Privacy Policy
GDPR and Swiss DPA compliant.
Last updated: May 2026
1. Controller
The controller within the meaning of Swiss DPA and the GDPR is CarHive. Contact: datenschutz@carhive.ch.
2. Data we collect
Account data (email, name, password hash), listing and message content, listing location, IP address (truncated), cookies, technical security logs.
3. Purposes
Marketplace operation, account management, buyer-seller communication, abuse prevention, legal retention, anonymised analytics for service improvement.
4. Legal bases
Contract (Art. 6(1)(b) GDPR) for account and listings; legitimate interest (f) for security; consent (a) for push notifications, marketing emails and non-essential cookies.
5. Payments — Stripe
For paid plans we use Stripe Payments Europe Ltd. Payment data is processed exclusively by Stripe. We do not store any card or bank data. See: stripe.com/privacy.
6. Email — Resend
Transactional emails (registration, password reset, saved-search alerts, email-change confirmation) are sent via Resend (USA, Standard Contractual Clauses).
7. Browser push notifications
If you enable push, we store the subscription endpoint plus two public cryptographic keys provided by your browser. You can disable push anytime in your account.
8. Cookies & LocalStorage
Technical cookies for session, language and abuse protection. LocalStorage for compare list, recently viewed listings and PWA install hint. NO third-party tracking cookies.
9. Retention
Account data while the account exists. After deletion: listings, messages and saved searches are permanently removed. Records subject to retention (e.g. invoices): 10 years per Swiss CO.
10. Your rights
Access, rectification, deletion, restriction, objection and portability. Complaints can be filed with the Swiss FDPIC. Requests: datenschutz@carhive.ch.
11. Security
All connections TLS-encrypted. Passwords hashed with bcrypt. Stripe webhooks signature-verified. Encrypted backups.
12. Changes
We may update this policy. The current version is always available on this page.