Legal Notice, Terms of Use (Testing) & Privacy Policy

Last updated: 21 January 2026

This page contains (1) legal notices and Terms of Use for the testing phase and (2) our Privacy Policy describing how we process personal data.

A) Legal Notice (Imprint)

Provider / Controller: Decraver (Verein) (“Decraver”, “we”, “us”)

c/o: Regula Wegmann
Address: Niderholzstrasse 38
Postal code / City: 6062 Wilen (Sarnen), Switzerland

Legal form: Verein
Registered seat (Sitz): Sarnen, Switzerland
Status: aktiv

UID: CHE-470.019.366
CH-ID: CH-140-6441237-8
EHRA-ID: 1723504

Contact (privacy & legal): info@decraver.com

B) Terms of Use (Testing Phase)

1) Testing phase; no warranty

The Decraver product (including the web application, breathalyzer device, and web services; together the “Product”) is currently in a testing / pilot phase.

  • The Product may be incomplete, contain errors, or behave unexpectedly.
  • We do not guarantee uninterrupted availability, correctness, or fitness for a particular purpose.

2) Updates and outages

We regularly update the Product. Updates may cause:

  • short outages or degraded performance,
  • changes to features or behavior.

3) Not medical advice; personal responsibility

The Product does not replace professional medical advice, diagnosis, or treatment. You remain responsible for your decisions and actions. If you need medical help, contact qualified professionals.

4) Limitation of liability

To the fullest extent permitted by applicable law:

  • Decraver is not liable for any damages arising from the use of, inability to use, or reliance on the Product (including direct, indirect, incidental, consequential, or special damages), including any damages related to outages, lost data, incorrect results, or device behavior.

Nothing in these terms limits liability that cannot be excluded under mandatory law.

5) Acceptable use

You agree not to:

  • misuse the Product, attempt to gain unauthorized access, interfere with systems, or test security without permission,
  • upload unlawful content,
  • use the Product in a way that violates applicable law.

6) Accounts and access

You are responsible for maintaining the confidentiality of your login credentials and for activities under your account. We may suspend or restrict access if needed for security or to prevent misuse.

7) Termination

You may stop using the Product at any time. We may discontinue or change the Product (in whole or in part) and may terminate accounts where required for security, legal compliance, or abuse prevention.

8) Governing law / jurisdiction

These terms are governed by Swiss law, excluding conflict-of-law rules, unless mandatory law provides otherwise. Jurisdiction is at Decraver’s registered seat, to the extent legally permitted.

C) Privacy Policy

1) Scope

This Privacy Policy applies to the Product and covers how we process personal data when you:

  • create/use an account,
  • perform tests and view results,
  • upload proof videos (if used),
  • receive automated emails and push notifications,
  • or access our services (technical data, logs).

2) Categories of personal data we process

Depending on your use, we may process:

Account & contact data

  • name (if provided), email address, authentication/session data.

Test and program data

  • test results, timestamps, device identifiers, test history and related metadata.

Proof videos (if used)

  • video recordings and upload metadata.

Technical data and logs

  • IP address, device/browser data, timestamps, request details, error/security events.

3) Purposes of processing

We process personal data to:

  • provide and operate the Product (accounts, tests, results, videos),
  • send automated emails (e.g., password reset, verification, reports),
  • send push notifications (where enabled),
  • ensure security, prevent abuse, and investigate incidents,
  • maintain quality and improve stability,
  • comply with legal obligations and enforce rights,
  • provide user support.

4) Where data is processed / hosting and service providers

Your data (including test results and proof videos) is processed and stored on facilities of:

  • Hetzner Online GmbH (infrastructure / data centers)
    managed by
  • Technokrat GmbH (operations / managed services)

In addition, we use the following service providers for specific functions:

  • Google Firebase Cloud Messaging (FCM) for push notifications.
    This typically involves processing technical identifiers (e.g., device/notification tokens) and notification delivery metadata. We aim to keep notification contents minimal and avoid including sensitive data in notification payloads.

  • Google Mail for sending and processing automated emails (e.g., password reset, verification, and reports).
    This necessarily processes email addresses and email content required for delivery.

These providers act as processors/service providers under contractual and security obligations.

5) Data sharing (“no third-party access”)

  • We do not provide third parties access to private user data (such as identifiable test results or proof videos) for their own purposes.
  • We share data only with:
    • the processors listed above to operate the Product,
    • authorities or others if required by law or necessary to protect rights and security (see Section 9),
    • and partners only in anonymized form (see below).

6) Anonymized data exchange (Switzerland)

Data in anonymized form (not reasonably linkable back to a person) may be exchanged with other addiction services in Switzerland, primarily:

  • public institutions, and
  • non-profit organizations,

for purposes such as improving addiction services, quality initiatives, and research/public health.

7) User-directed sharing: access for other users and therapists

The Product may allow you to grant other people access to your data (including near real-time data), for example by adding, inviting, or linking:

  • other users you choose, and/or
  • therapists or other support persons.

This sharing is initiated and controlled by you (for example, by sending an invitation link, accepting a link invite, or enabling access within your account).

Important: If you grant access to another person or organization, their handling of your data and any conclusions or advice they provide are generally outside Decraver’s control.

  • We provide technical means to share and revoke access, but we do not supervise recipients and do not monitor what they do with the data after they have access.
  • Recipients do not act on behalf of Decraver. They are responsible for their own compliance with applicable data protection, confidentiality, and professional obligations.
  • Decraver does not guarantee the recipients’ medical expertise, quality of care, or fitness for purpose. You should share your data only with people and organizations you trust.

8) Access logs (raw logs)

We store raw access logs for legal, security, and quality assurance reasons. These logs may include IP addresses, timestamps, and request details.

9) Legal disclosures and enforcement

We may disclose personal data if we believe in good faith it is necessary to:

  • comply with law, regulation, legal process, or enforceable request,
  • protect security and integrity of the Product,
  • protect rights, property, or safety of Decraver, users, or others,
  • investigate fraud, abuse, or technical issues.

10) International transfers

Some service providers (notably Google services) may process data in multiple regions. Where data is transferred outside Switzerland, we take appropriate safeguards required by applicable law (e.g., contractual protections and security measures).

11) Security

We apply appropriate technical and organizational measures (access controls, encryption in transit where supported, monitoring, least-privilege access). No system is perfectly secure, but we continuously work to protect your data.

12) Your rights

Depending on applicable law (including Swiss data protection law and, where relevant, GDPR), you may have rights to:

  • access, correction, deletion (where legally possible),
  • restriction or objection to certain processing,
  • data portability (in some cases),
  • withdraw consent (where processing is based on consent).

To exercise rights, contact us (Section A). We may need to verify your identity.

13) Cookies and similar technologies

We may use cookies or similar technologies necessary for authentication, security, and preferences. If non-essential analytics/marketing cookies are used, we will provide appropriate notice/choices where required.

14) Changes to this page

We may update this page as the Product evolves, especially during the testing phase. The “Last updated” date will reflect the latest revision.