Earlybyte

Earlybyte Navbar

Back to BuilderPrivacy PolicyTermsImpressum

Privacy Policy

General Information

Protecting your personal data is important to us. Personal data is processed in accordance with applicable Swiss data protection law (revDSG) and, where applicable, the GDPR.

This Privacy Policy explains how Earlybyte GmbH collects, processes, stores, and protects personal data when you use the Earlybyte Navbar website and the Carrd Navbar Builder application.

Responsible Entity

Earlybyte GmbH Tössuferweg 25 8406 Winterthur Switzerland

info@earlybyte.ch

This website and the Carrd Navbar Builder are operated by Earlybyte GmbH.

Data We Collect

Depending on how you use the website and application, we may collect and process the following information.

Account Information

  • Name or display name
  • Email address
  • Supabase user ID
  • Linked authentication provider information

Authentication & Session Data

  • Session identifiers
  • Login timestamps
  • Session expiry timestamps
  • Security-related authentication information

Navbar Builder Data

  • Saved navbar configurations
  • Navigation labels
  • Links, dropdown structures, and URLs
  • Styling, layout, color, and font settings
  • Preview-related configuration data

Exported navbar snippets are standalone code snippets copied by the user. Once exported and added to third-party platforms such as Carrd, Earlybyte GmbH no longer controls how that code is hosted or used.

Billing & Purchase Information

  • Stripe customer ID
  • Subscription information
  • Purchase status
  • Plan and entitlement information
  • Billing status and timestamps

Payment card information is processed directly by Stripe and is not stored on our servers.

Technical & Usage Data

  • IP address
  • Browser and device information
  • Operating system
  • Referrer URLs
  • Usage and interaction data
  • Analytics information

Purpose of Data Processing

We process personal data for the following purposes:

  • Providing and operating the Carrd Navbar Builder
  • User authentication and account management
  • Saving and managing navbar configurations
  • Processing subscriptions and one-time purchases
  • Managing user entitlements and access rights
  • Improving functionality and usability
  • Ensuring platform security and preventing abuse
  • Responding to support requests and communication
  • Analysing website and application usage

Legal Basis for Processing

Where Swiss data protection law applies, we process personal data only where permitted by applicable law. Where the GDPR applies, the legal basis depends on the purpose of processing:

  • Contract performance: providing the Carrd Navbar Builder, user accounts, saved navbars, generated-code access, subscriptions, one-time purchases, and support.
  • Legal obligation: accounting, tax, VAT, bookkeeping, compliance, and legally required retention.
  • Legitimate interest: platform security, fraud prevention, abuse prevention, service improvement, technical operations, and necessary business administration.
  • Consent: analytics, marketing communication, and optional cookies or tracking technologies where consent is required.

Authentication & User Accounts

Authentication is handled through Supabase Auth. Supported authentication methods may include:

  • Google OAuth
  • Microsoft OAuth
  • Email/password authentication
  • Email confirmation and password reset flows

Supabase access tokens are validated server-side and are not permanently stored in the application database. After successful validation, the application creates an internal session using a secure session cookie.

We may send service-related emails such as account confirmations, password resets, billing notifications, authentication-related communication, or support messages.

Cookies & Sessions

The application uses cookies required for authentication and session management.

Session Cookie

The Carrd Navbar Builder uses a session cookie named:

carrd_navbar_builder_session

This cookie:

  • stores an opaque session token
  • does not contain Supabase access tokens
  • is used for authentication and security purposes
  • expires automatically after a defined period

Cookies may also be used for analytics and functionality purposes.

Where analytics or optional cookies are used, they are only used where permitted by applicable law and, where required, after consent. Users can manage or withdraw cookie and analytics consent through the consent controls provided on the website, if available, and may also block or delete cookies through their browser settings. Please note that disabling required cookies may affect application functionality.

Google Analytics

This website may use Google Analytics to better understand how visitors use the website and application.

Google Analytics may collect information such as:

  • visited pages
  • session duration
  • browser information
  • approximate geographic region
  • device information

Google Analytics may use cookies and similar technologies.

Data processed by Google may be transferred to servers outside Switzerland or the European Union.

If Google Analytics is active, users can opt out or manage analytics consent through the website's consent controls, where available. Users may also use browser settings, privacy extensions, or Google's available opt-out tools to limit analytics tracking.

Additional information can be found in Google's Privacy Policy.

Google Fonts

The website and legal embeds may load the Manrope font from Google Fonts. When Google Fonts are loaded from Google's servers, technical information such as the user's IP address, browser information, and requested font files may be transmitted to Google.

Payments & Billing

Payments, subscriptions, checkout, and billing functionality are handled through Stripe.

Stripe may process:

  • payment information
  • billing addresses
  • transaction information
  • subscription status
  • customer identifiers

We only store billing-related information necessary to manage purchases and subscriptions.

Payment card details are processed directly by Stripe and are never stored on our servers.

More information:

Stripe Privacy Policy

Third-Party Services

We use third-party services to operate the website and application infrastructure.

Supabase

Used for:

  • authentication
  • account management
  • OAuth login flows

Stripe

Used for:

  • subscriptions
  • one-time purchases
  • billing management
  • payment processing

Mailjet

Used for:

  • transactional emails
  • authentication-related emails
  • password reset emails
  • account confirmation emails
  • service communication

Google Analytics

Used for:

  • website and usage analytics

Carrd

Used for:

  • public website hosting
  • website page delivery
  • embedded legal page presentation

Google Fonts

Used for:

  • loading and displaying website fonts

Hetzner

Used for:

  • hosting, application infrastructure, and server operations

Infomaniak

Used for:

  • DNS infrastructure and related services

These providers may process data outside Switzerland or the European Union in accordance with their own privacy policies and applicable safeguards.

Data Retention

We retain personal data only for as long as necessary to provide services, fullfil contractual obligations, comply with legal requirements, or maintain legitimate business interests.

  • Active account and navbar data is retained while the account exists.
  • Session data expires automatically after a defined period.
  • Billing and entitlement information may be retained for accounting, fraud prevention, and legal obligations.
  • Deleted accounts may result in the removal of associated navbar data and local application records.

Account Deletion

Users can request or initiate account deletion.

Deleting an account may remove:

  • saved navbar configurations
  • local application user records
  • active sessions
  • entitlement records
  • local subscription records

Some billing or legal records may need to be retained where required by applicable law.

Security Measures

We implement appropriate technical and organisational measures to protect personal data.

These measures include:

  • hashed session token storage
  • server-side token validation
  • restricted access controls
  • encrypted connections (HTTPS)
  • security-focused session management

While we strive to protect all data, no internet-based service can guarantee absolute security.

International Data Transfers

Some third-party providers used by the application may process or store data outside Switzerland or the European Union.

Where applicable, appropriate safeguards are used to ensure adequate protection of personal data.

Your Rights

Depending on applicable law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request deletion of personal data
  • object to certain processing activities
  • withdraw consent where processing is based on consent
  • request restriction of processing, where the GDPR applies
  • request data portability, where the GDPR applies

Requests can be submitted to:

info@earlybyte.ch

You may also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC). If the GDPR applies to the processing of your personal data, you may also have the right to lodge a complaint with a competent supervisory authority in the EU or EEA.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, services, or technical implementation.

The latest version published on this website is always applicable.

Contact

If you have questions regarding this Privacy Policy or the processing of personal data, please contact:

Earlybyte GmbH info@earlybyte.ch