Last updated: 13 July 2026
This document is provided in five languages; in case of discrepancies, the German version prevails.
This platform is operated under the name COCKPIT by Avidia.ai, a subdivision of Netgen Switzerland AG. The controller responsible for the processing described in this policy is:
Netgen Switzerland AG
Seestrasse 356
CH-8038 Zürich
Switzerland
E-mail: hello@avidia.ai
Phone: +41 44 244 59 59
Netgen Switzerland AG has not appointed a data protection officer, as it is not legally required to do so. Instead, we have designated a contact point for all data protection matters, reachable at hello@avidia.ai.
Where the designation of a representative in the European Union pursuant to Art. 27 GDPR is required, Netgen Switzerland AG will designate such a representative and publish the representative's contact details in an updated version of this policy.
This Privacy Policy applies to the COCKPIT platform available at cockpit.avidia.ai and on customer-specific tenant subdomains (*.cockpit.avidia.ai), including all functions offered there (project and mandate management, time tracking, invoicing and collaboration).
Processing is governed primarily by the revised Swiss Federal Act on Data Protection (FADP). Where and to the extent that the EU General Data Protection Regulation (GDPR) applies — in particular to data subjects located in the EU/EEA — we additionally comply with the GDPR; references to GDPR articles in this policy serve that purpose.
COCKPIT is a multi-tenant business platform. Depending on the category of data, Netgen Switzerland AG acts in one of two distinct roles. This distinction determines who is responsible for the processing and to whom you should address requests:
We act as the controller for personal data that we process for our own purposes in operating the platform, namely:
We act as a processor for the content that customer organizations ("tenants") store and manage within their tenant, in particular records about clients, mandates and projects, time records, invoices and documents ("tenant content"). For tenant content, the respective tenant organization is the controller; we process this data exclusively on the tenant's instructions.
A data processing agreement (DPA) in accordance with Art. 28 GDPR and Art. 9 FADP forms part of the subscription contract and is available on request at hello@avidia.ai.
If you are recorded in COCKPIT as a client, contact or employee of one of our customers, please address data protection requests concerning that data to the customer organization concerned (see section 9).
As controller, we process the following categories of data for the following purposes. Where the GDPR applies, the legal basis under Art. 6(1) GDPR is indicated; under the FADP, processing is based on the corresponding statutory grounds and the principles of Art. 6 FADP.
We use the following subprocessors to operate the platform. Data is stored in Switzerland and/or the EU. Where personal data is transferred to countries outside Switzerland or the EEA that do not provide an adequate level of data protection, the transfer is safeguarded by adequacy decisions or the EU Standard Contractual Clauses (SCCs), supplemented where necessary for Swiss law.
| Subprocessor | Purpose | Data location |
|---|---|---|
| Supabase Inc. | Database and authentication | AWS eu-central-2, Zürich, Switzerland |
| Hetzner Online GmbH | Application hosting | Germany / Finland (EU) |
| Stripe Payments Europe Ltd. | Payment processing and subscription billing | EU (Ireland); transfers per Stripe's safeguards (SCCs) |
| Resend Inc. | Transactional e-mail (only when configured) | USA / EU; transfers safeguarded by SCCs |
| Bexio AG | Accounting synchronisation — only when the tenant connects its own Bexio account; the tenant is the controller of that data flow | Switzerland |
Beyond the above, we disclose personal data only where we are legally obliged to do so (e.g. to authorities on the basis of a binding order) or where you have consented.
We take appropriate technical and organizational measures within the meaning of Art. 32 GDPR and Art. 8 FADP to protect personal data, in particular:
Subject to the statutory conditions, you have the following rights with respect to your personal data:
To exercise these rights, contact us at hello@avidia.ai. We may request proof of identity to protect your data.
Requests concerning tenant content: where your data is contained in a tenant's content (e.g. you are a client or employee of one of our customers), the tenant organization is the controller. Please address your request to that organization; we support the tenant in fulfilling data subject requests within the scope of our role as processor.
You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch. If you are located in the EU/EEA, you may additionally complain to the supervisory authority of your habitual residence, place of work or the place of the alleged infringement.
We do not carry out automated individual decision-making within the meaning of Art. 22 GDPR or Art. 21 FADP, and we do not perform profiling.
We may amend this Privacy Policy from time to time, in particular when the platform or the legal framework changes. The version published on this page applies; material changes will be announced in an appropriate manner (e.g. by e-mail or an in-app notice). This version is effective as of 13 July 2026.