Privacy Policy
Booksquare GmbH, headquartered in Zurich, Switzerland, offers a cloud-based SaaS platform for antiquarian, rare, and second-hand booksellers. Booksquare processes personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and the European Union's General Data Protection Regulation (GDPR). This page explains how Booksquare ensures compliance with these data protection regulations as part of our technical and organizational measures, and what rights users and clients have in that context.
This Privacy Policy applies to the Booksquare website (booksquare.ch) and the Booksquare SaaS platform (desk.booksquare.ch). Where specific sections apply only to one or the other, this is indicated.
Last updated: 01. January 2026
Booksquare and Data Protection (GDPR / FADP Compliance Overview)
Effective Date: 01. January 2026
1. Data Processing on Behalf of Clients
—Booksquare acts as a data processor under Art. 28 GDPR when our clients use the Booksquare platform to process customer data, order history, or contact information. The client remains the data controller and is responsible for the lawful collection and use of the data.
Booksquare makes available a standardized Data Processing Agreement (DPA) for all clients. The DPA outlines how personal data is protected, and which subprocessors may be involved. This DPA is available upon request or as part of the onboarding documentation.
2. Data Storage and Hosting Location
—Booksquare is hosted on Microsoft Azure, region "Switzerland North." We have configured our systems to keep all client and end-customer data stored within Switzerland. Backup data, documents, and file storage are also physically located in Switzerland.
3. Subprocessors
—Booksquare works with a small number of carefully selected subprocessors:
Microsoft Azure (Hosting and infrastructure) – Switzerland
SendGrid (Transactional email dispatch) – USA
Stripe (Payment processing) – USA
4. Technical and Organizational Measures (TOMs)
—To protect the confidentiality, integrity, and availability of data, Booksquare implements the following measures:
Data encryptionData in transit is protected using industry-standard security measures.
Access controlAccess to production systems is limited to authorized personnel only.
Regular backupsBackups are created and stored redundantly in Switzerland.
Audit logs and monitoringSystem access and security-relevant events are logged.
Security by designNew features and changes undergo code review and security assessment.
5. Data Subject Rights
—Individuals have the following rights under GDPR and FADP: right of access, rectification, erasure, data portability, objection, withdrawal of consent, and to lodge a complaint with a supervisory authority.
For data stored by our clients on the platform, requests should be directed to the respective client (data controller). For your own account data, contact us at privacy@booksquare.ch
6. Privacy by Design
—Booksquare's architecture was built with privacy principles in mind. We collect only the data necessary to provide our services. Clients may request access to, correction of, or deletion of their data at any time by contacting us.
7. Analytics and Tracking
—Public Website (booksquare.ch)
Booksquare uses privacy-friendly analytics tools that operate without cookies and do not require consent.
Pirsch
Provider: Emvi Software GmbH, Germany | Data hosting: Germany
Pirsch is a cookie-free analytics service. It generates a temporary hash from visitor data (IP address, user agent, date) that expires after 24 hours. IP addresses are never stored. Data collected includes aggregated page views, referrers, device characteristics, and approximate location (country/city level). No personal data is collected.
TWIPLA
Provider: TWIPLA GmbH, Germany | Data hosting: Germany (ISO 27001 certified)
TWIPLA is used in Maximum Privacy Mode – no cookies, no fingerprinting, no personal data. It collects aggregated visitor behavior data including session recordings and heatmaps. No individuals are identified.
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR / Art. 31(1) FADP)
SaaS Platform (desk.booksquare.ch)
No third-party analytics or tracking tools are used within the SaaS application.
8. Data Retention and Deletion
—Client data is retained for the duration of the subscription. Upon cancellation, clients may request an export. Data will be deleted no later than 90 days after termination unless a longer retention is legally required. Backups are automatically purged after their expiry period.
9. Contact and Further Information
—If you have questions about Booksquare's data protection measures or wish to request a copy of the Data Processing Agreement, you may contact us via the form provided on our website or via email at privacy@booksquare.ch
For EU-related inquiries: privacy@booksquare.ch