Unlio LogoUnlio
mapMap
LoginSign up
Unlio LogoUnlio
Version: 2.0
Effective Date: 02-26-2026

Privacy Policy

This Privacy Policy explains how personal data is processed in connection with the Unlio platform operated under the domain unlio.io (the “Platform”).

It should be read together with the Terms and Conditions.

1. Data Controller

The data controller responsible for processing personal data in connection with the Platform is:

01HIO AG
Reichenburg, Switzerland
Email: privacy@01h.io

Personal data is processed in accordance with applicable Swiss data protection law.

If mandatory foreign data protection laws apply in a specific case, applicable statutory rights are respected to the extent required by law.

2. Scope of Processing

This Privacy Policy applies to personal data processed when:

  • Visiting and using the Platform
  • Creating and managing a user account
  • Participating in initiatives
  • Creating a public profile
  • Subscribing to newsletters
  • Contacting 01HIO
  • Using optional identity verification features

Personal data is collected directly from users, generated through use of the Platform (e.g., technical logs), or derived in aggregated or anonymised form.

Public profile information and publicly visible contributions may be accessible to other users and to non-registered visitors and may be indexed by search engines, depending on Platform configuration.

3. Categories of Personal Data

3.1 Account Data (Required)

When creating an account, the following data is processed:

  • Email address
  • Authentication credentials (e.g., password hash)
  • Account identifier

Legal name and other profile information are not required for account creation.

3.2 Participation and Content Data

When participating in initiatives:

  • Contributions, statements, and comments
  • Participation status (e.g., support, oppose, observe)
  • Initiative-specific visibility settings

Certain initiatives may require specific attributes (e.g., residence in a defined region) for active participation. Such criteria are disclosed before participation.

Observation of initiatives may not require meeting such criteria.

3.3 Public Profile Data

Users may activate a public profile. Creating a public profile requires disclosure of the user’s real name.

Optional profile fields may include:

  • Given names and family name
  • Birthdate
  • Legal gender
  • Nationality or residence country
  • Residence permit information

3.4 Address Information

Users may voluntarily provide address information, including:

  • Street address
  • Postal code
  • City
  • Region
  • Country

Address information is used for eligibility verification where required by an initiative.

Full address details are not publicly displayed. At most, city-level information may be visible if configured.

3.5 Demographic Information (Voluntary)

Users may voluntarily provide demographic information, including:

  • Political affiliation
  • Religious beliefs
  • Gender identity
  • Sexual orientation
  • Disability information

These categories may qualify as particularly sensitive personal data.

Demographic fields are disabled by default and are processed only if a user actively provides them.

Particularly sensitive personal data is processed only on the basis of the user’s explicit consent and may be withdrawn at any time.

This data:

  • Is entirely optional
  • Is independently removable
  • Is not required for general participation
  • Is not used for automated profiling or targeted advertising
  • Is not used for eligibility filtering

Demographic information is not publicly displayed unless the user explicitly enables display for the specific initiative or context.

Demographic information may also be used in aggregated and anonymised statistical reporting.

If consent is withdrawn, continued use of the Platform remains possible; only the relevant demographic feature becomes unavailable.

3.6 Identity Verification (Optional Feature)

The Platform may offer optional identity verification features.

Verification is conducted through an external identity verification provider.

01HIO:

  • Does not store identity document images
  • Stores only verification metadata and user-provided profile attributes
  • May transmit necessary profile attributes to the verification provider for comparison

Verification confirms identity at the time of verification. Users remain responsible for keeping their information accurate and up to date.

Verification metadata is retained during account existence and deleted within 30 days after account deletion, unless retention is required for dispute resolution or legal obligations.

Verification status may be revoked in cases such as fraud indicators, material inconsistencies, or user-initiated profile changes affecting verified attributes.

3.7 Technical and Security Data

When accessing the Platform, technical information may be processed, including:

  • IP address
  • Timestamps
  • Device and browser information
  • Security-related logs

This data is processed solely for security, abuse prevention, and system integrity.

Security logs are retained for up to six (6) months unless required for investigation or legal compliance.

Technical data is not used for behavioural profiling or advertising.

