Privacy Policy — Pli

Version: 1.4.0 | Effective date: 14 May 2026 | Last update: 14 May 2026

1. Scope

This Privacy Policy explains which personal data Pli processes, for what purposes, for how long, with which recipients, and which rights you can exercise under applicable law (including Swiss nFADP/nLPD).

2. Data controller

Pli - Facturation Swiss Premium
Legal and privacy contact: atelierobscur@gmail.com
Switzerland

3. Categories of data

Depending on usage, Pli may process:

account data (name, e-mail, authentication provider);
invoicing and business data (clients, invoices, quotes, amounts, due dates, statuses, IBAN, VAT/UID, logo, signature);
analytics and usage data collected anonymously for statistical and improvement purposes;
technical and security data (diagnostics, security logs);
optional voice data (temporary audio and transcription) when Voice-to-Invoice is used;
optional images or documents sent for AI-assisted OCR extraction.

4. Purposes and legal bases

Purpose	Main legal basis
Provide invoicing features (including Swiss QR-bill)	Performance of contract
Authentication, security, abuse prevention	Legitimate interests
Optional cloud synchronization	Performance of contract / Consent
Support, reliability, and product improvement	Legitimate interests
Compliance with accounting and legal obligations	Legal obligation

5. Recipients and processors

Data may be processed by:

Firebase / Google Cloud (authentication, cloud infrastructure, synchronization, hosting of the application proxy);
Google Analytics / Firebase Crashlytics (anonymized statistical usage analysis and crash reporting);
RevenueCat (technical management of subscriptions and purchase receipts);
OpenAI (Whisper voice transcription and GPT OCR/structured extraction, only when Voice-to-Invoice or OCR-Invoice features are used).
- All calls go systematically through an authenticated Firebase proxy : no API key is embedded in the application, and no direct request is made from your device to OpenAI.
- Transcribed data may be retained by OpenAI for up to 30 days for abuse-prevention purposes.
- Data is not used to train models (consistent with OpenAI's API policy).
- If you do not want your data to transit through OpenAI, do not use the Voice-to-Invoice or OCR-Invoice features.
Apple App Store / Google Play (financial processing of in-app purchases).

Pli does not sell personal data and does not use any third-party advertising tracker.

6. International transfers

Some processing may involve transfers outside Switzerland/EU (in particular to the United States for Google/Firebase and OpenAI). These transfers are framed by :

the Standard Contractual Clauses (SCCs) approved by the Swiss FDPIC, for transfers to countries without an adequacy decision ;
the Swiss–US Data Privacy Framework (DPF) for certified US recipients, where applicable.

7. Security

Pli implements appropriate technical and organizational safeguards:

local database encryption (SQLCipher / AES-256);
secrets stored in the operating system's secure vault (iOS Keychain / Android Keystore);
strict cloud access rules (Firestore Rules) restricting each user to their own data;
controlled immutability of issued invoices (sealed fields, integrity hashes);
security logging and periodic access review;
no third-party API key is embedded in the application.

8. Retention periods

Business data (invoicing/clients/company): retained while the account is active or until deletion is requested.
Technical logs: limited and proportionate duration.
Temporary voice audio: deleted locally after processing.

Issued invoices are accounting records under the Swiss Code of Obligations (art. 958f CO) and may be retained for a minimum of 10 years, independently of any account-deletion request. This retention takes precedence over the right to erasure (nFADP art. 32) where the records are required by accounting and tax law.

9. Your rights

You may request: access, rectification, deletion, restriction/objection, and portability.

In-app: Profile > Export my data / Delete my account
By e-mail: atelierobscur@gmail.com

10. Account deletion

Account deletion is irreversible. Primary data is deleted within a reasonable timeframe. Residual technical records may temporarily remain for security reasons or legal obligations.

11. Minors

Pli is intended for professional use. If you are under 16, use must be authorized by a legal guardian.

12. Complaints

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Tel.: +41 58 462 43 95
E-mail: info@edoeb.admin.ch
Website: www.edoeb.admin.ch

13. Changes

This policy may be updated to reflect legal, contractual, or product changes. The version published in the app is the applicable version.