Legal

Privacy Policy

Last updated: 5 May 2026. This policy describes how SheGrows collects, uses, and protects your information.

Working draft. This document is pending review by qualified legal counsel.

1. Introduction

SheGrows ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit shegrows.ch, join our waitlist, receive our Babylon Letters, or eventually use our platform.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Data Controller

The data controller responsible for your personal information is:

[Association full legal name]

3 Avenue Adrien Jeandin

1226 Thonex

Switzerland

Registration number: [Swiss registration number]

Email: hello@shegrows.ch

Note: Bracketed placeholders will be completed with the registered association details before this policy goes live.

3. Information We Collect

We collect information in the following ways:

3.1 Information you provide

  • Waitlist signup: first name, email address, language preference.
  • Communications: any information you include when emailing us at hello@shegrows.ch or otherwise contacting us.
  • Future platform use: when the platform launches in Q4 2026, we will collect financial profile information you choose to share through the conversational AI Sovereign Profile, including income, expenses, life situation, and financial goals. This collection will be subject to a separate, more detailed consent at that time.

3.2 Information collected automatically

  • Analytics: we use Vercel Analytics to understand how visitors use our site. This includes pages viewed, time on site, country of origin (via IP), and device type. Vercel Analytics is privacy-focused and does not use cookies for tracking.
  • Email engagement: when you receive our Babylon Letters, we may track whether they were opened and which links were clicked, to improve our communications.

3.3 Information from third parties

We do not currently purchase or receive personal information from third-party data brokers. When the platform launches, we will integrate with licensed brokerage partners for investment execution. Information shared with those partners will be governed by their own privacy policies, which we will link to clearly.

4. How We Use Your Information

We use your information solely to:

  • Deliver the Babylon Letters series you signed up for
  • Notify you when the platform launches and your founding member access opens
  • Operate the platform itself when it launches (creating and maintaining your Sovereign Profile)
  • Respond to your inquiries and support requests
  • Process subscription payments through Stripe (when applicable)
  • Improve our services through anonymous usage analytics
  • Comply with legal obligations
  • Protect against fraud and abuse

We do not sell your personal information. We do not share it with third parties for their marketing purposes. We do not use your data to target you with advertising on other platforms.

6. Data Storage and Location

Your personal data is stored within the European Economic Area, specifically in Frankfurt, Germany, on Supabase infrastructure. This means your data benefits from the full protection of the EU General Data Protection Regulation (GDPR) and Swiss data protection law.

Email delivery is handled by Resend, which operates from US infrastructure under EU-US Data Privacy Framework certification. Email metadata (delivery status, open rates) is processed by Resend; the email content is held briefly during sending and then discarded.

7. How We Share Information

We share information only with:

  • Service providers (processors): Supabase (data storage), Resend (email delivery), Vercel (hosting and analytics), Stripe (future payment processing). Each is contractually bound to protect your data and use it only for the services they provide to us.
  • Investment partners (future): when the platform launches and you choose to invest through one of our licensed brokerage partners, the information necessary to execute that investment will be shared with that specific partner, with your consent.
  • Legal authorities: when required by law, court order, or to protect our legal rights.
  • Successor entity: in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you in advance of any such change and your rights will be preserved.

We never sell your personal information to anyone.

8. Cookies and Tracking

We use minimal cookies and similar technologies. Our current use is limited to:

  • Strictly necessary: session cookies that allow the site to function (such as remembering your language preference).
  • Analytics: Vercel Analytics uses privacy-respecting techniques and does not use tracking cookies.

We do not use third-party advertising cookies, social media tracking pixels, or marketing trackers. When the platform launches, you will be presented with a clear cookie consent banner where you can manage your preferences.

9. Data Retention

We retain your information only as long as needed:

  • Waitlist data: retained until you unsubscribe, request deletion, or two years after your last interaction with our communications, whichever comes first.
  • Member account data (when applicable): retained for the duration of your membership plus 7 years (for tax and regulatory compliance), then deleted.
  • Analytics data: aggregated and anonymized after 90 days.
  • Legal/compliance records: as required by Swiss, EU, or other applicable law.

10. Your Rights Under GDPR

If you are in the European Economic Area or the UK, you have the following rights:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your data, subject to certain legal exceptions.
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: at any time, where processing is based on consent.
  • Right to lodge a complaint: with your local data protection authority.

To exercise any of these rights, email us at hello@shegrows.ch. We will respond within 30 days.

11. Your Rights Under California Law

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: what categories of personal information we collect and for what purpose.
  • Right to access: request the specific pieces of information we hold about you.
  • Right to delete: request deletion of your personal information.
  • Right to correct: request correction of inaccurate information.
  • Right to opt-out: we do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of, but the right exists.
  • Right to limit use of sensitive information: we collect minimal sensitive information and use it only for the services you request.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise these rights, email hello@shegrows.ch. You may designate an authorized agent to make a request on your behalf.

12. Your Rights Under Other US Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other US states with comprehensive privacy laws have similar rights to those described above for California residents. These include the right to know, access, delete, correct, and opt out of certain processing.

To exercise these rights, email hello@shegrows.ch. We will respond in accordance with applicable law.

13. International Transfers

Your data is primarily stored within the EU. When data needs to be transferred outside the EU (for example, to a US-based service provider), we ensure appropriate safeguards are in place:

  • EU Standard Contractual Clauses with all non-EU processors
  • EU-US Data Privacy Framework certification where applicable
  • Additional supplementary measures as required by the European Court of Justice

14. Children's Data

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at hello@shegrows.ch and we will take steps to delete that information.

15. Security

We implement industry-standard security measures to protect your data:

  • All data transmission encrypted via HTTPS/TLS
  • Data at rest encrypted on Supabase infrastructure
  • Row-level security policies governing database access
  • Regular security audits and updates
  • Access to personal data limited to authorized personnel on a need-to-know basis
  • Two-factor authentication required for all administrative access

Despite our best efforts, no system is completely secure. If you believe your account has been compromised, contact us immediately at hello@shegrows.ch.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect, and we will update the "Last updated" date at the top of this policy. Continued use of our services after the changes take effect constitutes acceptance of the updated policy.

17. Contact Us

For any questions about this Privacy Policy or to exercise your privacy rights, contact us at:

SheGrows Data Protection

Email: hello@shegrows.ch

Postal: 3 Avenue Adrien Jeandin, 1226 Thonex, Switzerland

If you are in the EU and not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.