Privacy Policy

HypTide – Self-Hypnosis Platform
Last Updated: February 10, 2026

1. Controller

The controller responsible for the processing of your personal data within the meaning of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) is:

P&L Group GmbH (operating as HypTide)
In der Oberwis 3, 8123 Ebmatingen, Switzerland
Commercial Register: CHE-431.623.742
Email: hyptideteam@gmail.com

2. Scope and Applicable Law

This Privacy Policy explains how we collect, process, and protect personal data when you use our website, application, and related services (collectively, „Services“). It applies to all users regardless of location.

Our data processing complies with applicable data protection laws, in particular the Swiss Federal Act on Data Protection (FADP, in force since 1 September 2023) and its accompanying Data Protection Ordinance (DPO), as well as the EU General Data Protection Regulation (GDPR) to the extent it applies to individuals in the European Economic Area (EEA).

Our Services are directed exclusively at adults aged 18 and older. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us with personal data, please contact us at hyptideteam@gmail.com so we can promptly delete it.

3. Personal Data We Collect

3.1 Data You Provide to Us

Account data: When you register, we collect your first name, email address, and password (stored in hashed form).

Session personalization data: To personalize your self-hypnosis sessions, we may ask you about your goals, stress levels, sleep quality, or other preferences. You may respond by typing or, if you enable your microphone, by voice input.

Payment data: If you purchase a subscription, your payment details are processed directly by Stripe, Inc. We do not store your full payment card information. We receive limited transaction data from Stripe (e.g., last four digits, transaction amount, subscription status).

Communications: When you contact us, we collect the information you provide, including your name, email, and message content.

3.2 Data We Collect Automatically

Device and technical data: IP address, browser type and version, operating system, device identifiers, and screen resolution.

Usage data: Pages visited, features used, session frequency and duration, dates and times of activity.

Location data: Approximate geographic location inferred from your IP address. We do not collect precise geolocation.

Cookies: We use cookies and similar technologies to operate and improve our Services. See Section 10 for details.

4. Purposes and Legal Basis

We process your personal data for the following purposes and on the following legal bases:

Providing and operating our Services (account creation, session delivery, subscription management)
Legal basis: Performance of a contract (Art. 6(6) FADP; Art. 6(1)(b) GDPR).

Personalizing self-hypnosis sessions using AI (generating scripts and audio based on your preferences)
Legal basis: Performance of a contract (Art. 6(6) FADP; Art. 6(1)(b) GDPR).

Processing payments (via Stripe)
Legal basis: Performance of a contract (Art. 6(6) FADP; Art. 6(1)(b) GDPR).

Communicating with you (support requests, service updates)
Legal basis: Performance of a contract or legitimate interest (Art. 6(1)(b) or (f) GDPR).

Improving and optimizing our Services (analytics, usage patterns)
Legal basis: Legitimate interest (Art. 31(1) FADP; Art. 6(1)(f) GDPR). Our interest consists in understanding how users interact with our Services to improve functionality and user experience.

Ensuring security and preventing fraud
Legal basis: Legitimate interest (Art. 31(1) FADP; Art. 6(1)(f) GDPR).

Marketing communications (only with your prior consent)
Legal basis: Consent (Art. 6(6) FADP; Art. 6(1)(a) GDPR). You may withdraw consent at any time.

Compliance with legal obligations
Legal basis: Legal obligation (Art. 6(1)(c) GDPR; applicable Swiss law).

Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override your rights and freedoms. You may contact us to obtain further details.

5. AI-Based Data Processing

Our Services use artificial intelligence to generate personalized self-hypnosis scripts and convert them into audio. For this purpose, your session preferences and goals (e.g., „I want to improve my sleep quality“) are transmitted to third-party AI service providers located in the United States.

We do not send your name, email address, or other directly identifying information to these providers for the purpose of content generation. The data shared is limited to what is necessary for generating your personalized session.

Automated decisions: The AI-generated content constitutes personalized wellness content. It does not produce legal effects or similarly significant effects on you within the meaning of Art. 22 GDPR or Art. 21 FADP. HypTide does not offer medical diagnoses or therapeutic treatment.

6. Disclosure of Personal Data

We do not sell your personal data. We do not share personal data with third parties for their own direct marketing purposes.

We may share your personal data with the following categories of recipients:

6.1 Service Providers (Data Processors)

We engage third-party service providers who process data on our behalf and under our instructions. We have entered into data processing agreements with these providers. The categories of service providers include:

  • Payment processing services (for processing subscriptions and transactions)
  • AI and machine learning services (for generating personalized session content)
  • Cloud hosting and infrastructure providers (for operating our application and storing data)
  • Analytics services (for understanding usage patterns in anonymized/aggregated form)

These service providers are located in Switzerland, the EEA, and the United States. For transfers to the United States, see Section 7 below.

