TIFFY Power Storage
Back to Home

Privacy Notice

As of: March 2026

1. What is this privacy notice about?

In this privacy notice, we explain how we process your personal data in the context of our business activities and in connection with our website, insofar as processing is not obvious and the applicable data protection law requires information. This privacy notice is for information purposes only and does not form part of any contract with you. If you would like further information on our data processing, please contact us (Section 2).

2. Who is responsible for processing your data?

The following company is the "controller", i.e. the entity primarily responsible under data protection law for data processing in accordance with this privacy notice: TIFFY Power Storage AG General-Guisan-Strasse 6 6300 Zug Switzerland If you have any questions about data protection, please contact us at: hello@tiffy-power.com

3. How do we process data in connection with our products and services?

If you use our products and services, we process data for the preparation and performance of the corresponding contract: — When we conclude a contract with you, we process pre-contractual data and information on the contract itself. During and after the contract term, we process information on the contract, payments, customer service contacts, claims, and complaints. — Before concluding a contract, we may check creditworthiness using address and credit information from credit agencies. This data is used solely for address verification and credit checks. — We may process certain energy data (in particular energy consumption data) in connection with the purchase of our services. — We also process the aforementioned data for statistical evaluations to support the improvement and development of products and business strategies.

4. How do we process data in connection with advertising?

We also process personal data to advertise our services: — Newsletter: We may send newsletters containing advertising for our offers. We will ask for your consent in advance, except when advertising to existing customers. — Events: If you participate in events we organize, we process registration data for organization purposes. — Market research: We process data to improve services and develop new products.

5. How do we disclose personal data?

We may disclose personal data to various bodies within the scope of our activities, in particular: — Persons associated with you (e.g. authorized representatives, deputies); — Offices, authorities and courts within the scope of our legal obligations; — Service providers, in particular IT service providers (see Section 6). Recipients of data are not only located in Switzerland. We compensate for any lower level of protection through appropriate contracts, in particular the standard contractual clauses of the European Commission.

6. How do we process data in connection with our website?

6.1 Technical log data

Every time you use our website, certain data is collected for technical reasons and temporarily stored in log files: IP address, information about the internet service provider and operating system, referring URL, browser used, date and time of access, and content accessed. We use this data to operate the website and ensure system security and stability.

6.2 Contact form and lead gates

When you fill in our contact form or request information materials (e.g. product data sheets, technology white papers, investor pitch deck) via our website, we collect the data you provide (name, email address, and optionally phone number and company). This data is used to process your request, send you the requested material, and contact you if necessary. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interests).

6.3 Hosting (Vercel)

This website is hosted by Vercel Inc., 340 Pine Street, Suite 900, San Francisco, CA 94104, USA. Vercel processes technical data (in particular log data and IP addresses) when operating the website. Data transfer to the USA is carried out on the basis of the European Commission's standard contractual clauses. Further information: https://vercel.com/legal/privacy-policy

6.4 Database (Supabase)

Form data (leads) is stored in a database provided by Supabase Inc. We use Supabase Cloud in the EU region (Frankfurt, Germany), so your data is stored within the EU. Supabase processes data on the basis of a data processing agreement pursuant to Art. 28 GDPR. Further information: https://supabase.com/privacy

6.5 Workflow automation (Make.com)

After a form is submitted, an automated workflow is triggered via Make.com (Celonis SE, Theresienhöhe 12, 80339 Munich, Germany). Make.com processes the submitted form data to: (1) send you a confirmation email, (2) notify our team internally, and (3) record your data in an internal working list. Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR. Further information: https://www.make.com/en/privacy-notice

6.6 Fonts (Wix Madefor)

This website uses the font families "Wix Madefor Display" and "Wix Madefor Text". The font files are bundled into our website during the build process and served directly from our servers (Vercel). No connection to external font servers (e.g. Google Fonts) is established when you visit our pages.

7. Are there any other processing activities?

Yes, many processes are not possible without processing personal data: — Communication: When we are in contact with you, we process information about the content, type, time and place of communication. — Compliance with legal requirements: We may disclose data to authorities within the scope of legal obligations. — Job applications: We process application data and generally delete it after six months. — IT security: We process data for monitoring, securing our IT infrastructure and for backups. — Legal proceedings: If we are involved in legal proceedings, we process the required data.

8. How long do we process personal data?

We process your personal data as long as necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), as long as we have a legitimate interest in storing it, and as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data). After these periods have expired, we delete or anonymize your personal data.

9. How do we protect your data?

We take appropriate technical and organizational measures to ensure that the security of your personal data is appropriate to the respective risk. However, we cannot guarantee absolute data security; certain residual risks cannot generally be ruled out.

10. Legal bases (GDPR)

Where the GDPR applies, we base the processing of your personal data on the following legal bases: — Art. 6 para. 1 lit. b GDPR: Processing for the performance of a contract and pre-contractual measures; — Art. 6 para. 1 lit. c GDPR: Compliance with legal obligations; — Art. 6 para. 1 lit. f GDPR: Processing to protect legitimate interests (e.g. website operation, IT security, marketing); — Art. 6 para. 1 lit. a GDPR: Processing based on your separate consent (e.g. newsletter).

11. What are your rights?

Under the applicable data protection law, you have the following rights: — Information: You can request information about whether and which personal data we process about you. — Correction and restriction: You can have incorrect data corrected and processing restricted. — Deletion and objection: You can have personal data deleted and object to processing, in particular for direct marketing. — Data portability: You can receive your data in a machine-readable format. — Revocation: You can revoke any consent at any time with effect for the future. If you wish to exercise such a right, please contact: hello@tiffy-power.com You also have the right to lodge a complaint with the competent supervisory authority: in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC), in the EU with the relevant national data protection authority.