Privacy Policy

Language:EnglishDeutsch

Last updated: 27 Sep 2025

Ulifyi KLG operates the websites uli.fyi and ulifyi.ch and provides the Ulifyi platform (website and mobile apps) (together, the “Services”). We take the protection of your personal data seriously.

This Privacy Policy explains what data we collect, why we process it, how long we keep it, when we share it, whether data is transferred abroad, and what rights you have under Swiss data protection law (FADP / revFADP) and (where applicable) the EU/EEA GDPR.

1. Controller / Contact

Controller responsible for processing via these Services:

Ulifyi KLG c/o Frey Services Eggstrasse 14f 8134 Adliswil Switzerland

Email: [email protected]

If you contact us about data protection, please include enough information so we can identify your request (e.g., account email/username) and provide an ID verification where necessary.

2. Scope

This Privacy Policy applies to:

  • Visits to our websites (uli.fyi, ulifyi.ch)
  • Use of the Ulifyi platform (website/app), including accounts, posts, “Quests”, interactions, notifications, and support
  • Communications with us (email/support)

It does not apply to third-party websites/apps you may reach via links in our Services.

3. Key Definitions

  • Personal data: Information relating to an identified or identifiable natural person.
  • Sensitive personal data (special categories): Depending on the legal framework, this may include health data, biometric data, religious/political views, etc. We only process such data where necessary and with enhanced safeguards.
  • Processing: Any handling of personal data (collection, storage, use, disclosure, deletion, etc.).

4. Legal Bases (Switzerland + Germany/EU)

We process personal data in line with applicable law.

Switzerland (revFADP): We process personal data based on principles of good faith, proportionality, purpose limitation, and security.

EU/EEA (GDPR), where applicable: We rely on one or more of the following legal bases:

  • Consent (e.g., optional cookies/analytics where required)
  • Contract / pre-contractual measures (e.g., account creation, providing the platform)
  • Legitimate interests (e.g., security, fraud prevention, service improvement)
  • Legal obligation (e.g., retention duties, compliance requests)

You can withdraw consent at any time (see Section 12).

5. What Data We Collect (Categories)

Depending on how you use our Services, we may collect:

  1. Account & profile data (e.g., username, email, password hash, profile details, settings)
  2. User content you provide (e.g., posts, photos, videos, captions, comments, “Quests”, messages where offered)
  3. Contact data (e.g., email, phone if provided)
  4. Technical & usage data (e.g., IP address, device identifiers, browser/app version, operating system, timestamps, referrer URLs, pages/events used)
  5. Location & network data (approximate location via IP; precise location only if you enable it in-app/device settings)
  6. Audio/visual content you upload (photos/videos; metadata such as timestamps)
  7. Payment/transaction data (only if you use paid features; typically processed by payment providers — we may receive status confirmations and limited billing metadata)
  8. Support & communication data (messages to support, tickets, email content, logs relating to support)

We also may receive data from third parties if you use third-party integrations (see Section 10).

6. Purposes of Processing

We process personal data to:

  • Provide, operate, and maintain the Services
  • Create and manage user accounts and profiles
  • Enable posting, sharing, Quests, interactions, and community features
  • Deliver notifications (e.g., system notices, security alerts, platform updates; marketing only where permitted)
  • Ensure security, prevent fraud/abuse, enforce policies, and protect our infrastructure
  • Measure performance and improve usability and reliability
  • Handle support requests and communications
  • Comply with legal obligations and respond to lawful requests

7. Website Operation & Log Files

When you visit our websites, our servers (or providers acting on our behalf) may automatically store data such as:

  • Internet service provider
  • IP address
  • Browser version
  • Operating system
  • Date/time of access
  • Referrer page
  • Accessed pages/resources
  • Search terms (if provided via referrer)

Purpose: Operating the website, troubleshooting, security, and statistics.

Objection: Essential logs are required to operate the website; you generally cannot opt out of strictly necessary logging.

8. Tracking Technologies: Cookies, Pixels, Similar

8.1 Cookies

Cookies are small files stored on your device. We use:

  • Strictly necessary cookies (required for core functions)
  • Preference cookies (e.g., language settings)
  • Analytics/measurement cookies (only where legally permitted)

You can control cookies via your browser/device settings. Disabling cookies may reduce functionality.

8.2 Pixels / Web Beacons

We may use pixels (“web beacons”) to measure reach and performance (similar to server logs). Some pixels may be provided by third parties used for analytics/measurement.

9. Analytics, Tag Management, Fonts

9.1 Google Tag Manager

We use Google Tag Manager to manage website tags. Tag Manager itself does not typically access content data; it helps deliver/trigger other tools on our site.

9.2 Google Analytics / Global Site Tag (gtag.js)

We may use Google Analytics (potentially via gtag.js and/or via Tag Manager) to understand how users interact with our Services (e.g., page views, events, device info, rough location).

Where required by law, we will request consent before enabling analytics.

9.3 Google Web Fonts

We may use Google Web Fonts for consistent typography. Your browser may connect to Google servers to load fonts, which can involve processing your IP address.

If you prefer, you can use browser settings or extensions that block external font loading (may affect display).