4. Purposes and Legal Bases

Personal data is processed for the following purposes:

PurposeLegal Basis
Account creation and accessPerformance of a contract
Participation in initiativesPerformance of a contract
Moderation and enforcementLegitimate interest in platform integrity
Security and abuse preventionLegitimate interest in system security
Identity verification (optional feature)Performance of a contract
Voluntary demographic informationExplicit consent
Newsletter deliveryConsent
Transactional communicationsPerformance of a contract
Legal compliance and defence of claimsLegal obligation or legitimate interest

Where processing is based on legitimate interests, safeguards such as data minimisation, access restriction, and defined retention limits are applied.

The Platform does not perform automated decision-making producing legal or similarly significant effects.

5. Transactional and Marketing Communications

5.1 Transactional Communications

Transactional emails (e.g., account confirmations, security notices, policy updates) are sent as necessary for performance of the contract.

These do not require separate consent.

5.2 Marketing Communications

Marketing communications (e.g., newsletters or product updates) are sent only:

  • Upon explicit subscription
  • Following double opt-in confirmation

Consent may be withdrawn at any time via the unsubscribe link.

For newsletter subscribers without an account:

  • Email addresses are retained until unsubscribe.
  • Suppression records may be retained to prevent accidental re-subscription.

6. Cookies and Session Management

The Platform uses only technically necessary first-party cookies:

  • sessionId – used to maintain authenticated sessions
  • XSRF-TOKEN – used for cross-site request forgery protection

Cookies have a limited lifetime (typically up to 24 hours) and may use rolling expiration. Durations may be adjusted for security reasons.

Cookies are configured with appropriate security attributes where supported.

No analytics, advertising, behavioural tracking, or third-party cookies are used.

7. Data Retention

Personal data is retained only as long as necessary for its intended purpose.

Retention periods include:

  • Account and profile data: retained during account existence and deleted or anonymised within 30 days after completion of the deletion workflow
  • Demographic data: retained only during account existence
  • Verification metadata: retained during account existence and deleted within 30 days after account deletion
  • Security logs: up to six (6) months
  • Consent records (Terms, Guidelines, Newsletter): retained during account existence and for up to three (3) years thereafter
  • Legal documentation: retained for statutory limitation periods

Accounts that remain inactive for an extended period may be deactivated and deleted following prior notice.

8. Account Deletion and Content

Upon account deletion:

  • Personal account data is deleted or anonymised
  • Public profile linkage is removed
  • Contributions may remain accessible in anonymised form to preserve initiative records

Anonymisation means processing data so that identification of a user is no longer possible by means reasonably likely to be used by 01HIO or third parties.

Requests concerning personal data embedded in published content are reviewed separately.

Such requests are typically processed within 30 days, taking into account legal obligations, proportionality, and the integrity of initiative records.

Outcomes may include redaction, restriction of visibility, removal, or refusal with a brief explanation.

9. Service Providers and International Processing

Personal data may be processed by service providers acting on behalf of 01HIO, including:

  • Hosting providers
  • Email delivery providers
  • Identity verification providers
  • Security service providers

Service providers process personal data under contractual instructions and confidentiality obligations. Access is limited to what is necessary to perform the services.

Service providers may engage sub-processors under equivalent contractual obligations.

Personal data may be disclosed to authorities where required by applicable law or valid legal process.

Where data is processed outside Switzerland, appropriate safeguards are applied. Safeguards may include contractual protections such as standard contractual clauses and supplementary measures where required under Swiss law.

10. Data Subject Rights

Within the limits of applicable law, you have the right to:

  • Request access to personal data
  • Request correction
  • Request deletion
  • Object to processing based on legitimate interests
  • Withdraw consent (where applicable)

01HIO may request reasonable verification of identity before fulfilling such requests.

Requests are typically processed within 30 days, unless complexity or legal obligations require more time.

Rights may be limited where required by applicable law (e.g., legal retention obligations or overriding interests).

Requests may be submitted to: privacy@01h.io

You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

11. Data Security

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, loss, alteration, or misuse.

Security incidents are assessed promptly and handled in accordance with applicable legal requirements.

12. Changes to This Policy

This Privacy Policy may be updated from time to time.

Material changes will be communicated through the Platform or by email where appropriate.