As of February 20, 2026
This Privacy Policy informs you about the processing of personal data when using Radicull (radicull.app). It applies to the website, dashboard, support, and payment processing.
We process personal data in accordance with the Swiss Data Protection Act (nDSG). To the extent that the EU General Data Protection Regulation (GDPR) applies, we also comply with its information obligations.
Controller (Owner/Operator):
Jonah Regez, Konradsweg 32, 8832 Wilen bei Wollerau, Switzerland
Email: info@radicull.app
Phone: 076 683 28 28
In particular, we process the following categories of personal data:
Master data: email address, name (if provided), account ID.
Usage/log data: IP address, device and browser data, timestamps, and technical log data.
Content data: uploaded learning materials, texts extracted from them, learning objective/exam date, and analysis results (if you save them).
Payment/contract data: plan, term, payment status, invoice information (payment data itself is primarily processed by Stripe).
Purposes:
Provision of the service (account, login, analyses, history).
Security, abuse prevention, error analysis, and improvement of the service.
Billing and management of plans/subscriptions.
Communication and support.
Legal bases (GDPR, where applicable): performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f); e.g., security), consent (Art. 6(1)(a); e.g., Google login, if required), and compliance with legal obligations (Art. 6(1)(c)).
When you visit the website/dashboard, technical log data is processed (e.g., IP address, timestamp, requested URL, user agent). This data is used in particular to deliver content, defend against attacks, and analyze errors.
For this purpose, we use Cloudflare as a Content Delivery Network (CDN) and security service. Cloudflare may process technical connection and security data as a service provider.
For registration and login, we use Supabase (Auth). In doing so, email address, password hash (for email/password), and technical authentication data are processed. For Google login (OAuth), we typically receive confirmation of your identity from Google and, where available in your Google account, your name and email address.
Supabase stores authentication information and provides session tokens. Technically necessary storage mechanisms (e.g., local storage) are used in the browser for this purpose.
You can upload learning materials (e.g., PDF, DOCX, PPTX, TXT). The files are processed server-side in a temporary environment in order to extract text and are then deleted (no permanent storage of the file).
Where possible, please do not upload particularly sensitive personal data. If you nevertheless upload such data, this is done at your own responsibility; we process content only for contract performance.
For AI-supported analysis, we transmit the extracted text and your inputs (e.g., learning objective, exam date) to our AI service provider DeepSeek. DeepSeek processes this data to provide the analysis.
Notice regarding training use: please refer to DeepSeek's current API privacy and data usage documentation. We use the API only for providing the contracted analysis service.
If you use the history function, we store analysis results in your personal history (Supabase database). Typically stored are: learning objective, where applicable exam date, timestamp, result data (JSON), and technical metadata (e.g., number of files). You can delete saved analyses in the app.
We use Stripe for payments and subscriptions. Radicull receives information from Stripe about payment status and your plan (e.g., whether a subscription is active). Payment data (e.g., card/account data) is processed directly by Stripe; Radicull does not store this sensitive payment data.
Depending on the processing activity, Stripe may act as an independent controller and/or as a processor (see Stripe privacy information).
We use the following categories of recipients/service providers (as of: see document header):
Supabase (authentication, database).
DeepSeek (AI analysis).
Stripe (payments/subscriptions).
Cloudflare (CDN/security).
Railway (hosting/operation of the API).
We select service providers carefully and, where required, conclude data processing agreements/privacy agreements.
Depending on the service providers used, personal data may be transferred to countries outside Switzerland or the EEA (e.g., USA). We ensure that cross-border transfers are permissible under nDSG/GDPR, for example through:
Adequacy decisions (if available), or
appropriate safeguards such as standard contractual clauses (SCC) and additional protective measures, or
statutory exemptions (e.g., for contract performance), where applicable.
Radicull uses technically necessary storage technologies to provide login sessions and app functions (e.g., session tokens via Supabase in local storage).
The web app may use a service worker (PWA function) to cache assets and load the app faster. We currently do not use personalized advertising and do not use tracking or analytics cookies for marketing purposes, unless explicitly stated otherwise.
Radicull creates automated analyses and prioritizations. These have no legal effects and do not produce similarly significant effects within the meaning of Art. 22 GDPR.
If you contact us by email, we process your information (e.g., email address, content of the message) to handle your request.
We implement appropriate technical and organizational measures to protect personal data (e.g., encryption in transit, access controls, rate limiting).
In the event of personal data breaches likely to result in a high risk to personality rights or fundamental rights, we will, where applicable, make notifications to the FDPIC and inform affected persons in accordance with the law.
Uploads: are deleted server-side after analysis (temporary processing).
History/results: remain stored until you delete them or delete your account (subject to statutory retention obligations).
Support communication: is retained for as long as required for processing and then deleted in accordance with statutory obligations.
Depending on applicable law, you have in particular the following rights: access, rectification, deletion, restriction of processing, data disclosure/data portability (where applicable), objection, and withdrawal of consent with effect for the future.
To exercise your rights, a message to info@radicull.app is sufficient. We may require appropriate proof of identity.
Switzerland: You can contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). EU (where applicable): You can contact a competent data protection supervisory authority, in particular at the place of your habitual residence.
We may amend this Privacy Policy (e.g., in the event of new features or legal changes). The current version is available on radicull.app.