10. Cloudflare (CDN, Security, Performance)

We may use Cloudflare services (e.g., CDN, DDoS protection, caching, performance optimization such as Rocket Loader).

Cloudflare may process technical connection data (e.g., IP address, request headers, timestamps, requested resources) to provide security and performance services.

Purpose: Protect the Services, reduce abuse, speed up delivery, and improve reliability.

11. Communications (Email / Support)

If you contact us by email or support channels, we process:

  • Your email address
  • Message content, subject, timestamps
  • Any additional contact information you provide

Purpose: Handle your request, follow-up questions, and support.

Security note: Email can be intercepted in transit. Spam filters may reject messages automatically.

12. Ulifyi Platform Features (Accounts, Posts, Quests)

12.1 Account Creation & Authentication

We process account credentials (e.g., email/username, password hash, authentication tokens) to provide login and account management.

12.2 User-Generated Content

If you create posts, upload media, join Quests, comment, or otherwise interact, we process the content and related metadata (time, device/app info, etc.).

12.3 Community & Safety

We process data to:

  • Enforce rules and prevent abuse (spam, fraud, harassment)
  • Investigate reports and moderate content
  • Maintain service integrity and security

12.4 Visibility Controls

Some content may be public or visible to other users depending on your settings and how the feature is designed. Please choose privacy settings carefully.

13. Push Notifications & In-App Messaging

If enabled, we may send:

  • Security/operational notifications (important account/service updates)
  • Product updates
  • Marketing messages only where permitted

You can disable push notifications in your device settings and adjust in-app preferences.

14. Third-Party Integrations

14.1 Google API Services

If our Services integrate with Google APIs, you agree that our use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including Limited Use requirements.

We only request Google permissions necessary to provide the feature you use. You can revoke permissions in your Google account settings.

14.2 Spotify Integration (if you connect Spotify)

If you connect your Spotify account (e.g., to share a song that matches your mood), we may process:

  • Spotify account identifier (as provided by Spotify)
  • Access tokens/refresh tokens (to maintain the connection)
  • Data you choose to share or fetch via the Spotify API (e.g., track/artist/playlist metadata, cover art URLs, preview URLs, or currently playing/last played information if you grant that permission)

Purpose: Enable Spotify-based features (e.g., attach a song to a post/Quest, display track metadata).

Control: You can disconnect Spotify in Ulifyi settings (where provided) and revoke access via your Spotify account settings.

Spotify’s processing: Spotify is an independent controller for its own processing. Their privacy policy applies to Spotify’s services.

15. Sharing Data with Third Parties

15.1 Processors (Service Providers)

We may use processors to deliver the Services, such as:

  • Hosting and infrastructure providers
  • IT support and maintenance providers
  • Analytics/measurement providers (where legally permitted)
  • Payment providers (if paid features are offered)
  • Consulting (legal, tax, accounting) where necessary

Processors may only process data under our instructions and must protect confidentiality.

15.2 Partners / Advertisers (if applicable)

If third-party offers appear in our Services, they will be clearly identifiable (e.g., marked as advertising). If you use such offers, data may be transferred to the partner to provide the offer. Partners act as independent controllers for their processing.

15.3 Social Media Links

If you click social media links, the platform provider may learn you came from our Services and may process data under their own policies.

15.4 Authorities

We may disclose data if legally required (e.g., lawful requests by authorities).

16. International Data Transfers

Data may be processed in countries outside Switzerland and/or the EU/EEA depending on service providers used.

Where required, we use appropriate safeguards (e.g., contractual clauses such as the EU Standard Contractual Clauses) and take additional technical/organizational measures where necessary.

17. Retention

We keep personal data only as long as necessary for the stated purposes.

  • Website logs: typically up to 12 months (unless needed longer for security/incident investigation)
  • Analytics/measurement data: may be retained longer, depending on configuration and legal requirements
  • Contract and accounting records: may be retained up to 10 years where legally required

When data is no longer needed, we delete or anonymize it, or restrict processing where deletion is not possible due to legal obligations.

18. Security

We implement reasonable technical and organizational measures to protect personal data from loss, misuse, unauthorized access, alteration, or disclosure.

We use TLS/SSL encryption for data transmission where supported by your browser/app.

No method of transmission or storage is 100% secure; however, we continuously improve our safeguards.

19. Your Rights (Switzerland + EU/EEA where applicable)

Depending on your location and applicable law, you may have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Delete data (where legally possible)
  • Restrict processing (in certain cases)
  • Object to processing (especially where based on legitimate interests)
  • Data portability (where processing is automated and based on consent or contract)
  • Withdraw consent at any time (without affecting processing already performed)

To exercise rights, contact [email protected]. We may request verification of identity.

Supervisory authorities

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC/EDÖB)
  • Germany/EU (where GDPR applies): you may also lodge a complaint with your competent supervisory authority.

20. Minors

Our Services are not intended for children who are not legally allowed to consent to data processing in their country of residence. If you believe a minor has provided personal data without appropriate consent, contact us and we will take reasonable steps to delete it.

21. Changes to This Privacy Policy

We may update this Privacy Policy at any time. The current version is published on our websites. We do not necessarily provide individual notifications for every change.