Privacy Policy

1. Who is responsible?

The controller of personal data collected through the Raika websites and the Raika application is the legal entity operating Raika, as identified on our website and in contracts with customers ("Raika", "we", "us").

For questions about this Privacy Policy or your rights, contact us using the address or e-mail published on the website (once you insert them in the box above).

2. General

We take the protection of personal data seriously. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), in particular when offering services to individuals or organisations in the EU/EEA or when processing that falls within the scope of the GDPR.

Together with our hosting and service providers, we employ appropriate measures to protect data against unauthorised access, loss, misuse, or alteration. Complete protection of data transmitted over the internet cannot be guaranteed; you should be aware that e-mail and web traffic can have security weaknesses.

This Privacy Policy describes how we process personal data in connection with our websites, registration, sign-in, the Raika cloud application (staff planning, availability, scheduling, and related features), and related communications. It applies regardless of whether you use a desktop or mobile device.

By using our services where the law requires consent, you acknowledge the processing described here to the extent consent is the legal basis. Further legal bases are set out below.

3. Definitions

"Personal data" means any information relating to an identified or identifiable natural person. "Processing" means any operation on personal data, such as collection, storage, use, disclosure, or deletion. "Customer" means the organisation that subscribes to or uses Raika for its business. "User" means anyone who accesses the service (e.g. administrators or staff members invited by a Customer).

4. What data we process

Depending on how you use Raika, we may process:

• Account and identity data: e.g. name, e-mail address, identifiers from our authentication provider, organisation affiliation, role, and profile settings.
• Customer content (scheduling data): data Customers and Users enter into the product, such as names, contact details, availability, shifts, skills, preferences, notes, and similar information about staff or third parties. This often includes personal data relating to employees or contractors.
• Contract and billing data: if you purchase paid services—billing address, plan, payment references, and transaction metadata. Payment card details are typically processed directly by a payment service provider, not stored by us.
• Technical and usage data: IP address, device and browser type, timestamps, pages or screens viewed, diagnostics, and security logs.
• Communications: content and metadata when you contact us (e.g. via contact forms or e-mail).

5. Purposes and legal bases

We process personal data for the following purposes, based on the following grounds:

• Providing the service and performing contracts (FADP; GDPR Art. 6(1)(b)): operating accounts, authentication, storing and displaying scheduling data, support, and billing.
• Compliance with legal obligations (FADP; GDPR Art. 6(1)(c)): e.g. tax, accounting, or responding to lawful requests from authorities.
• Legitimate interests (FADP; GDPR Art. 6(1)(f)): securing the platform, preventing abuse, improving reliability, analysing aggregate usage, enforcing our terms, and defending legal claims—where not overridden by your interests or rights.
• Consent (FADP; GDPR Art. 6(1)(a)): where required for optional cookies, marketing e-mails, or other non-essential processing; you may withdraw consent at any time with effect for the future.

Where Customers upload personal data about their staff, the Customer is typically the controller for that data and instructs us to process it to deliver Raika. We process such data on documented instructions as a processor where the law requires a data processing agreement.

6. Cookies and similar technologies

We and our providers may use cookies and similar technologies that are strictly necessary for the service (e.g. session security, load balancing) and, where you agree, for preferences or analytics. You can control cookies through your browser settings; blocking some cookies may limit functionality.

For marketing or analytics cookies, we will rely on consent where required and provide appropriate choices (e.g. banner or settings) when such tools are active on our sites.

7. SSL/TLS and server logs

We use encryption in transit (HTTPS/TLS) between your browser and our services where supported.

Our infrastructure may automatically log technical information such as requested resource, date and time, transferred volume, browser type, operating system, referrer URL, and IP address. We use logs for security, troubleshooting, and abuse prevention and retain them only as long as necessary, typically a limited number of days, unless longer retention is needed for incident investigation or legal claims.

