Figma 2 React | Expert Design System Development

Data Controller

This Privacy Policy outlines our practices for processing personal data under Swiss FADP and the EU GDPR. It applies to all data collected via our website, contact forms, and service communications. For business registration and legal details, see our Legal Notice.

Data Controller: soosap GmbH
Effective Date: August 18, 2025
Last Updated: August 18, 2025

Data Collection

We collect personal data that you provide directly, as well as data gathered automatically through technical systems and analytics. All automatic analytics are handled exclusively via a self-hosted instance of PostHog, and all personal data is stored and processed within the EU/Switzerland as described in our policy. Below is a detailed list of the types of data collected:

Direct Data (Provided by You)

Full Name: As entered on forms or in email communications.
Company Name: If provided as part of a quote or inquiry.
Job Title/Role: If included in the request form or email.
Project Details: Specifications, descriptions, and requirements you share for project consultation or quotes.
Service Inquiry Content: Information provided in support requests, messages, or any free-text input fields, i.e. Figma designs, Sketch files, PDF files, etc.

Automatic Data (Collected by Systems)

IP Address: Logged for security and analytics (anonymized where possible).
Browser Information: Type, version, language, and device-related technical details.
Operating System & Device Data: OS name/version, device type (desktop/mobile/tablet), screen resolution.
Site Usage Statistics: Pages visited, time spent on site, navigation and click behavior (via self-hosted PostHog).
Referral & Source URLs: How you arrived at the website (if available).
Cookies & Preference Data: Information about your settings, cookie choices, and session identifiers.
Technical Logs: Data related to site errors, system events, and security monitoring activities.

What We Do NOT Collect

Payment or Financial Data: No payment info is requested or processed.
Sensitive Personal Data: No collection of health, political, religious, or biometric information.

Data Processing

We process your personal data only for specific, legitimate purposes that are necessary for our business operations and service delivery. This section details how and why we use your data, along with the legal basis that permits each type of processing under GDPR and Swiss FADP.

Service Delivery & Communications

Quote Processing: Handle service inquiries and project specifications using contact details and project requirements.
Client Management: Maintain ongoing communications and project delivery using email and correspondence history.
Support Services: Provide technical consultation and customer support using communication data.
Legal Basis: Performance of contract (GDPR Art. 6(1)(b))
Retention: 7-10 years (Swiss commercial law requirements)

Website Analytics & Security

Usage Analysis: Monitor website performance and user experience using anonymized IP addresses, browser data, and page views.
Security Monitoring: Protect against threats and unauthorized access using technical logs and access patterns.
Performance Optimization: Identify technical issues and improve functionality using system metrics and error reports.
Fraud Prevention: Detect malicious activity using usage patterns and metadata analysis.
Legal Basis: Legitimate interests (GDPR Art. 6(1)(f)) and consent for analytics cookies (GDPR Art. 6(1)(a))
Retention: 12-26 months depending on data type

Legal Compliance & Business Operations

Record Keeping: Maintain business correspondence and contracts for Swiss commercial law compliance.
Privacy Requests: Process data subject rights requests and maintain compliance documentation.
Business Analysis: Understand service demand using anonymized inquiry patterns and feedback.
Regulatory Compliance: Meet GDPR/FADP obligations for data protection and user rights.
Legal Basis: Legal compliance (GDPR Art. 6(1)(c)) and legitimate interests (GDPR Art. 6(1)(f))
Retention: 3-7 years depending on legal requirements

We do not engage in automated decision-making, profiling, or data sales. All processing follows data minimization principles and is limited to stated purposes only.

Data Retention

Personal data is retained only as long as necessary:

Inquiries: Until resolved + 2 years
Client communications: Up to 10 years (legal retention)
Analytics: 26 months max
Technical Logs: 12 months

Data is regularly reviewed and securely deleted when no longer required.

Data Security

We implement security measures that reflect our commitment to protecting your data through careful infrastructure choices and professional practices.

European Data Sovereignty: Your personal data is exclusively processed and stored within European borders through our deliberate choice of AWS Frankfurt (eu-central-1) infrastructure and ProtonMail's Swiss servers. This strategic positioning ensures your information benefits from Europe's strongest data protection laws while eliminating risks associated with international data transfers to countries with weaker privacy frameworks.
End-to-End Encryption Architecture: All data transmission uses TLS 1.3 encryption protocols, while stored data is protected with AES-256 encryption both on AWS infrastructure and within ProtonMail's Swiss data centers. This military-grade encryption ensures that even if unauthorized parties somehow accessed our systems, your data would remain completely unreadable and unusable to them.
Professional Confidentiality Standards: Every piece of client information, from initial project inquiries to detailed technical specifications, is treated with the same discretion expected from Swiss financial institutions. Our small team structure means fewer people have access to your data, and all personnel understand that client confidentiality is fundamental to our professional reputation and business ethics.
Infrastructure Resilience & Recovery: AWS provides automated encrypted backups distributed across multiple European facilities, ensuring your data remains safe even in the event of hardware failures or natural disasters. Combined with ProtonMail's redundant Swiss infrastructure, this approach guarantees business continuity while maintaining strict European data residency requirements.

