Central Registry

Privacy Policy

The protection of your privacy and the confidentiality of your personal data are of particular concern to us. We therefore explain to you below which of your data we process, for which purpose and what rights you have in this context.

We comply with the applicable data protection laws, in particular the Swiss Data Protection Act (FADP; revised as of September 1, 2023) and the associated Data Protection Ordinance (FODP). Where applicable, we also comply with the requirements of the European General Data Protection Regulation (GDPR).

1 Data controller and contact

The data controller responsible for the processing of the personal data according to this privacy policy is: CUE Labs Ltd, Gotthardstrasse 28, 6300 Zug, Switzerland.

If you have any questions or concerns in connection with this privacy policy, the following person can be contacted: CUE Labs Ltd, Gotthardstrasse 28, 6300 Zug, contact@cue.dev

2 Processing activities

This privacy policy applies to the following processing activities:

  • Visiting our websites which display or link to this privacy policy (Websites);
  • Registering for and using our services and products (e.g. CUE Unity, Central Registry, consulting and/or support contracts) (Services);
  • Interacting with the CUE open-source project and community e.g. via GitHub, Slack, Discord and social media channels;
  • Signing up to communications and receiving communications from us, including emails or texts;
  • Registering for and participating in our events, including community calls and office hours.

Our Websites and Services may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by their respective third-party privacy policy, which we encourage you to review to understand those third parties’ privacy practices.

3 Receipt and categories of personal data, nature, and purpose of processing

3.1 Receipt of personal data

We primarily process personal data that we receive from you, business partners and other people involved in the context of our business relationship with them, and we process the data in order to carry out our business activities.

3.2 Categories of personal data

We process the following categories of personal data:

  • From users and customers of our Services: name, email, role, company name, location, user data (e.g. IP address, GitHub name), usage of our Services (e.g. content and code you upload or download, how you interact with the Services), payment, transaction, and billing information/history, communications and interactions you have with us.
  • From business partners: name, email, role, company name, location, payment, transaction, and billing information/history, communications and interactions you have with us.
  • From visitors of our website cuelang.org: No personal data is collected.
  • From visitors of our Websites except cuelang.org: Visitor data like IP address, location data, operating system, device data, previously visited website, and general Website usage data, like sites you visit on our Websites, time you spend on sites, navigation paths, search queries, information you provide in forms, user behavior etc. while for not technical necessary information we only process such data if the corresponding consent has been given (see chapter 5 for more details)
  • As part of your interaction with the CUE GitHub project under github.com/cue-lang: user information like your GitHub username and public activity (e.g. issues raised, pull requests)
  • As part of your interactions with our community platforms (Slack, Discord) and social media channels (X, YouTube, Bluesky, LinkedIn): Username, public posts, reactions or comments, and interactions and communications with us. If applicable, company name, role, department, usual business contact details.

3.3 Type and purpose of personal data processing

We process personal data in the following way: collection, storage, analysis, deletion of personal data.

The purpose of the processing is:

  • For users and customers of our Services: providing our Services to users and customers, and customer support.
  • For other business partners: managing of the business relationship.
  • For our Websites: ensuring delivery and functions of our Websites, providing security and safety of our Websites.
  • For interactions with CUE GitHub project: providing our Services to users and customers, and customer support via GitHub.
  • For the interactions via our community platforms and social media channels: providing of our Services to users, customers and community members, and customer support.

3.4 Legal basis for personal data processing

Insofar as the GDPR is applicable, the legal basis for the processing is as follows:

For users and customers of our Services : Art. 6 para. 1 lit. b GDPR.

For our business partners: Art. 6 para. 1 lit. b GDPR.

When operating the Websites and regarding the interactions via GitHub and community platforms and social media channels: Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest is to ensure functionality and business continuity.

For analysis and marketing purposes through our Websites (except cuelang.org): Art. 6 para. 1 lit. a GDPR.

Insofar as you have given us consent to process your personal data for specific purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis and require one.

3.5 Storage period of personal data

Personal data is stored until the statutory retention periods have expired (generally 10 years for accounting and other records) and then deleted. Without a statutory retention requirement, personal data is deleted as soon as we no longer need it to achieve its purpose.

3.6 Not directed at children

Our Websites are not directed at children. We do not knowingly collect personal data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us and we will take steps to delete such personal data from our systems.

4 Transfer of personal data

Your personal data will only be transferred to external recipients for the purposes stated above. Your data will be transferred to the following categories of recipients:

User and Customer data of our Services:

  • Transfer of your data to our trusted external service providers, such as IT service providers and other vendors that assist us in operating and supporting our business activities.
  • Transmission of your payment data to our payment service provider.

Data of business partners:

  • Transfer of your data to our trusted external service providers, such as IT service providers and other vendors that assist us in operating and supporting our business activities.

Data related to our Websites and interactions via GitHub and Social Media:

  • Transfer of your data to our trusted external service providers, such as IT service providers and other vendors that assist us in operating and supporting our business activities.

The recipients may only process the personal data passed on to them for the purposes stated above.

Your personal data will generally be processed and transmitted in Switzerland, the European Union or a country with an adequate level of data protection in accordance with Art. 16 para. 1 FADP and Art. 45 GDPR.

If a transfer to another third country takes place, we ensure that a guarantee is in place in accordance with Art. 16 para. 2 FADP or Art. 46 ff. GDPR. If the GDPR is applicable, we will provide a copy of the guarantee on request.

In this context, we would like to point out that we use the customary services of various common provider of software tools to carry out our business activities. These providers sometimes store the data in global data centers. In certain cases, processing from third countries that do not offer an adequate level of data protection cannot be ruled out. In this case, we ensure that the measure is in line with the applicable data protection law in accordance with Art. 16 Para. 2 FADP and Art. 46 ff. GDPR).

5 Processing in the context of our Websites especially

We typically use cookies and similar techniques on our Websites (except cuelang.org) that can be used to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored by the web browser you are using on your computer or mobile device when you visit our website. If you visit this website again, we can recognize you even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your visit to the website (session cookies), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) (permanent cookies). You can set your browser to reject cookies, to only store them for one session or to delete them prematurely. Most browsers are set to accept cookies by default. If you block cookies, certain functionalities of the website(s) may no longer work.

In our marketing e-mails, we sometimes also include visible and invisible image elements, to the extent permitted, which allow us to determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and how we can tailor them to you. You can block this in your email program; most are set up to do this by default. By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these technologies. If you do not want this, you must set your browser or email client accordingly, provided that this cannot be customized via the settings.

6 Rights of the data subjects

Data subjects have the rights applicable to them under the applicable data protection law (in particular the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object, the right to data portability, the right to lodge a complaint with a supervisory authority). To exercise your rights, you can contact the data controller named at the beginning of this privacy policy at any time.

7 Security

We take precautions including organizational, technical, and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the personal data we process or use.

While we follow generally accepted standards to protect personal data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us via the e-mail address linked in section 1.

8 Changes to the privacy policy

We may amend this privacy policy at any time without notice. The current version published on our website applies.

Last updated: 01.04.2025

Central Registry