Back to all policies

Privacy Policy – ResilioTech (External)

Last Updated: April 9th, 2026
Status: Compliant with Swiss nFADP & EU GDPR
Entity: Resilio Ltd., Lausanne, Switzerland

Introduction

ResilioTech is a digital environmental footprint assessment platform provided by Resilio Ltd. This policy explains how we collect, use, and protect your personal data as a client or external user of ResilioTech.

Data Controller

Resilio Ltd.
EPFL Innovation Park
1015 Lausanne, Switzerland

Email: privacy@resilio-solutions.com

DPO: CISO Maximilien Valenzano

Types of Data Collected

  • Identity & Contact: Email address, hashed password, User permissions, connection data and usage information.
  • Technical Data: IP address, log of access to the service and pages accessed, identifier of the last user to have modified data.
  • Impact Assessment Data: Technical infrastructure data for environmental impact calculations.
  • Usage Logs: API request logs (actions performed, pages and features accessed) and authentication attempt logs for security purposes.

Sensitive Data: We do not collect sensitive data as defined by Swiss nFADP or GDPR on this platform.

All this data is collected under contractual necessity and legitimate interest. See section on Legal Basis for Processing

Purpose of Processing

Service Delivery: To provide environmental footprint assessments, simulations, and reports.
Communication: To respond to inquiries and provide user support.
Optimization: To improve assessment algorithms, platform performance, and user experience.
Security: To monitor and secure the platform against unauthorized access.

Legal Basis for Processing

  • Contractual Necessity: To fulfill our service agreements and platform provisioning.
  • Legitimate Interest: To improve our platform and ensure security.
  • Consent: Optional features (newsletter, beta features, ...)

Data Storage and Retention

  • User Accounts: Duration of service + 5 years (pseudonymised when the account data is deleted)
  • Assessment Data: Licence start date + 3 years minimum (subject to renewal).
  • Logs: API and activity logs are retained for 90 days. Authentication attempt data (used solely for security/rate limiting) is deleted automatically upon successful login, or within 12 hours if no login occurs.

Data Localization: All data is stored on secure servers in Switzerland, Geneva (Infomaniak), compliant with GDPR/nFADP.

We reserve the right to delete user data by the end of the retention period. A user can demand that their data is deleted at any point, refer to the next section for details.

Data Security

  • Encryption: SSL/TLS for data in transit and at rest.
  • Access Control: Strict "need-to-know" access restrictions for Resilio employees processing your data.
  • Audits: Regular security reviews and compliance checks.

Your Rights

Under Swiss nFADP and GDPR, you have the following rights regarding this platform:

  • Right to Access: Request a copy of your data on ResilioTech.
  • Right to Rectification: Correct inaccurate or incomplete profile/assessment data.
  • Right to Erasure: Request deletion of your data on ResilioTech.
  • Right to Portability: Receive your data in a machine-readable format.
  • Right to Object: Opt out of non-essential processing (e.g. usage analytics).

How to Exercise Your Rights:

Updates

This policy may be updated to reflect changes in technology or law. Updates will be communicated via our platform and email.