Privacy Policy – ResilioDB (Internal)

Last Updated: March 6, 2026

Status: Compliant with Swiss nFADP & EU GDPR

Entity: Resilio SA, Lausanne, Switzerland

Introduction

ResilioDB is a database service provided by Resilio SA. This policy explains how we collect, use, and protect our employees' internal metadata, logs, and account details when accessing, maintaining, and developing ResilioDB.

Data Controller

Resilio SA EPFL Innovation Park 1015 Lausanne, Switzerland

Email: privacy@resilio-solutions.com

DPO: CISO Maximilien Valenzano

Types of Data Collected

Internal Accounts: Employee usernames, business emails, assigned roles and permissions. Development/Admin Logs: Access times, IP addresses used, queries run by admin accounts, configuration changes. Metadata: System usage patterns and administrative actions trace.

Sensitive Data: We do not collect sensitive data within this tool.

Purpose of Processing

Maintenance and Administration: To perform operations necessary to maintain platform uptime. Performance: To monitor and optimize platform performance. Security: To detect and prevent unauthorized access or abuse, and track access logs for compliance. Support: To assist clients with technical queries using internal tools.

Legal Basis for Processing

• Legitimate Interest: To ensure platform security, stability, and integrity.
• Contractual Necessity: As part of fulfilling employee contracts (admin tools access).

Data Storage and Retention

• Employee Accounts: Duration of employment + 10 years (aligned with general HR retention)
• Database/Admin Logs: 1 year
• Metadata: Duration of employment + 2 years

Data Localization: All internal data is stored on secure servers in Switzerland (Infomaniak) or the EEA (DGTZ), compliant with GDPR/nFADP.

Your Rights

Under Swiss nFADP and GDPR, you have the following rights as an employee:

• Right to Access: Request a copy of your logs and data.
• Right to Rectification: Correct inaccurate or incomplete data about your profile.
• Right to Erasure: Request deletion (subject to legal or operational retention duties).
• Right to Portability: Receive your data in a machine-readable format.
• Right to Object: Express concerns about specific logging activities to the DPO.

How to Exercise Your Rights:

• Contact privacy@resilio-solutions.com or the DPO directly.

Data Security

• Encryption: SSL/TLS for data in transit and at rest.
• Access Control: Strict role-based access for Resilio personnel via zero-trust VPN/IAM.
• Audits: Regular internal security reviews and audits.

Updates

This policy may be updated to reflect changes in our internal administrative procedures. Updates will be communicated internally.