Last updated: February 28, 2026
MonoBox GmbH, Basel, Switzerland, is the data controller responsible for your personal data. This policy complies with the Swiss Federal Act on Data Protection (DSG/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
We share your data only with:
We do not sell your personal data. We do not share data for advertising purposes.
We retain your data for the duration of your account plus 5 years for legal and accounting purposes (Swiss Code of Obligations, Art. 958f). Item photos are deleted within 30 days of permanent item disposal. You may request earlier deletion subject to legal retention requirements.
Under Swiss data protection law, you have the right to:
To exercise these rights, email privacy@monobox.ch. We will respond within 30 days.
We use strictly necessary cookies for authentication and session management. We do not use tracking cookies or third-party analytics cookies. No cookie consent banner is required for strictly necessary cookies under Swiss law, but we inform you here for transparency.
We implement industry-standard security measures including TLS encryption, secure headers (CSP, HSTS), and role-based access controls. Item photos are stored in private Supabase Storage buckets accessible only to the item owner and authorized MonoBox staff.
Some of our service providers (Supabase, Stripe, Google, Anthropic) process data in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) and the providers' certifications under the Swiss-U.S. Data Privacy Framework.
For privacy inquiries: privacy@monobox.ch
You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.