Plain facts about how articlos handles your data β encryption, credentials, Google OAuth, payments, FADP, GDPR, and your rights.
π¨π Swiss compliance at a glance
We run articlos for Swiss customers in line with the FADP / nDSG and the EU GDPR. Data processing agreement, processing register, and transfer basis documents on request.
FADP & GDPR
articlos processes data in line with the Swiss Federal Act on Data Protection (FADP / nDSG) and the EU GDPR.
Account and content data is stored on European cloud infrastructure.
Transfers to third countries occur only via Standard Contractual Clauses (SCC) or equivalent safeguards.
A data processing agreement (DPA / AVV) is available on request for Swiss and EU customers.
We maintain a Record of Processing Activities (RoPA) that can be requested.
Contact hello@articlos.ch for the current contracts.
Encryption
In transit and at rest, using the same standards the rest of the modern web uses.
All traffic between your browser and articlos is encrypted with TLS.
All data stored in our databases is encrypted at rest with AES-256.
OAuth access and refresh tokens are encrypted before being written to storage.
CMS credentials β WordPress application passwords, Webflow API tokens, Ghost Admin keys, Shopify access tokens, and custom endpoint secrets β are encrypted at rest and never displayed back in our UI.
Your content is yours
You own everything articlos generates on your behalf. We do not train models on it.
You retain full ownership of every article, brief, and asset generated through your account.
We do not sell or rent your personal or content data to third parties, ever.
We do not use your submitted content to train shared AI models without your explicit consent.
When AI model providers (OpenAI, Google, Anthropic) process your requests, we do not send personally identifiable information in those requests.
Your Google data
Google Search Console and GA4 are connected via OAuth. We follow Google's Limited Use policy to the letter.
We never ask for or see your Google password. OAuth only.
Google API data is cached for up to 24 hours to reduce API calls β then purged.
Your Google data is never sold, rented, transferred, or disclosed to third parties for advertising, market research, or user profiling.
We never use Google data to train AI models.
You can revoke access at any time from Settings β Integrations, or directly at myaccount.google.com/permissions.
Our use of Google APIs adheres to the Google API Services User Data Policy, including Limited Use requirements.
Credentials and passwords
Your account password is hashed. Your CMS credentials never leave encrypted storage.
Account passwords are hashed with industry-standard algorithms and never stored in plain text.
CMS connections use per-site credentials (WordPress app passwords, Webflow/Ghost/Shopify API keys, or custom endpoint tokens) that are encrypted at rest.
No credential is ever displayed back in the articlos UI after initial setup.
We recommend a strong, unique password and two-factor authentication on any service you connect.
Payments
All billing is handled by bank transfer. We never collect or store card data.
Invoices are paid by SEPA or SWIFT bank transfer directly to our business account.
Swiss customers can bill in CHF, EUR or USD.
We do not collect, process, or store card numbers, CVVs, or any payment card details at any point.
Transaction and invoice records are retained for 10 years per Swiss Code of Obligations.
Data retention
Keep what is yours while you are a customer. Delete it when you leave.
Account and content data is retained for as long as your account is active.
If you cancel, you have 30 days to reactivate and recover everything.
After account deletion, we delete or anonymise your data within 90 days.
Billing records are retained for 10 years per Swiss accounting law.
You can export your content at any time before deletion.
Your rights
Access, correction, deletion, portability, objection, restriction β every right under FADP and GDPR is honoured.
Request a copy of the personal data we hold about you at any time.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data ("right to be forgotten").
Request your data in a machine-readable portable format.
Object to marketing emails or other specific processing.
Request that we restrict how we use your data.
Email hello@articlos.ch to exercise any of these rights. We respond within 30 days.
Third-party processors
The short, honest list of who touches your data and why.
Cloud infrastructure for hosting, databases, and storage (in the EU).
OpenAI, Google (Gemini), and Anthropic (Claude) for AI model inference.
An email service provider for transactional and marketing emails.
Vercel Analytics for aggregate, anonymised usage metrics.
We do not share data with advertisers or data brokers.
Incident response
If something goes wrong, we tell you.
We monitor our infrastructure and application logs for security events.
In the event of a personal data breach, we notify you within 72 hours per FADP/GDPR requirements.
Security questions and reports can be sent to hello@articlos.ch.
The commitments on this page are grounded in our Privacy Policy, Terms of Service, and Cookies Policy. Read the full legal text below.