Privacy Policy

Last updated: 2026-06-19

1. Data controller and territorial scope

Giacomo Cacciatore
E-mail: info@turnix.ch
For formal postal requests, please contact us by e-mail to request the controller's postal address; responses to privacy requests are provided within 30 days of submission.

Minimum age of use: 18 years old (the service is intended for adult healthcare professionals) or, alternatively, the minimum digital consent age established by the user's country of residence (art. 8 GDPR: between 13 and 16 years depending on the member state) with the explicit authorization of the holder of parental responsibility. The UK Age Appropriate Design Code 2020 ("Children's Code") issued by the ICO additionally applies in the United Kingdom. Turnix does not knowingly collect or process data of minors without the authorizations required by law; any processing detected in violation will be deleted immediately.

Turnix is available globally. We apply the GDPR (Regulation (EU) 2016/679) as the baseline standard for all users, wherever they are located. In the following regimes we ensure full compliance with local law:

For users in other countries we apply the GDPR standard as a minimum level of protection and respect the data-protection rights provided by the applicable local law. Such users may contact their own competent local supervisory authority (see ยง8).

Switzerland benefits from an EU adequacy decision (January 15, 2024, EU Commission Decision 2024/254). The United Kingdom benefits from an EU adequacy decision (June 28, 2021, Decision 2021/1772).

2. Data collected

Special categories of data (art. 9 GDPR / art. 5 lett. c nFADP): Turnix does NOT collect biometric data, genetic data, data revealing religious, philosophical, political or trade-union opinions, ethnic or racial origin, social data or criminal-conviction data. Work shift data constitute ordinary personal data.

Optional health features โ€” data ONLY on the device (local-only)

Turnix offers three optional health features, off by default, each enabled individually via separate explicit consent (art. 9 para. 2 lett. a GDPR / art. 6 para. 7 lett. a nFADP). The data in these features constitutes health data (special category, art. 9 GDPR):

This feature's data stays only on this device: it is never sent to our servers or to third parties. It is not restored on a new phone and is lost if you uninstall the app.

It is encrypted at-rest on the device (AES, with a key generated locally in the phone's secure keystore), excluded from the operating system's automatic backups, never synced to the cloud and never sent to sub-processors. You can disable each feature at any time: disabling it permanently deletes the related data from the device, without having to delete your account.

Turnix is not a medical device: this feature's data is for informational and personal use only and does not replace a doctor's advice.

No automated profiling: Turnix does NOT carry out profiling or automated decision-making on your data within the meaning of art. 22 GDPR / UK GDPR / art. 21 nFADP. The visual cluster grouping based on pHash is a deterministic image comparison (perceptual hash fingerprint of the PDF cell) and does NOT constitute profiling or an automated evaluation of personal aspects of the user. The "working/off" cluster classification is always indicated manually by the user in the Statistics section.

3. Purposes and legal basis

Legal basis under GDPR (EU + EEA) and UK GDPR:

Legal basis under the Swiss nFADP/revDSG: processing necessary for contract performance, for the legitimate interest of the controller, and based on the user's explicit consent for ancillary purposes (art. 31 nFADP).

4. Data retention

Data is retained as long as the account is active. The user can delete all their data at any time via Settings โ†’ Reset all data. After deletion, data is removed from backups within 30 days.

Retention by category:

5. Third parties (sub-processors)

Supabase Inc. (data storage, authentication) โ€” Server region: eu-west-1 (Ireland, EU). DPA available at supabase.com/privacy.

RevenueCat Inc. (subscription management) โ€” Privacy policy: revenuecat.com/privacy. RevenueCat only receives an anonymous purchase identifier, not shift data.

Health-feature data (cycle, sleep, wellbeing): no sub-processor. It stays encrypted on the device and is not transmitted to Supabase or to any third party.

Google LLC โ€” Google Calendar API (optional Premium feature, active only if the Premium user connects their own Google account). The app uses two scopes: "calendar.events" (CRUD on the events in the user's primary calendar: the app writes only your events/reminders to Google and reads the events of your primary calendar) and "calendar.readonly" (read-only, to import into Turnix the events of your other Google calendars โ€” e.g. Birthdays, Holidays and custom calendars). Synchronisation concerns exclusively shifts, events and reminders: data from the health features (cycle, wellbeing, sleep) is NEVER transmitted. OAuth tokens are stored exclusively on the device (managed by Google Sign-In) and are never sent to Turnix servers. The user can disconnect or revoke access at any time via Settings โ†’ Google Calendar Sync โ†’ Disconnect, or from myaccount.google.com โ†’ Security. Google receives the events (date, time, cluster label) but NO sensitive data (employee name, OCR shift code), in line with the Strada B Pura principle.

Google LLC โ€” Firebase Cloud Messaging (FCM). Enterprise team mode only, to receive push notifications when the team leader distributes a PDF. The FCM token is stored on Supabase (RLS active, accessible only by the Cloud Run backend). Privacy policy: firebase.google.com/support/privacy.

