Privacy Policy

Last updated: 28 March 2026

1. Introduction

This privacy policy describes how Grynn GmbH ("TAPR AI", "we", "us", or "our") collects, stores, uses, shares, and processes personal information on https://tapr.ch, https://cloud.tapr.ch, and their subdomains (collectively, the "Website").

Grynn GmbH is a company registered in Beringen, Canton of Schaffhausen, Switzerland. We encourage you to read this policy alongside our Terms of Service and Cookie Policy.

2. Scope

This policy applies to personal data collected through our Website and Services. It does not cover anonymised or aggregated data, nor does it govern third-party websites, applications, or services linked from our Website. Third-party data collection is subject to their own privacy policies.

3. Information We Collect

Contact Information

Name, email address, phone number, and company name provided when you create an account, request a demo, or contact us.

Billing Information

Billing name, address, VAT/tax identification numbers. Payment card details are processed by third-party payment providers; we receive only limited information such as the last four digits, payment amount, and timestamp.

Technical Information

IP address, browser type and version, operating system, screen resolution, pages visited, referring/exit pages, visit timestamps, approximate location, and clickstream data.

Service Data

Data you upload or process through our Services, including invoices, ERP connection details, and configuration settings.

KYC Information

Where required for Peppol network access, we may collect identity verification documents and business registration details as part of our Know Your Customer (KYC) process.

4. How We Collect Information

5. How We Use Your Information

To Provide Our Services

Processing invoices, managing your account, providing support, sending service-related communications, and fulfilling our contractual obligations.

For Legitimate Business Purposes

Improving our products and services, detecting fraud, enforcing our terms, ensuring security, and complying with legal obligations.

For Marketing

With your consent, we may contact you about products, services, and offers. You can opt out at any time via the unsubscribe link in any marketing email or by contacting us.

6. Sharing Information with Third Parties

We may share your information with:

We do not sell your personal data.

7. Your Rights

Under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), you have the right to:

To exercise any of these rights, contact us at contact@grynn.ch.

8. Data Storage and Retention

Your data is hosted on Hetzner servers in Finland, within the European Economic Area.

After the applicable retention period, data is securely deleted.

9. Data Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security assessments.

10. International Data Transfers

Your data is processed and stored within the EEA (Finland). Where data is transferred outside the EEA or Switzerland, we ensure appropriate safeguards are in place in accordance with FADP and GDPR requirements.

11. Children's Privacy

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on our Website at least 14 days before taking effect. We encourage you to review this page periodically.

13. Contact

For questions about this privacy policy or to exercise your data rights:

Grynn GmbH
Beringen, Schaffhausen, Switzerland
Email: contact@grynn.ch