Privacy Policy

Last updated: 29.05.2026

1. Introduction

NanoClick ("NanoClick," "we," "us," or "our") provides AI visibility, GEO, SEO, and website development services for e-commerce and other businesses. This Privacy Policy explains how we collect, use, share, and protect personal data when you:

visit nanoclick.ch (the "Website");
engage NanoClick as a client or prospective client;
subscribe to our newsletter or download our content; or
otherwise interact with us.

This policy is designed to comply with the Swiss Federal Act on Data Protection (revFADP), the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

NANOCLICK MARKETING ARMUTLU Staatsstrasse 71A, Rebstein, Switzerland Swiss UID: CHE-393.352.215 Email: hello@nanoclick.ch

We have not appointed a Data Protection Officer (DPO), as the nature and scale of our processing do not require one under Swiss or EU law. All privacy-related queries are handled at the address above.

3. Personal Data We Collect

3.1 Client and prospect data

When you engage NanoClick as a current, past, or potential client, we collect:

Contact details: name, business email, phone number, job title, company name;
Billing details: company billing address, VAT/UID number, and payment references. Credit card details for recurring payments are collected and stored directly by our payment processor, Stripe, on PCI-DSS compliant infrastructure. NanoClick only stores tokenized references (such as customer and payment method IDs) and never has access to your full card number;
Contract and project information: scope of work, communications, deliverables, project history;
Platform access you choose to grant us for service delivery (e.g., Shopify admin, Google Analytics, Google Search Console).

3.2 Website visitor data

When you visit nanoclick.ch, we may collect:

Technical data: IP address (truncated where possible), browser type and version, device type, operating system, referring URL, pages visited, timestamps;
Usage data: clicks, scroll behaviour, session duration, conversion events;
Cookie identifiers (see Section 8).

3.3 Newsletter and marketing contacts

When you subscribe to our newsletter, download a resource (such as the Shopify AI Visibility Playbook), or contact us via a form, we collect:

Email address;
Name (if provided);
Company (if provided);
Topic of interest or content downloaded;
Engagement data (whether you opened or clicked our emails).

We do not knowingly collect data from individuals under 16, and our services are not directed at children.

3.4 Data we process on behalf of clients

In the course of delivering services, NanoClick may access personal data stored on platforms operated by our clients — such as Shopify, Google Analytics, Google Search Console, Meta Ads, or similar systems. In these cases, our client is the data controller and NanoClick acts as a data processor on their instructions, under a separate Data Processing Agreement (DPA).

This Privacy Policy does not govern that processing. If you are a customer of one of our clients and have questions about how your data is handled in their store or analytics, please refer to the privacy policy of that business.

4. How We Use Personal Data (Purposes and Legal Bases)

We process personal data only when we have a valid legal basis. The purposes and corresponding legal bases under the GDPR and the Swiss FADP are:

Delivering services to clients under a contract — performance of a contract (GDPR Art. 6(1)(b)); contractual necessity under FADP.
Issuing invoices and meeting accounting obligations — compliance with a legal obligation (GDPR Art. 6(1)(c)); legal obligation under FADP.
Communicating with prospects and qualifying leads — our legitimate interests in growing our business (GDPR Art. 6(1)(f)); legitimate interests under FADP.
Operating, securing, and improving the Website — our legitimate interests in maintaining a safe, functional site (GDPR Art. 6(1)(f)); legitimate interests under FADP.
Analytics, advertising, and remarketing — your consent (GDPR Art. 6(1)(a)); consent under FADP.
Sending newsletters and marketing content — your consent (GDPR Art. 6(1)(a)); consent under FADP.
Responding to legal claims or requests from authorities — compliance with a legal obligation, or our legitimate interests in defending claims; legal obligation under FADP.

You can withdraw consent at any time (see Section 7) without affecting the lawfulness of processing already carried out.

5. Sharing and Sub-processors

We share personal data with carefully selected service providers ("sub-processors") that help us operate. Each is bound by a data processing agreement and processes data only on our instructions.