Data Sharing

We maintain strict control over your personal data and share it only with essential service providers required to deliver our services. We never sell, rent, or share personal information for marketing purposes. All data sharing arrangements include comprehensive data protection agreements and remain within European jurisdictions.

AWS Frankfurt: All website data, analytics, and backups are hosted exclusively on Amazon Web Services infrastructure located in Frankfurt, Germany (eu-central-1). This ensures European data residency while leveraging enterprise-grade cloud security and reliability standards.
PostHog Analytics: Website usage analytics are processed through our self-hosted PostHog instance running on our AWS infrastructure. No data is shared with PostHog Inc. or any external analytics companies, ensuring complete data sovereignty.
ProtonMail: All client communications and business correspondence are handled through ProtonMail's Swiss-based secure email infrastructure. This provides end-to-end encryption and benefits from Switzerland's stringent privacy laws and data protection standards.

No Sales: Personal data is never sold, rented, or monetized through third-party relationships or advertising networks.

EU-Only Processing: All personal data processing occurs exclusively within the European Economic Area and Switzerland, with no transfers to third countries.

Binding Agreements: All service providers are bound by comprehensive data processing agreements that enforce GDPR compliance, security standards, and confidentiality obligations.

User Rights

Under the Swiss FADP and GDPR, you have comprehensive rights regarding your personal data. We are committed to honoring these rights promptly and transparently. All requests are processed free of charge, and we respond within 30 days of receiving a valid request with proper identity verification.

Access & Portability Rights

Data Access: You can request a complete copy of all personal data we hold about you, including the sources, processing purposes, and any recipients. We provide this information in a clear, structured format that explains exactly how your data is being used.
Data Portability: Unlike many tech companies that create vendor lock-in, we deliver your React component libraries through Git repositories that you fully own and can enhance independently without any dependencies on our services. You also have the right to receive your personal data in a structured, machine-readable format (such as JSON or CSV) for transfer to another service provider.

Correction & Control Rights

Rectification: You can request correction of any inaccurate or incomplete personal data we maintain about you. We will update our records promptly and notify any third parties who received the incorrect information.
Erasure: You can request deletion of your personal data ("right to be forgotten") when it's no longer necessary for our stated purposes, unless we have legal obligations to retain certain records under Swiss commercial law.
Processing Restriction: You can request that we temporarily halt processing of your data while we investigate accuracy concerns or process your objections to our legitimate interest-based processing activities.

Consent & Objection Rights

Withdraw Consent: You can withdraw consent for analytics cookies and voluntary communications at any time through your browser settings or by contacting us directly. Withdrawal doesn't affect the lawfulness of processing before consent was withdrawn.
Object to Processing: You can object to data processing based on legitimate interests, particularly for analytics and business improvement purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

Exercise Your Rights

Contact Method: Send requests to gruezi@kolaveri.co with the subject line "Data Protection Request - [Request Type]" and include your full name and email address for verification purposes.
Response Time: We acknowledge receipt within 48 hours and provide a complete response within 30 days. Complex requests may require up to 60 additional days with advance notification.
Identity Verification: For security, we may require additional verification before processing requests involving data access or deletion to prevent unauthorized access to your personal information.
Complaint Rights: If you believe we've violated your data protection rights, you can file complaints with the Swiss Federal Data Protection Commissioner (FDPIC) or your local EU Data Protection Authority.

Your rights are not just legal requirements—they're fundamental to building trust in our professional relationship.

Cookie Policy

This Cookie Policy explains how we use cookies and similar tracking technologies when you visit our website. We believe in transparency about data collection, so here you'll find detailed information about each type of cookie we use, why we use them, and how you can control your preferences. Understanding our cookie practices helps you make informed decisions about your privacy while using our website. Any information that we collect will be used in accordance with our Privacy Policy.

