🇨🇭 Data in Switzerland

The security a Swiss trustee requires

Primary database in Zurich, 10-year audit log, daily backup, FADP and GDPR compliance. Everything designed for those handling mandate, employee and customer data with zero margin for error.

Primary database in Switzerland

Your operational data (invoices, employees, customers, accounting) is stored in a Zurich data center on cloud infrastructure certified ISO 27001, SOC 2 and CSA STAR.

Organization isolation (RLS)

PostgreSQL Row-Level Security: every query is filtered at the database level for your organization. Even in case of an application bug, your data remains invisible to other customers.

End-to-end encryption

TLS 1.2+ in transit, AES-256 at rest. Password hashing with Argon2id (OWASP best practice).

Automatic daily backups

Every night at 03:00 CET, complete database dump to encrypted storage, 30-day retention. Recovery Point Objective: 24h. Recovery Time Objective: 8 working hours.

10-year audit log (CO art. 958f)

Every INSERT/UPDATE/DELETE on critical tables (invoices, payroll, journal entries) is logged with timestamp, user and diff. 10-year retention, compliant with Swiss retention obligation.

FADP and GDPR compliance

Compliant with the new Swiss FADP (September 1, 2023) and GDPR for EU users. Sub-processors with signed DPAs and standard contractual clauses. DPA available for Business and Trustee customers via in-app click-wrap.

Data localization

The primary data location for SwissWork customers is in 🇨🇭 Switzerland: operational database in Zurich, daily backups in the same region, 10-year audit log retention per CO art. 958f.

Technical accessory services (transactional emails, AI receipt processing, payments) are governed by contracts compliant with Swiss FADP and GDPR, with EU Standard Contractual Clauses where applicable.

The detailed list of accessory providers and related DPAs is available in the DPA we sign with Business and Trustee customers.

DPA available for Business and Trustee

Business and Trustee customers sign a Data Processing Agreement via click-wrap during onboarding. Acceptance is recorded with date, IP and user-agent per art. 28(9) GDPR. On request, we issue a data deletion certificate at end of contract.

Read the full DPA →

Try SwissWork free for 14 days

No card required. All tiers have the security stated above.

Start now
Privacy PolicyTerms of ServiceDPAAbout us