Privacy Policy
Last updated: April 24, 2026
Eeagli Chart Studio is operated by James Eagle as the data controller for the Eeagli Chart Studio service. This policy explains what personal data we collect, why we collect it, the legal basis for each processing activity, and how we protect your rights under the Swiss Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR).
Controller of personal data
Eeagli Chart Studio is operated by:
James Eagle
Bachtelstrasse 19
8820 Wädenswil
Switzerland
UID: CHE-247.427.708
Contact: hello@eeagli.com
Information we collect
We collect information necessary to provide and operate the platform, including:
- Account information: name, email address, and organisation details provided during registration or OAuth sign-in (via Google, Microsoft, or LinkedIn)
- Project data: data uploaded or created within Eeagli Chart Studio
- Booking and enquiry data: name, work email, organisation details, and meeting preferences submitted through booking forms
- Payment data: billing details processed by our payment provider Stripe; Eeagli does not store card numbers directly
- Usage information: operational metrics and product-usage activity such as logins, project opens, project creation, publishing, and export activity in signed-in accounts
- Technical information: device type, browser, IP address (anonymised for analytics), and session identifiers for security and service delivery
How we use information and legal basis
We use collected information for the following purposes. For each purpose, we state the legal basis under the GDPR and nFADP:
- Provide and maintain the service (contract performance) — authentication, account management, chart creation, exports, publishing, and collaboration features
- Process payments and manage subscriptions (contract performance) — billing, invoicing, and subscription lifecycle via Stripe
- Schedule meetings (contract performance / pre-contractual measures) — processing booking requests via Calendly
- Public website analytics (consent where required) — Ahrefs Web Analytics helps us understand website usage without cookies, while Google Analytics 4 with anonymised IP and PostHog on public pages are only loaded after you give explicit consent via our cookie banner
- Authenticated product telemetry (legitimate interest / contract performance as applicable) — first-party usage events in signed-in accounts help us understand product adoption, support customers, investigate failures, and improve reliability
- Security and abuse prevention (legitimate interest) — monitoring for unauthorised access, rate limiting, and fraud detection
- Platform improvement (legitimate interest) — aggregated and anonymised usage data to improve features and performance
- Communication (consent / legitimate interest) — responding to your enquiries and, where you have opted in, sending product updates
Eeagli does not sell customer data.
User responsibility for uploaded data
Users are responsible for ensuring that any data uploaded to the platform complies with applicable privacy and data protection laws.
Third-party services
To operate the platform, Eeagli relies on the following trusted third-party processors. Each provider processes data only as necessary to support platform functionality, and appropriate data processing agreements are in place.
- Microsoft Azure (Switzerland / EU) — cloud infrastructure, hosting, and compute
- Stripe (USA, with EU data processing) — payment processing, billing, and invoicing
- Google Analytics (GA4) (USA, with EU data processing) — public website analytics with anonymised IP, loaded only with your consent
- PostHog (EU Cloud, Frankfurt) — authenticated product analytics and optional public website analytics; session replay, surveys, feature flags, experiments, and advanced diagnostics may be enabled selectively
- Ahrefs Web Analytics — privacy-friendly website analytics that does not rely on cookies or persistent identifiers by default
- Calendly (USA, with EU data processing) — meeting scheduling for booking and partner enquiries
- Google, Microsoft, LinkedIn (OAuth providers) — authentication only; we receive your name and email to create or verify your account
Data location and transfers
Customer data is primarily processed and stored in Microsoft Azure infrastructure located in Switzerland and the European Economic Area.
Some third-party services (Stripe, Google Analytics, Ahrefs, Calendly) may process data outside Switzerland or the EEA. PostHog is configured in the EU cloud region for product analytics and related diagnostics. Where data is transferred outside Switzerland or the EEA, we rely on:
- The Swiss-US Data Privacy Framework and the EU-US Data Privacy Framework where applicable
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC)
Cookies and tracking technologies
We use cookies and similar technologies on the public website. Optional public-site analytics cookies are only set after you give explicit consent via our cookie banner. In the signed-in product, we may use first-party identifiers and local storage for authenticated product telemetry described in this policy. You can change your website cookie preferences at any time using the "Cookie settings" link in the page footer.
Essential cookies (always active)
- Session / authentication cookies — required for login, security, and core platform functionality. Set by Eeagli. Duration: session or up to 30 days.
Analytics cookies and tracking technologies
- _ga — Google Analytics 4. Distinguishes unique public-site visitors. Duration: 2 years. Set only with your consent.
- _ga_<ID> — Google Analytics 4. Maintains public-site session state. Duration: 2 years. Set only with your consent.
- PostHog public-site cookies / local storage keys — used on public pages only with your consent.
- Authenticated product telemetry identifiers — first-party session identifiers and local storage used to understand signed-in account activity, product adoption, and export reliability.
- Ahrefs Web Analytics — website analytics script that, according to Ahrefs, does not rely on cookies or persistent identifiers by default.
We also store a session identifier (eeagli_analytics_session_id) in your browser's sessionStorage
(not a cookie) for internal event grouping. This is cleared when you close the browser tab.
Third-party cookies
Calendly may set its own cookies when you use the embedded booking tool. Calendly's own GDPR consent notice is displayed within the booking embed. See Calendly's Privacy Policy for details.
Stripe may set cookies during the checkout process. See Stripe's Privacy Policy for details.
Data security
We implement appropriate technical and organisational safeguards to protect information. These include encrypted transport (HTTPS), restricted access controls, and operational security practices designed to protect customer data.
Parts of the platform infrastructure are hosted on Microsoft Azure cloud infrastructure in Switzerland and the EEA.
Access to internal systems is limited to authorised personnel under least-privilege access policies.
Data retention
Account information and project data are retained while your account remains active.
When an account is closed, personal data is deleted or anonymised within 90 days, except where retention is required for legal, tax, or regulatory obligations (for example, Swiss tax records must be retained for 10 years).
Analytics data is collected in anonymised or aggregated form and does not constitute personal data after processing.
Your rights
Under the Swiss nFADP and the EU GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — withdraw consent at any time for consent-based processing (e.g. analytics cookies) without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at hello@eeagli.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are in the EU, with your local supervisory authority.
Changes to this policy
We may update this Privacy Policy from time to time. Updated versions will be posted on this page with the revised effective date. If changes are material, we will notify active account holders by email.
Contact
If you have questions about this Privacy Policy or wish to make a privacy request, please contact:
James Eagle
hello@eeagli.com
Bachtelstrasse 19, 8820 Wädenswil, Switzerland