Sentry (Functional Software Inc.) โ€” crash diagnostics and stability. Server in the EU region: Sentry Frankfurt (ingest.de.sentry.io). Receives only stack-traces, app version, device model, and operating system. The sendDefaultPii=false flag is configured โ€” NO personal data (email, IP, user identifiers) is sent. Data retention: 90 days. Privacy policy: sentry.io/privacy.

No shift data is sold or transferred to third parties for advertising purposes.

5.1 Cookies and tracking technologies

Compliance with the ePrivacy Directive 2002/58/EC (as transposed by each EU/EEA member state โ€” e.g. Legislative Decree 196/2003 art. 122 in Italy, TTDSG ยง 25 in Germany, French Data Protection Act art. 82, LSSI-CE art. 22 in Spain) + UK Privacy and Electronic Communications Regulations (PECR) 2003 + art. 45c nFADP for Switzerland.

Turnix mobile app: does NOT use HTTP cookies (native apps do not have browser cookies). Local storage is used exclusively for:

turnix.ch website: uses only essential technical cookies (no analytics, no tracking, no profiling, no third-party cookies). No cookie consent banner is required under art. 122 Legislative Decree 196/2003 + EDPB cookie guidelines 03/2022.

5.2 Data Protection Officer (DPO)

Turnix is not required to appoint a Data Protection Officer (DPO) within the meaning of art. 37 para. 1 GDPR / UK GDPR / art. 10 nFADP: the controller is not a public authority, does not carry out large-scale processing of sensitive data (arts. 9-10 GDPR), and does not carry out large-scale systematic monitoring of data subjects.

In relation to the optional health features (special category, art. 9 GDPR), a Data Protection Impact Assessment (DPIA, art. 35 GDPR) was nonetheless conducted. The DPIA confirmed the absence of high risks to the rights and freedoms of data subjects thanks to the local-only architecture: no server-side processing, data encrypted at-rest on the user's device alone and under their sole control, separate explicit consent, and immediate deletion on request.

For any personal data protection request, exercise of data subject rights (see ยง7) or complaint, please contact the data controller directly at info@turnix.ch. We will respond within 30 days of the request (art. 12 para. 3 GDPR).

6. International data transfers

Personal data may be transferred outside the EU/EEA, the United Kingdom and Switzerland in the cases described below. Each transfer is based on appropriate safeguards pursuant to arts. 44-49 GDPR / UK GDPR and arts. 16-18 nFADP.

Data transfer by provider:

Health-feature data (cycle, sleep, wellbeing): no international transfer. It stays on the user's device and never leaves the phone.

For UK customers, the Data Protection Act 2018 (DPA 2018) also applies, supplementing the UK GDPR. For Switzerland, the nFADP ensures a level of protection equivalent to the GDPR.

7. Data subject rights and right of withdrawal

Under the GDPR (arts. 15-22), the UK GDPR (arts. 15-22) and the nFADP (arts. 25-27), you have the right to:

14-day right of withdrawal

To exercise these rights, write to: info@turnix.ch

7.1 Users outside the EU/EEA/Switzerland/United Kingdom (including USA, Brazil, Canada, Australia)

Turnix is available globally and applies the GDPR as the minimum level of protection in every country. The following are the additions for the main additional jurisdictions.

United States โ€” California (CCPA/CPRA)

Brazil (LGPD)

We recognize the rights provided by the LGPD (confirmation, access, correction, anonymization/deletion, portability, withdrawal of consent) and the ANPD authority. Data controller: Giacomo Cacciatore (info@turnix.ch).

Other countries (Canada, Australia, etc.)

We apply the GDPR standard as the minimum level and respect the rights provided by the applicable local laws.

8. Supervisory authorities

You have the right to lodge a complaint with the competent supervisory authority. The reference authorities for the regimes we explicitly follow are:

For countries whose authority is not listed above, you may contact the local data protection authority of your own country, where one exists.

9. Security

Data is protected by Row Level Security (RLS) on Supabase: each user accesses only their own data. Communication takes place over HTTPS/TLS.

Personal data breach notification: in the event of a personal data breach that entails a risk to the rights and freedoms of the user, Turnix will notify the competent supervisory authority of the user's country of residence within 72 hours of becoming aware of the breach, pursuant to art. 33 GDPR / UK GDPR and art. 24 nFADP. Where the breach is likely to result in a high risk to the rights and freedoms of the affected users (art. 34 GDPR), Turnix will communicate the breach directly to the users concerned without undue delay, in clear and plain language, indicating: the nature of the breach, the data and categories concerned, the likely consequences, the measures taken or proposed to mitigate the effects, and the point of contact info@turnix.ch.

10. Changes

Any material changes will be notified via the app. Continued use of the app after notice constitutes acceptance.