6.2 Other Disclosures

We may also disclose personal data when required by law, to protect our rights or the safety of our users, or in connection with a business transfer (e.g., merger or acquisition). In the case of a business transfer, we will notify you before your data becomes subject to a different privacy policy.

7. International Data Transfers

Our Services are operated from Switzerland. We use service providers located in the United States that process personal data on our behalf.

The United States does not provide a level of data protection equivalent to Switzerland or the EEA by default. To ensure adequate protection of your data, we rely on the following safeguards:

  • Swiss-U.S. Data Privacy Framework (DPF): For transfers to U.S. organizations that are certified under the DPF, as recognized by the Swiss Federal Council.
  • Standard Contractual Clauses (SCCs): As approved by the European Commission and recognized under Swiss law, for transfers to providers not covered by the DPF.
  • Other safeguards: As provided under Art. 16–18 FADP and Art. 46–49 GDPR where applicable.

You may request a copy of the applicable safeguards by contacting us at hyptideteam@gmail.com.

8. Data Retention

We retain personal data only as long as necessary for the purposes of processing or as required by law. The following retention periods apply:

Account data (name, email): Retained for the duration of your account and up to 10 years thereafter, in accordance with Swiss statutory retention obligations (Art. 958f Swiss Code of Obligations).

Session personalization data and generated audio: Retained for the duration of your account. Deleted upon account deletion.

Payment and transaction data: Retained for 10 years from the end of the fiscal year, in accordance with Swiss tax and commercial law.

Usage and analytics data: Retained for up to 26 months, then anonymized or aggregated.

Communication and support data: Retained for 3 years after resolution of the inquiry.

Server logs: Retained for 90 days for security and fraud prevention purposes.

After the applicable retention period expires, data is securely deleted or irreversibly anonymized.

9. Your Rights

9.1 Rights under Swiss Law (FADP)

You have the following rights regarding your personal data:

  • Right of access (Art. 25 FADP): Confirmation of whether we process your data and access to that data.
  • Right to rectification: Correction of inaccurate personal data.
  • Right to deletion: Deletion of your data, subject to legal retention obligations.
  • Right to data portability (Art. 28 FADP): Transfer of your data in a commonly used, machine-readable format.
  • Right to object: Objection to processing based on legitimate interests.

9.2 Additional Rights for EEA Residents (GDPR)

If you are located in the EEA, you additionally have the right to:

  • Restriction of processing (Art. 18 GDPR) under certain circumstances.
  • Data portability (Art. 20 GDPR) in a structured, machine-readable format.
  • Object to processing (Art. 21 GDPR) based on legitimate interests, including for direct marketing.
  • Withdraw consent (Art. 7(3) GDPR) at any time, without affecting the lawfulness of prior processing.
  • Not be subject to solely automated decisions (Art. 22 GDPR) that produce legal or similarly significant effects.

9.3 How to Exercise Your Rights

Contact us at hyptideteam@gmail.com. We will respond within 30 days (or within the period required by applicable law). We may ask you to verify your identity before processing your request.

9.4 Right to Lodge a Complaint

If you believe our processing of your data violates applicable law, you have the right to lodge a complaint with:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern – www.edoeb.admin.ch
  • EU/EEA: The data protection supervisory authority of your country of residence – see edpb.europa.eu

10. Cookies and Tracking Technologies

Essential cookies: Strictly necessary for the functioning of our Services (session management, authentication). These cannot be disabled.

Analytics cookies: Help us understand how users interact with our Services by collecting anonymized or aggregated information.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality.

Legal note: Under Swiss law, consent is generally not required for technically necessary cookies. For analytics cookies, we rely on legitimate interest subject to your right to opt out. For users in the EEA, we obtain consent before setting non-essential cookies, in accordance with the GDPR and the ePrivacy Directive.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit and at rest, secure password hashing, access controls, regular security reviews, and contractual obligations on service providers to maintain appropriate security standards.

No method of electronic transmission or storage is entirely secure. If you believe your interaction with us is no longer secure, please contact us immediately.

12. Third-Party Links

Our Services may contain links to third-party websites or services not operated by us. We are not responsible for their data protection practices and encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will post the revised version with an updated „Last Updated“ date. For material changes that significantly affect how we process your data, we will notify you by email or through a prominent notice on our Services.

14. Contact

For questions about this Privacy Policy or our data processing:

P&L Group GmbH (operating as HypTide)
In der Oberwis 3, 8123 Ebmatingen, Switzerland
hyptideteam@gmail.com