Understanding Cookies & Data Collection

What Are Cookies: Cookies are small text files stored in your browser that help websites recognize your device and remember your preferences across visits. They enable website functionality, enhance user experience, and provide insights to improve our React component library services. We use both session cookies that are deleted when you close your browser and persistent cookies that remain until expiration or manual deletion.
Why We Collect Cookie Data: We collect cookie data to understand how clients discover and use our Figma-to-React conversion services, allowing us to improve delivery quality and optimize our offerings. This data helps maintain form data, security tokens, and user preferences during your website session while providing valuable business intelligence. Our analysis of demand patterns for React component libraries and design system implementation services enables us to better serve our clients' needs.
Data Processing Legal Basis: Essential cookies are necessary for service provision and require no consent under GDPR Article 6(1)(b), while analytics cookies require your explicit consent under GDPR Article 6(1)(a) and Swiss FADP requirements. We process preference cookies based on legitimate interest in providing enhanced user experience, though you always retain the option to disable them. This approach ensures compliance with both Swiss and European data protection standards.

Essential Cookies (Always Active)

Session Management: These cookies maintain contact form data and quote request information during your visit to prevent data loss when navigating between pages. They store form field contents, navigation state, and temporary session identifiers that are automatically deleted when you close your browser. This functionality is essential for ensuring a smooth user experience when requesting quotes or contacting our team about React development projects.
Security Protection: Our security cookies prevent cross-site request forgery (CSRF) attacks and protect against malicious activity through Next.js built-in security features. These cookies use encrypted action tokens and origin validation to ensure all form submissions and server interactions remain secure. This protection is applied automatically to maintain the integrity of your data and our systems without requiring any action on your part.
Cookie Consent Preferences: These cookies remember your cookie choices and consent decisions for future visits, storing your specific consent configuration in local browser storage. They track whether you've enabled or disabled analytics tracking and enhanced functionality features, ensuring your preferences are respected across sessions. You can access and modify these settings through our cookie preference center or your browser settings at any time.

Optional Cookies (Your Choice)

Performance & Analytics Cookies: These cookies enable website usage analysis through our self-hosted PostHog analytics platform, collecting data on page views, session duration, referral sources, and anonymized user behavior patterns. All analytics data is exclusively processed on our AWS Frankfurt (eu-central-1) servers with no external data sharing, helping us understand which React development services resonate with potential clients. The data is retained for a maximum of 26 months with automatic deletion, and you have full control to enable or disable this tracking through our consent banner.
Functionality & Preferences Cookies: These cookies enhance your user experience by storing personalized settings such as language preferences, accessibility options, and customized interface configurations. They enable faster, more personalized website interactions tailored to your specific needs and preferences, with data stored for a maximum of 12 months. You can easily enable or disable these enhanced functionality features while still maintaining access to all core website features and services.
Future Third-Party Integration Cookies: Currently not implemented, these cookies are reserved for potential future services such as social media sharing, additional communication tools, or design platform integrations. Any future integrations will only use EU/Switzerland-based providers and will require explicit consent before activation, maintaining our commitment to European data residency standards. When available, you will have complete control to enable or disable these third-party features through individual toggle options in our preference center.

Cookie Control & Management

Consent Management: Our cookie banner appears on your first visit with clear options to "Accept All," "Reject All," or "Manage Preferences" for granular control over each cookie category. Individual toggle switches allow you to enable or disable specific cookie types with clear descriptions of their functionality and benefits. You can access and modify your cookie preferences at any time through our website footer or browser settings, ensuring complete control over your privacy choices.
Browser-Based Controls: All major browsers provide cookie management capabilities through their privacy settings, allowing you to view, delete, or block cookies from specific websites. Chrome and Edge users can access these controls through Settings > Privacy and Security > Cookies, while Firefox users navigate to Settings > Privacy & Security > Cookies and Site Data. Safari users can manage cookies through Preferences > Privacy > Manage Website Data, and mobile browser users can find similar options in their browser's privacy or site settings menu.
Data Subject Rights: You have the right to request complete information about cookies stored and data collected by contacting us at for detailed privacy consultations. You can remove all non-essential cookies immediately through our preference center or browser controls without affecting essential website functionality. Additionally, you can object to any optional cookie category while maintaining full access to our core services and React development consultation offerings.
Updates & Changes: We communicate policy updates through cookie banner notifications and email alerts for significant changes that affect your privacy choices, ensuring you're always informed about our data practices. Our version control system tracks all policy changes with clear documentation and user notification requirements, maintaining transparency about how we handle your data. Major changes to cookie functionality or new cookie categories will require fresh consent through an updated banner with enhanced choice options and detailed explanations.

Cookie Questions? Contact for technical support or privacy consultations.