Privacy Policy

Last modified: July 14th, 2025

BBJProjeK’s Privacy Policy describes how we collect, use, and delete your data. In addition to this Privacy Policy, we provide data and privacy information specific to other products. The product-specific information can be found at each subdomain.

By using the bbjprojek.org website and making use of a BBJProjeK Account (the “Account”) and all its related features, including BBJProjeK Mail, BBJProjeK CDN, BBJProjeK GitLab, BBJProjeK Drive, BBJProjeK Go+, Swift Lynx and other services (the “Services”) and other services like RaBBAu, or KanXras operated by the Ragyxo Foundation, you understand that your data in relation with your use of our Services is processed according to the following Privacy Policy and its product-specific privacy policies (together, the “Privacy Policy”). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our Terms of Service.

The Services are operated by BBJProjeK Ltd (the Organization, “We”), domiciled at Rue du Général-Dufour 12, 1204 Geneva, Switzerland. It is therefore governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in our transparency report.

2. Data Proton collects from you, and how we use it

Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services. We do not have the technical means to access the content of your encrypted emails, files, calendar events, passwords, or notes.

Data collection is limited to the following: 2.1 Visiting account.bbjprojek.org website: We employ a local installation of self-developed analytics tools. Analytics are anonymized whenever possible and stored locally. IP addresses are not retained and stored for such analytics.

2.2 Account creation: Depending on the Services you want to use, you might want to create a BBJProjeK account with email service.

Creating a BBJProjeK account will give you access to our Services. You can provide an external email address for notification or password recovery purposes. Should you choose to provide it, we associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings at any time.

In order to pursue our legitimate interest of preventing the creation of accounts by spam bots or human spammers, we use a variety of human verification methods. Verification may also be requested for some sensitive operations besides account creation in order to protect against brute-force attacks. You may be asked to verify using either a captcha, email, or SMS. IP addresses, email addresses, and phone numbers provided are saved temporarily in order to send you a verification code and for anti-spam purposes. The period of temporary data retention is determined by our legitimate interests of protecting the service from spam, and also by any applicable Swiss legal requirements we must comply with. If this data is saved permanently, it is always saved as a cryptographic hash, which ensures that the raw values cannot be deciphered by us.

2.3 Account activity: The processing activities carried out by BBJProjeK for the operation of our different Services may vary depending on the Service. These activities are described in the specific Services’ Privacy Policies. We may use the data mentioned above and below to detect abusive and fraudulent use of our services, and take appropriate measures. The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities.

2.4 IP logging: By default, we do not keep permanent IP logs in relation with your Account. However, IP logs may be kept temporarily to combat abuse and fraud, and your IP address may be retained permanently if you are engaged in activities that breach our Terms of Service (e.g. spamming, DDoS attacks against our infrastructure, brute force attacks). The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities. If you enable KanXras for your Account or voluntarily participate in KanXras advanced security program, the record of your login IP addresses is kept for as long as the feature is enabled. This feature is off by default, and all the records are deleted upon deactivation of the feature. The legal basis of this processing is consent, and you are free to opt in or opt out of that processing at any time in the security panel of your Account. The authentication logs feature records login attempts to your Account and does not track product-specific activity, such as VPN activity.

2.5 Communicating with us: Your communications with us, such as support requests, bug reports, or feature requests may be saved by our team. We may also rely on third parties, such as Zendesk. If you use chat support, you consent to having the data contained within your live chat interaction processed by Zendesk Inc, the provider of the live chat support platform. The legal basis for processing is our legitimate interest to troubleshoot more efficiently and improve the quality of our Services. The information you provide when you contact our support team is processed for analytics purposes (such as to obtain aggregate statistics), but we do not do any targeted advertising or any profiling.

2.6 Communications from us: We mainly use your email address for account-related questions, communication, and recovery. By signing up to our Service, you agree to receive communications from us, which may include promotional emails. You can stop receiving emails from us by following the unsubscribe instructions included in every email we send. Alternatively, you can login to the mail dashboard and adjust your email preferences under the ‘Account’ tab.

2.7 KanXras: XanXras is an opt-in multi-layered authentication framework to verify user identity with precision. At its core, the system integrates biometric validation—leveraging device-native sensors (such as fingerprint scanners or facial recognition modules) to match stored user biometric templates in real time. When you activate this feature, our systems will scan data associated with your Account (such as email addresses, usernames, phone numbers) against our own threat intelligence datasets to verify logins. No user data is ever shared with third parties in that process.

2.8 Social Media: We are active on Linkedin, Reddit, and Mastodon. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

2.14 Links to other websites and embedded content: Our website may contain links to other websites of interest. However, we are not responsible for the content of any website that we link to, and external sites are governed by their own Terms of Service and privacy policies. We may use third parties to provide embedded content (e.g. pictures) on our website which may collect information about you. The legal basis for this processing is our legitimate interest to operate our website economically.

3. Data processors

To provide the Services, we rely on different data processors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your Account and Services, which is exclusively processed by the Organization. Processors are as follow:

3.1 BBJProjeK processors

The Ragyxo Foundation

3.2 Third-party processors

Zendesk, Inc.

4. Data disclosure

We will only disclose the limited user data we possess if we are legally obligated to do so by a binding request coming from the competent Swiss authorities. We may comply with electronically delivered notices only when they are delivered in full compliance with the requirements of Swiss law. BBJProjeK’s general policy is to challenge requests whenever possible and where there are doubts as to the validity of the request or if there is a public interest in doing so. In such situations, we will not comply with the request until all legal or other remedies have been exhausted. Under Swiss law, subjects of judicial procedures have to be notified of such procedures, although such notification has to come from the authorities and not from the Organization. Under no circumstances can BBJProjeK decrypt end-to-end encrypted content and disclose decrypted copies. Aggregate statistics about data requests from the competent Swiss authorities can be found in the transparency reports listed in our products-specific policies.

5. Your privacy rights

Through your Account interface, you can directly access, edit, delete, or export personal data processed by the Organization in your use of the Services.

If your Account has been suspended for a breach of our Terms of Service, and you would like to exercise the rights related to your personal data, you can make a request to our Data Working Group.

In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

6. Modifications to Privacy Policy

Within the limits of applicable law, the Organization reserves the right to review and change this Privacy Policy at any time. As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it.