This policy describes how Endolum GmbH processes personal data on the marketing website at endolum.io and the legal basis for that processing. It complies with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the EU General Data Protection Regulation (GDPR). Each Endolum product (Sentinel, Hacked, Academy) ships with its own privacy policy that covers the data processed inside that product.
Endolum GmbH, Oberdorfstrasse 8, 8853 Lachen SZ, Switzerland. Commercial register UID CHE-297.991.738. Contact: contact@endolum.io.
The contact and partner application forms collect the name, email address, subject, and message you submit, plus optional fields where the form asks for them (company name, expected client volume). The data is used to reply to your message and is retained for as long as the conversation is active, plus a reasonable archival period for follow up.
The web server records the request URL, the IP address, the user agent, and a timestamp for every request, in line with normal operational logging. Logs are kept for up to 30 days and are used to diagnose errors, monitor for abuse, and protect the site against automated attacks. Logs are not enriched with profile data and are not joined to any other data set.
The cookies set on this site fall into two categories: strictly necessary cookies that the site sets to function or to defend against abuse, and analytics cookies that only load after you grant consent through the consent banner. Advertising and remarketing cookies are not used.
| Cookie | Type | Purpose |
|---|---|---|
| First party session and CSRF cookies | Strictly necessary | Set when you submit a form (contact, partner application). Maintain the form session and prevent cross site request forgery. Cleared at the end of the session. |
Google reCAPTCHA cookies (_GRECAPTCHA and similar) |
Strictly necessary | Set by Google reCAPTCHA on form pages to distinguish humans from bots and stop abuse. Loaded under legitimate interest in network security. See section 3 for the third party detail. |
Consent record (endolum_consent_v1 in localStorage) |
Strictly necessary | Stores your cookie preference so the banner does not reappear on every page. Created only after you make a choice. |
Google Analytics 4 cookies (_ga, _ga_*) |
Analytics, consent required | Set only after you grant analytics consent through the banner. Aggregate page views and feature usage to inform the product. Lifetime up to two years. See section 3. |
The marketing site loads the third party assets listed below. We do not place advertising tags or remarketing pixels.
| Service | Provider | Reason |
|---|---|---|
| Google Analytics 4 | Google Ireland Limited | Aggregated traffic and feature usage measurement, used to improve the products. Loaded only after you grant analytics consent. The IP address is anonymised before processing. Data is stored in the EU under Google's standard data processing terms. Retention is set to fourteen months. No advertising features are enabled. Google Privacy Policy. |
| Google reCAPTCHA | Google Ireland Limited | Used on the contact and application forms to defend against automated abuse. Treated as strictly necessary because it is a security control. Google receives the IP address, user agent, and a behaviour signal that helps decide whether to challenge the request. Google Privacy Policy. |
| Google Fonts | Google Ireland Limited | Loads the Inter Tight and JetBrains Mono webfonts from Google's CDN. The request reveals your IP address and user agent to Google. Google does not set cookies through this delivery path. |
| Cal.com booking | Cal.com | Used when you click through to book a partner call. The booking page is hosted by Cal.com. We do not embed the booking widget inline on this site. |
You can withdraw or change your analytics consent at any time through the Cookie preferences link in the footer.
| Purpose | Legal basis |
|---|---|
| Replying to messages submitted through the contact form | Pre contractual measures and legitimate interest |
| Responding to partner program applications | Pre contractual measures |
| Operational logging, security, and abuse prevention (including reCAPTCHA) | Legitimate interest |
| Aggregate analytics through Google Analytics 4 | Consent (granted through the cookie banner, can be withdrawn at any time) |
| Compliance with statutory retention obligations | Legal obligation |
The marketing site is hosted on infrastructure in Germany within the EU/EEA. The legal relationship with the customer is governed by Swiss law and Swiss jurisdiction applies. Google Analytics and Google reCAPTCHA are operated by Google Ireland Limited, with Google LLC in the United States as a sub processor. Transfers to the United States rely on Google's certification under the EU-US Data Privacy Framework and on standard contractual clauses for residual transfers. Where any other third party provider processes data outside Switzerland or the EEA, we rely on an adequacy decision, standard contractual clauses, or your explicit consent for the specific transfer.
Under the revFADP and, where it applies, the GDPR, you have the right to:
To exercise any of these rights, contact contact@endolum.io. We respond within 30 days.
If you believe your data protection rights have been violated, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland. If the GDPR applies to your situation, you may also lodge a complaint with a supervisory authority in the EU or EEA.
Each Endolum product publishes its own privacy policy that covers the data processed inside the product:
We may update this policy from time to time. The version date is shown at the top of the page. Material changes are reflected in the date and the changed sections.
For privacy related questions or requests, write to contact@endolum.io or to Endolum GmbH, Oberdorfstrasse 8, 8853 Lachen SZ, Switzerland.