy policy or to exercise your data rights:
Grynn GmbH
Beringen, Schaffhausen, Switzerland
Email: contact@grynn.ch