Our current key sub-processors are:

Google LLC (Google Analytics, Google Ads, Google Tag Manager) — used for website analytics, advertising, and tag management. Data processed: usage data, IP addresses, cookie identifiers. Location: USA / EU.
HubSpot, Inc. — used for CRM, marketing emails, and contact management. Data processed: contact details, engagement data, communications. Location: USA / EU.
Stripe, Inc. (and Stripe Payments Europe Ltd for EU/UK clients) — used for payment processing and secure storage of card data for recurring billing. Data processed (collected and stored by Stripe directly): cardholder name, card number, expiry, CVC, billing address. Location: USA / Ireland.
Webflow, Inc. — used for website hosting, content delivery, and form submissions. Data processed: technical logs, IP addresses, form data submitted via the Website. Location: USA.
Reform Digital (CookieFlow) / Supabase — used for storing cookie-consent records. Data processed: consent ID, anonymized IP address, timestamp. Location: EU (Ireland).

We may also share data with:

Professional advisors (lawyers, accountants, auditors) under confidentiality obligations;
Authorities and law enforcement where legally required;
A successor entity in the event of a merger, acquisition, or sale of assets.

We do not sell personal data, and we do not share data with third parties for their own independent marketing purposes.

6. International Data Transfers

Most of our sub-processors (Google, HubSpot, Stripe, and Webflow) are based in the United States. When we transfer your data outside Switzerland or the EEA, we rely on appropriate safeguards:

EU Standard Contractual Clauses (SCCs) approved by the European Commission, with the Swiss addendum where required;
The EU–US Data Privacy Framework (DPF) and the Swiss–US DPF, where the recipient is certified;
Your explicit consent, for transfers that cannot be covered by the above.

You can request a copy of the safeguards in place by contacting hello@nanoclick.ch.

7. Your Rights

Subject to applicable law, you have the right to:

Access the personal data we hold about you;
Rectify inaccurate or incomplete data;
Erase your data ("right to be forgotten") in specific circumstances;
Restrict or object to certain processing, including direct marketing;
Data portability: receive your data in a structured, machine-readable format;
Withdraw consent at any time where processing is based on consent;
Not be subject to fully automated decisions with legal or similarly significant effects (we do not currently perform such decision-making);
Lodge a complaint with a supervisory authority:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
- EU: your national data protection authority
- UK: Information Commissioner's Office (ICO) — ico.org.uk

To exercise any of these rights, email hello@nanoclick.ch. We respond within 30 days. We may ask you to verify your identity before acting on a request.

8. Cookies and Similar Technologies

We use cookies and similar technologies on nanoclick.ch. When you first visit, a consent banner lets you choose which cookie categories to allow. Non-essential cookies (analytics, advertising, marketing) are only set after you give consent, in line with GDPR and ePrivacy requirements.

Cookie categories we use:

Strictly necessary — required for the site to function (session, security, consent state). Always active.
Analytics — Google Analytics, to understand how visitors use the site. Activated only with consent.
Advertising / marketing — Google Ads, HubSpot tracking, to measure campaign performance and personalize content. Activated only with consent.

You can change or withdraw consent at any time via the cookie preferences link in the website footer, or by clearing cookies through your browser settings.

9. Data Retention

We keep personal data only as long as needed for the purposes set out above:

Client data — for the duration of our engagement, plus 10 years after the last invoice (Swiss commercial law retention requirement);
Prospect / lead data — up to 24 months after last meaningful contact, unless you become a client;
Newsletter subscribers — until you unsubscribe, plus a short period to honor your opt-out;
Website analytics — typically 14 months (Google Analytics default for new properties);
Logs and technical data — up to 12 months for security and troubleshooting.

After these periods, data is deleted or anonymized.

10. Data Security

We apply reasonable technical and organizational measures to protect personal data, including encryption in transit (HTTPS), restricted access controls, sub-processor due diligence, and staff confidentiality obligations. No method of transmission or storage is 100% secure; if a breach occurs that is likely to result in a high risk to your rights, we will notify you and the competent authority as required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the Website and, where appropriate, by email. The "Last updated" date at the top reflects the latest version.

12. Contact

For any privacy-related question, request, or complaint:

NANOCLICK MARKETING ARMUTLU Staatsstrasse 71A, Rebstein, Switzerland Email: hello@nanoclick.ch

‍