Privacy Policy

DAHAY.STORE is operated by Michael Hagos, based in Switzerland. We are the data controller for the personal data collected through dahay-hagos.ch.

Contact for privacy questions: michael@dahay-hagos.ch

• Account data: full name, email address, hashed password.
• Order data: products purchased, total amount, currency, order date, delivery email.
• Payment data: handled directly by Stripe. We only store the Stripe session ID and last 4 digits of the card.
• Technical data: IP address, browser type, device, language, pages visited (used to detect abuse and improve the service).
• Newsletter / waitlist: email address if you signed up for the app launch waitlist or the newsletter.

• To create and manage your account.
• To process your orders and deliver digital codes.
• To send transactional emails (order confirmation, password reset, waitlist updates) through Resend.
• To prevent fraud and abuse.
• To comply with legal obligations (accounting, sanctions screening).
• With your explicit consent: to send marketing emails — you may unsubscribe at any time.

• Contract: processing necessary to deliver the service you ordered.
• Legal obligation: tax, accounting, sanctions compliance.
• Legitimate interest: fraud prevention, service improvement, security.
• Consent: marketing emails, optional analytics.

We never sell your data. We share it only with the processors strictly needed to operate the service:

• Stripe (Ireland / USA) — payment processing.
• Resend (USA) — transactional email delivery.
• MongoDB Atlas (EU region) — database hosting.
• Emergent / Kubernetes hosting — application hosting.
• Authorities, if required by Swiss or EU law.

All transfers outside the EU/EEA are covered by Standard Contractual Clauses (SCC).

• Account data: kept while your account is active + 12 months after closure.
• Orders & invoices: 10 years (Swiss accounting law).
• Newsletter / waitlist email: until you unsubscribe.
• Server logs: maximum 90 days.

Under GDPR and the Swiss Data Protection Act (FADP), you have the right to:

• Access the personal data we hold about you.
• Rectify or update inaccurate information.
• Erase your data ("right to be forgotten"), subject to legal retention obligations.
• Restrict or object to processing.
• Request data portability (machine-readable export).
• Withdraw consent at any time.
• Lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC, Switzerland) or your local EU supervisory authority.

To exercise any of these rights, email us at michael@dahay-hagos.ch. We respond within 30 days.

We use only strictly necessary cookies to keep you signed in and remember your language and cart. No third-party advertising cookies are set. We may add anonymous analytics in the future, with prior consent.

We protect your data with:

• HTTPS / TLS encryption on every request.
• Passwords hashed with bcrypt — never stored in plain text.
• JWT bearer authentication with short-lived tokens.
• Card data tokenised by Stripe — never reaches our servers.
• Regular security updates and dependency audits.

DAHAY.STORE is not directed at children under 16. If you believe a child has provided personal data, please contact us and we will delete it.

We may update this Privacy Policy. Material changes will be announced on this page with a new "Last updated" date and, for registered users, by email at least 14 days before they take effect.

Data Controller
Michael Hagos — DAHAY.STORE
Switzerland
Email: michael@dahay-hagos.ch