Upswitch
For SellersFor AdvisorsMultiplesPricingAboutFAQ
Log in
Log in

Privacy Policy

How we protect your personal data

Last updated: May 6, 2026 · Version 1.4

Data Processing Agreement (DPA)

The full DPA annex (bundle 2026.2) is on the DPA page; you can also download it as a text file. See the trust hub for sub-processors.

1. Controller roles

Upswitch BV is the data controller for personal data required for the account itself, the contractual relationship with Upswitch and use of the Platform (such as the Client's account, identification and billing data). Where the Client (for example an accounting firm) enters personal data about its own end clients or contacts into the Platform, or synchronises such data via accounting integrations (API, OAuth or import), the Client typically acts as controller for that data; Upswitch then processes that data as processor on behalf of the Client, in accordance with the Client's instructions and as further described in a Data Processing Agreement (DPA) on request. The specific role may vary by processing activity; contact us if in doubt. Upswitch BV Ghent, Belgium Company number: BE 1033.441.760 Email: hello@upswitch.app We have not currently appointed a Data Protection Officer (DPO). For all privacy-related inquiries, please contact us at the email address above. This privacy policy concerns data protection (GDPR) only and does not constitute tax, legal or financial advice regarding Platform content; see the Terms and Conditions (upswitch.app) for Upswitch's contractual role as a software provider.

2. What Data Do We Collect?

We process the following categories of personal data: Account Data • Name and email address • Company name and job title • Accounting firm name (if applicable) Business/Client Data entered in the Platform • Financial figures and normalizations • Business information for valuation reports • Uploaded documents and files Integrations and synchronisation (accounting packages, etc.) • OAuth tokens, connection metadata and technical synchronisation data required to link external sources • Data ingested via such connections (where it contains personal data) Technical Data • IP address and device information • Browser type and operating system • Usage logs and session data

3. Purposes and Legal Bases

We process your data for the following purposes: Performance of Contract (Art. 6(1)(b) GDPR) • Providing our SaaS services • Generating business valuation reports • Account management and access control • Technical operation of integrations and synchronisation with systems linked by the Client Legitimate Interest (Art. 6(1)(f) GDPR) • Security and fraud prevention • Product improvement and analytics • Technical support Legal Obligation (Art. 6(1)(c) GDPR) • Accounting and tax legislation • Response to legal requests Consent (Art. 6(1)(a) GDPR) • Marketing communications (optional) • Non-essential cookies (if applicable)

4. Processors and Data Sharing

We only share your data with trusted processors necessary for our services: Sub-processors (current list) • Vercel Inc. — Hosting and CDN (EU region, SCCs) • Supabase Inc. — Database and authentication (EU region, SCCs) • Resend Inc. — Transactional email (SCCs) • Stripe Inc. — Payment processing (certified EU-US Data Privacy Framework) Categories of processors: • Cloud infrastructure (hosting; primarily within the EU) • Authentication services • Email service providers • Payment processors • Error logging and monitoring (anonymized) • Integration and synchronisation infrastructure (technical processing of tokens and import/sync) The provider of a linked accounting or ERP package also processes data under its own terms when you connect as a user; refer to that provider's privacy policy. We never sell your personal data. All processors are bound by strict data processing agreements in accordance with GDPR. Changes to sub-processors will be announced at least 30 days in advance via email to account holders. You may object within 14 days of notification.

5. Transfers Outside the EEA

Your data is primarily processed and stored within the European Economic Area (EEA). If transfer to countries outside the EEA is necessary (e.g., for specific sub-processors), we ensure appropriate safeguards such as: • Standard Contractual Clauses (SCCs) approved by the European Commission • Adequacy decisions where applicable

6. Retention Periods

We do not retain your data longer than necessary: • Account data: As long as your account is active + up to 24 months after termination • Client/business data in dossiers and valuations: According to Client settings; default up to 24 months after last activity • Post-termination export window: 90 days to request an export • Backups: Rolling 90-day retention • Technical logs: Maximum 12 months • Billing data: 7 years (legal requirement) After the retention period expires, data is securely deleted or anonymized.

7. Security

We take the protection of your data seriously and implement appropriate technical and organizational measures: • Encryption in transit (TLS) and at rest (AES-256) • Access control based on least privilege • Regular security audits • Hosting within the EU at reputable providers • Employee training on data protection

8. Your Rights

Under GDPR, you have the following rights: • Right of access: Request a copy of your personal data • Right to rectification: Have incorrect data corrected • Right to erasure: Request deletion of your data • Right to restriction: Restrict processing in certain circumstances • Right to data portability: Receive your data in a structured format • Right to object: Object to processing based on legitimate interest • Right to withdraw consent: Withdraw previously given consent at any time To exercise your rights, contact us at hello@upswitch.app. We will respond within 30 days.

9. Complaints

If you believe we are not processing your personal data correctly, you can file a complaint with the supervisory authority: Belgian Data Protection Authority (GBA/APD) Drukpersstraat 35 1000 Brussels, Belgium https://www.dataprotectionauthority.be contact@apd-gba.be

10. Changes

We may update this privacy policy from time to time. Material changes will be announced 30 days in advance via email or the Platform. The most recent version is always available on this page.

11. Contact

For questions about this privacy policy or your personal data: Upswitch BV Ghent, Belgium Email: hello@upswitch.app

Upswitch

Defensible SME valuations in minutes, not months.

Log in·Sign up free

Upswitch BV — Zetel: Tuinwijk ter Heide 69, 9050 Gentbrugge, België — Ondernemingsnr.: 1033.441.760 — BTW: BE 1033.441.760 — RPR Ondernemingsrechtbank Gent — hello@upswitch.app

© 2026 Upswitch

·

Made within Ghent, Belgium

Companies·European SME multiples·Blog·Pricing·Valuation methods·Multiples database·Security·Privacy·Terms·