Privacy Policy

The controller of the personal data collected through hikon.app is:

Alexandre Botta, an individual domiciled in Switzerland — [email protected]

Given the limited nature and volume of processing at this stage, no Data Protection Officer (DPO) has been designated. For any question regarding your data, please write to the address above.

As part of your waitlist registration, we collect only the following data:

• your email address
• your declared role (coach, athlete, or unspecified)
• your preferred language (fr or en)
• the registration source (page or channel of origin)
• your IP address and browser user-agent, for security and abuse prevention purposes
• the date and time of registration

At this stage of the project, no health, measurement, or sports-performance data is collected. Any such additional processing will be covered by an update to this policy before the service actually opens.

We process your data for the following purposes:

• notifying you of the official launch of Hikon — legal basis: consent (GDPR art. 6(1)(a); nFADP art. 31(1))
• preventing fraudulent or automated registrations — legal basis: legitimate interest (GDPR art. 6(1)(f); nFADP art. 31(2))
• occasionally sending you updates about the progress of the project — legal basis: consent
• complying with our legal obligations, including responding to requests to exercise rights — legal basis: legal obligation

You may withdraw your consent at any time by writing to [email protected]. Such withdrawal does not affect the lawfulness of processing carried out before the request.

• email and waitlist information: until the service is officially launched, then a maximum of 12 months if you do not create an account
• IP address and user-agent: 6 months maximum
• technical error logs (Sentry): 90 days

You may request early deletion of your data at any time (see "Your rights" section).

Your data is hosted and processed by technical providers acting as processors within the meaning of nFADP art. 9 and GDPR art. 28:

• Railway Inc. (United States) — backend hosting and website serving
• Neon Inc. (United States) — managed PostgreSQL database
• Google LLC / Firebase (United States) — authentication (enabled at service launch)
• Functional Software Inc. / Sentry (United States) — technical monitoring and error logging

We do not sell, rent, or share your data for any third-party commercial purpose.

Some of our processors are established in the United States. Such transfers are subject to appropriate safeguards under GDPR art. 46 and nFADP art. 16, including:

• the Standard Contractual Clauses (SCCs) adopted by the European Commission
• adherence to the EU-US Data Privacy Framework where the provider is certified
• Swiss Federal Council adequacy decisions for recognized recipient states

Under the nFADP and GDPR, you have the following rights regarding your data:

• right of access to your data and to information about its processing
• right to rectification of inaccurate or incomplete data
• right to erasure ("right to be forgotten")
• right to portability of your data in a structured, machine-readable format
• right to object to and restrict processing
• right to withdraw your consent at any time

To exercise these rights, write to [email protected]. We commit to responding within a maximum of 30 days. Proof of identity may be requested in case of reasonable doubt as to your identity.

If you believe the processing of your data violates applicable law, you may file a complaint with the competent supervisory authority:

• Switzerland — Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch
• European Union — the supervisory authority of your country of residence (list at edpb.europa.eu)
• France — Commission nationale de l'informatique et des libertés (CNIL): www.cnil.fr

The hikon.app website only uses cookies and local storage that are strictly necessary for its operation, including:

• your language preference (fr/en)
• authentication state when you are logged in (Firebase cookie)
• transient technical settings related to your session

No audience measurement, advertising, or third-party tracking cookies are deployed at this time. If such cookies were to be introduced in the future, an explicit consent banner would be displayed beforehand, in compliance with the ePrivacy Directive (2002/58/EC) and nFADP art. 45c.

We implement technical and organizational measures appropriate to the risk to protect your data against loss, alteration, disclosure, or unauthorized access:

• TLS (HTTPS) encryption for all communications
• encryption of data at rest at our hosting processors
• restricted access to data based on the principle of least privilege
• access logging and regular security updates

No method of transmission or storage is fully secure. In the event of a data breach likely to result in a high risk to your rights, we will inform you as soon as possible, in accordance with nFADP art. 24 and GDPR art. 34.

The Hikon service is not intended for persons under 16. We do not knowingly collect data concerning minors. If you become aware of such a situation, please report it to [email protected] so that we can proceed with deletion.

This policy may be amended to reflect changes in the service, legislation, or our practices. Any material change will be notified by email to waitlist registrants. The version in force is always the one published at /privacy, with the last-updated date shown at the top of the document.

For any question regarding your personal data or the exercise of your rights:

Alexandre Botta — [email protected]