Privacy notice
Last updated: 2026-05-15. Pending review by a Swiss data-protection lawyer before launch.
This notice explains what personal data Festinato (the "Service") processes, on whose behalf, and what rights data subjects have. It is written to satisfy Swiss revFADP and EU GDPR.
1. Who we are
Festinato is operated by Michael Hofer, Switzerland (the "Controller" for visitors of this marketing site, the "Processor" for data inside a tenant's back-office — see the DPA).
Contact for privacy matters: privacy@festinato.app.
2. What data we process
- Account data — display name, admin email, tenant slug, locale + country (collected on /signup).
- Payment metadata — Mollie customer id and subscription id; the full card number / IBAN never touches our systems (Mollie's hosted checkout collects it).
- Festival content — anything the customer puts into the back-office: artists, venues, slots, news, sponsors, volunteers, push notifications. We are the Processor for this — see the DPA.
- Device tokens — opaque FCM / APNs strings a mobile device sends us so we can push notifications back. Not linked to a person.
- Server logs — IP + request timestamp, retained for 30 days for security + debugging.
3. Why we process it
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Run your festival's back-office | Performance of contract (1(b)) |
| Process subscription payments | Performance of contract (1(b)) |
| Send push notifications you composed | Performance of contract (1(b)) |
| Security logging | Legitimate interest (1(f)) |
| Marketing site analytics (off by default) | Consent (1(a)) |
4. Sub-processors
We use the following sub-processors. Their inclusion is part of the DPA; you can object to changes with 30 days' notice.
| Provider | Purpose | Region |
|---|---|---|
| Mollie B.V. | Payment processing | NL (EU) |
| Cloudflare, Inc. | CDN + TLS termination + DNS | Global edge; data routed via EU PoPs |
| Hetzner Online GmbH | Application + Postgres hosting | DE / FI (EU) |
| Apple Inc. (APNs) | iOS push notification delivery | US |
| Google LLC (FCM) | Android push notification delivery | US |
| Amazon Web Services | S3 object storage for backups + signing material | EU (eu-central-1) |
US transfers (Apple, Google, AWS) are covered by Standard Contractual Clauses + the EU–US Data Privacy Framework.
5. Retention
Tenant content is retained while a subscription is active and
for 90 days after cancellation, after which
a daily cron drops the Postgres database and the on-disk
tenant directory. Customers can request a complete export at
any time via GET /api/v1/export or by mailing us.
Server logs are retained for 30 days. Payment metadata is retained for 10 years to satisfy Swiss accounting law (OR Art. 958f).
6. Your rights
Under revFADP + GDPR you can request access, rectification, erasure, restriction, portability and objection. Mail privacy@festinato.app — we respond within 30 days.
You can also complain to the Swiss Federal Data Protection Commissioner (FDPIC) or your local EU supervisory authority.