Skip to content
Home
Wetrack logo

Privacy Policy

Last updated: May 11th, 2026
Provider: Polychrome Sàrl, Rue Joseph Girard 20, 1227 Carouge, Switzerland
Platform: Wetrack, available at wetrack.fashion, app.wetrack.fashion, our APIs, and related services.

This Privacy Policy explains how Polychrome Sàrl (“Wetrack”, “we”, “us”, or “our”) collects, uses, protects, and processes personal data. This policy applies to our business customers (“Customers”, “Brands”, or “Store Owners”) and the end-users who interact with our Platform, such as consumers scanning our Digital Product Passport (DPP) QR codes (“End-Users”).

We comply with the revised Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

1. Our Role (Controller vs. Processor)

Under applicable data protection laws, Wetrack acts in two different capacities:

  • Data Controller: We act as a Data Controller for the personal data of our Customers (e.g., the account, billing, and contact information of the brand representatives using our software).
  • Data Processor: We act as a Data Processor for any data the Customer uploads, structures, or generates within the Platform (e.g., product data, supplier info, and documents inside the Digital Product Passports). The Customer is the Data Controller for this information.

2. Data We Collect

A. Data collected from Customers (Brands/Store Owners)
  • Account Information: Name, email address, company name, and login credentials.
  • Billing Information: Billing address, subscription status, and payment history (actual payment processing is securely handled by third-party gateways like Stripe or Shopify; we do not store full credit card numbers).
  • Platform Usage Data: Interactions with the Platform, feature usage, IP addresses, and technical log data to ensure security and stability.
B. Data collected from End-Users (QR Code Scans)

When a consumer scans a Wetrack QR code or visits a public Digital Product Passport URL, we collect minimal technical data to ensure the service functions and to provide aggregated analytics to our Customers. This includes:

  • Technical Data: IP address (anonymized where possible), browser type, device type, operating system, and the time of access.
  • Location Data: General, non-precise geolocation (e.g., city or country level) derived from the IP address to show Brands where their products are being scanned.

*Note: We do not track End-Users across third-party websites or collect personally identifiable information (PII) from them during a standard QR scan unless they explicitly opt into a specific feature.

C. Customer Data (The Passports)

Customers populate the Platform with product and supply chain data. Our Terms of Service require that Customers do not include sensitive personal data within public Digital Product Passports.

3. How We Use Your Data

  • To provide the Service: Hosting passports, generating QR codes, and routing traffic.
  • To manage accounts: Billing, customer support, and essential service communications.
  • To improve the Platform: Analyzing aggregated usage metrics, stability testing, and error tracking.
  • AI-Assisted Features: If a Customer uses our AI features (e.g., Ariana) to draft or structure data, the input data is processed to generate the requested output.

4. Third-Party Processors & Sub-processors

To run Wetrack securely and efficiently, we rely on trusted third-party infrastructure and service providers. These sub-processors are contractually bound to protect your data:

  • DigitalOcean: For cloud hosting and file storage.
  • OpenAI: For powering AI-assisted drafting, translation, and data structuring. (We do not allow our AI providers to use Customer Data to train their base models).
  • Google Analytics: For website traffic and platform usage analytics.
  • tawk.to: For chat support communications.
  • Shopify / Stripe: For subscription management and billing.

5. Legal Basis for Processing (GDPR & FADP)

  • Performance of a Contract: To fulfill our obligations under our Terms of Service (e.g., providing the SaaS platform, billing).
  • Legitimate Interest: To ensure network security, prevent fraud, provide technical support, and improve our software.
  • Consent: When expressly provided (e.g., subscribing to a marketing newsletter or accepting non-essential cookies).
  • Legal Obligation: To comply with tax, accounting, or regulatory requirements.

6. Cookies & Tracking

  • Platform / Web App: We use essential cookies to maintain user sessions and security. We also use functional/analytical cookies (like Google Analytics) to understand how Customers interact with our dashboard.
  • Public Passports (End-Users): Public DPP pages are kept as lightweight and privacy-friendly as possible. We only use essential technical tracking to count page views and scan locations. We do not use retargeting or advertising cookies on public passports.

7. Data Retention

  • Customer Account Data: Retained for the duration of the active subscription, plus any legally mandated retention period for accounting and tax purposes (usually 10 years in Switzerland).
  • Digital Product Passports: As per our Terms of Service, published passports remain accessible for 12 months following a subscription cancellation, after which the data may be archived or deleted.
  • End-User Analytics Logs: IP logs and raw analytics events are typically aggregated or deleted within 36 months.

8. International Data Transfers

Wetrack is based in Switzerland, a jurisdiction recognized by the European Commission as providing an adequate level of data protection. When we transfer data to third-party sub-processors located outside of Switzerland or the European Economic Area (EEA)—such as to the United States—we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and compliance with relevant Data Privacy Frameworks.

9. Your Privacy Rights

Under the FADP and GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request the deletion of your personal data (“Right to be Forgotten”), subject to legal retention requirements.
  • Objection & Restriction: Object to or request the restriction of processing your data.
  • Data Portability: Request your data in a structured, commonly used format.

Customers can manage most of these rights directly within the Platform dashboard. For specific requests, contact us at the email below. End-Users seeking data deletion regarding information managed by a specific Brand should contact that Brand directly, as they are the Data Controller.

10. Security

We implement strict technical and organizational measures to protect data, including HTTPS encryption, restricted API access, authentication controls, and secure cloud infrastructure monitoring.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect product changes or legal updates. The latest version will always be published on wetrack.fashion/privacy. For material changes, we will notify Customers via email or a platform notification.

12. Contact Information

Polychrome Sàrl
Rue Joseph Girard 20
1227 Carouge, Switzerland
Email: info@polychrome.ch
Website: www.polychrome.ch