8. Authentication (PropelAuth)

Sign-in, sign-up, and session management are provided by PropelAuth, Inc. (United States). PropelAuth processes authentication-related data (such as e-mail, identifiers, and security events) on our behalf. Information about PropelAuth's processing is available in PropelAuth's privacy policy. Transfers to the USA are safeguarded by appropriate mechanisms such as standard contractual clauses and/or other tools recognised under Swiss and EU law, as described by PropelAuth.

9. Hosting, infrastructure, and subprocessors

We use cloud hosting, databases, e-mail delivery, and other infrastructure subprocessors to run Raika. They may process personal data only to provide those services to us. We select providers with appropriate safeguards and, where required, conclude data processing agreements.

A current list of key subprocessors (e.g. authentication, hosting region) should be published or made available to Customers on request; update it when you change providers.

10. Payment services

If we offer card or other online payments, the payment is handled by a specialised provider. We typically receive confirmation of payment status, not full card numbers. The provider's privacy policy and terms apply to payment processing.

11. Contact enquiries

When you contact us, we process the data you provide (e.g. name, e-mail, message content) to handle your request and for follow-up. Legal basis: contract or pre-contract measures, and/or legitimate interests in responding to enquiries.

12. Newsletters and marketing

If we send newsletters or product updates by e-mail, we do so only with consent or another permitted basis. You can unsubscribe using the link in each e-mail or by contacting us.

13. Disclosure of data

We disclose personal data to third parties only when necessary to provide the service, when we are legally obliged to do so, or when you have consented. Categories of recipients include subprocessors (hosting, authentication, analytics if used), professional advisers, and authorities where required.

14. International transfers

Your data may be processed in Switzerland, the EU/EEA, the United Kingdom, the United States, or other countries where our providers operate. If a country is not recognised as providing adequate protection, we implement appropriate safeguards (e.g. standard data protection clauses approved by the Federal Data Protection and Information Commissioner or the European Commission, and supplementary measures where needed).

For users in Switzerland, be aware that laws in some countries (notably the USA) may allow public authorities broader access to data than under Swiss law, and that legal remedies abroad may be limited. We provide this information so you can make an informed decision where consent or a transfer impact assessment is relevant.

15. Retention

We retain personal data only as long as necessary for the purposes described, unless longer retention is required by law (e.g. commercial or tax records). After the end of a subscription, we delete or anonymise Customer content according to our retention schedule and contractual commitments, subject to backup cycles and statutory limits.

16. Security measures

We implement technical and organisational measures appropriate to the risk, including access controls, encryption in transit, separation of environments where feasible, logging, and procedures for incident response. No method of storage or transmission is completely secure.

17. Your rights

Subject to applicable law, you may have the right to:

• request access to your personal data and certain information about processing;
• request rectification of inaccurate data or completion of incomplete data;
• request erasure ("right to be forgotten") where conditions are met;
• request restriction of processing in defined cases;
• receive data you provided in a structured, machine-readable format (data portability), where applicable;
• object to processing based on legitimate interests, including direct marketing;
• withdraw consent where processing is based on consent;
• lodge a complaint with a supervisory authority (in Switzerland: the FDPIC; in the EU: your local authority).

To exercise rights, contact us using the details you publish for privacy enquiries. We may need to verify your identity. If you are an employee of a Customer, we may refer certain requests to that Customer where they are the controller of your work-related data.

18. Unsolicited advertising

We object to the use of contact data published under legal notice obligations for sending unsolicited advertising or information materials. We reserve the right to take legal action against spam in accordance with applicable law.

19. Children

Raika is intended for business use. We do not knowingly collect personal data from children below the minimum age relevant in your jurisdiction for entering into contracts without parental consent. If you believe we have collected such data, please contact us for deletion.

20. Changes

We may update this Privacy Policy to reflect legal, technical, or organisational changes. The current version is always the one published on this page with the "Last updated" date. If changes materially affect you, we will notify you where required (e.g. by e-mail or in-app notice).

21. Related documents

Our Terms of Service contain additional provisions on the use of the service and contractual roles.