sendlix.io
Get started

Privacy Policy

1) Introduction and Controller

**1.1** Thank you for your interest in Sendlix.io. Below we explain which personal data we process when you visit this website and which rights you have in this respect.

**1.2** The controller for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (revFADP) is:

onboos GmbH, Linerhofstrasse 5, 9032 Engelburg, Switzerland. Phone: +41 71 571 48 90. Email: hallo@onboos.com.

**1.3** For any data protection enquiries regarding Sendlix.io, please contact us at mail@sendlix.io. Where required by law (Art. 27 GDPR), David Tatzl is our representative in the European Union (info@onboos.com, +41 79 829 18 95).

**1.4** This privacy policy applies to the publicly accessible website sendlix.io. The logged-in Sendlix platform (admin.sendlix.io) is governed by a separate privacy policy that is linked within the platform. The processing of recipient and shipment data of our business customers as part of the Sendlix platform is governed by the data processing agreement (DPA) concluded between Sendlix and the respective business customer.

2) Data collected when you visit the website

**2.1** When you simply browse this website without registering or otherwise transmitting information to us, we only collect the data that your browser sends to our server (so-called "server log files"). This includes in particular:

the URL accessed,

date and time of access,

the volume of data transmitted in bytes,

the source / referrer from which you reached our website,

the browser and operating system used,

the IP address used (generally anonymised or truncated).

The processing is based on Art. 6 (1) lit. f GDPR and our legitimate interest in the stability, security and functionality of our website. We do not pass on this data or use it for other purposes; we only reserve the right to subsequently review server log files if there is concrete evidence of unlawful use.

**2.2** For security reasons and to protect personal data, this website uses TLS 1.2 or higher encryption. You can recognise the encrypted connection by the "https://" prefix and the lock symbol in your browser bar.

3) Hosting

This website is operated on the infrastructure of the following provider:

Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA — delivery via the EU edge network (Frankfurt and other EU locations).

The website's content is delivered through the provider's edge network; no primary processing of personal content takes place in this context. As part of the delivery, the provider processes server log files as described in section 2.1.

The processing is based on Art. 6 (1) lit. f GDPR and our legitimate interest in reliable, fast and secure delivery of the website. We have concluded a data processing agreement (DPA) with the provider that protects the data of our website visitors and prohibits unauthorised disclosure to third parties. For any data transfers to the USA, the provider relies on the EU-US Data Privacy Framework or safeguards the level of protection through EU Standard Contractual Clauses.

4) Cookies and similar technologies

On this website we use only strictly necessary cookies and comparable storage mechanisms — except for the consent-based tools described in section 5. They are required to ensure the website works reliably (e.g. to remember your language preference).

The legal basis for the use of these strictly necessary cookies is Art. 6 (1) lit. f GDPR in conjunction with Section 25 (2) no. 2 TTDSG (Germany) and Art. 31 (2) lit. a revFADP (Switzerland). No consent is required.

You can configure your browser to inform you about the setting of cookies and to allow you to decide on their acceptance individually, or to refuse cookies in general. If you refuse certain cookies, the functionality of our website may be limited.

5) Web analysis and tag management

5.1 Google Tag Manager

This website uses Google Tag Manager (GTM) provided by:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Data may also be transmitted to servers of Google LLC (USA).

Google Tag Manager is used solely to manage tags on our website and does not itself process personal data for marketing or analysis purposes. However, when you load the page, Tag Manager transmits your IP address to Google.

If additional consent-based services (e.g. web analytics tools) are integrated via Google Tag Manager, they are only loaded after you have given your express consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future via the cookie consent tool provided on this website.

We have concluded a data processing agreement with Google. For data transfers to the USA, the provider relies on the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

For more information, see <https://policies.google.com/privacy>.

6) Contacting us

If you contact us via the contact form, by email (e.g. mail@sendlix.io or hallo@onboos.com) or via other channels indicated on the website, we process the data you transmit (in particular name, company, contact details and the content of your enquiry) for the purpose of handling your request.

The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in responding to enquiries) and, where the enquiry is aimed at concluding a contract, additionally Art. 6 (1) lit. b GDPR (pre-contractual measures).

We only store your enquiry for as long as it is necessary to handle it and to comply with statutory retention obligations. We do not use your data beyond this scope.

7) Demo and discovery call bookings

If you book a discovery call or a demo via our website, we process the data you provide (in particular name, company, email address, phone number and the content of your request) for the purpose of arranging and preparing the meeting.

The legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures) and Art. 6 (1) lit. f GDPR (legitimate interest in efficient business engagement).

We store the data for as long as it is necessary to handle your request and any subsequent business relationship.

8) Recipients of the data

Your personal data is only passed on to third parties if this is necessary for the performance of a contract, you have given your consent or there is a legal obligation. In particular, we transmit data to the following recipients:

Vercel Inc. as hosting provider (see section 3),

Google Ireland Limited in connection with Google Tag Manager (see section 5.1),

CRM and communication providers used by us, where applicable, in connection with handling enquiries and demo bookings.

A current list of the sub-processors used by Sendlix for the operation of the platform can be found at sendlix.io/subprocessors.

9) International data transfers

Where individual service providers are based outside the EU/EEA (in particular in the USA), data transfers to a third country are only carried out under the conditions of Chapter V GDPR. Specifically, we ensure the level of protection through the following safeguards:

accession to the EU-US Data Privacy Framework (where the relevant provider is certified),

conclusion of EU Standard Contractual Clauses (SCC) in the version currently in force,

additional technical and contractual safeguards as part of a Transfer Impact Assessment.

10) Storage period

We store personal data only for as long as it is necessary for the purposes set out in sections 2 to 7 or there are statutory retention obligations. Server log files are generally deleted or anonymised within 30 days. The content of contact enquiries is deleted as soon as the request has been finally processed and there are no statutory retention obligations to the contrary.

11) Your rights

Where we process personal data relating to you, you have the following rights under the GDPR and revFADP, in particular:

right of access regarding the data we process about you (Art. 15 GDPR),

right to rectification of inaccurate or incomplete data (Art. 16 GDPR),

right to erasure of your data, unless statutory retention obligations or legitimate interests prevent this (Art. 17 GDPR),

right to restriction of processing (Art. 18 GDPR),

right to data portability — receipt of your data in a structured, machine-readable format (Art. 20 GDPR),

right to object to processing based on Art. 6 (1) lit. f GDPR (Art. 21 GDPR),

right to withdraw a given consent with effect for the future.

To exercise these rights, an informal message to mail@sendlix.io is sufficient. We process requests within the statutory deadlines (generally 30 days).

You also have the right to lodge a complaint with a data protection supervisory authority — in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC), in Germany with the state data protection authority responsible for your place of residence, in Austria with the Data Protection Authority (DSB) or with any other supervisory authority within the EU competent for you.

12) Data security

We use technical and organisational measures to protect your data against unauthorised access, loss and manipulation. These include in particular:

TLS encryption of all data transmissions,

protection of the website against bot traffic and misuse through appropriate security measures,

regular updates to the software and components in use.

A more detailed description of our technical and organisational measures is provided to business customers on request as part of the data processing agreement (DPA).

13) References to further data protection documents

Privacy Policy Platform (for the logged-in Sendlix platform at admin.sendlix.io): linked within the platform; covers the processing of account, login and platform diagnostic data of our business customers.

Data Processing Agreement (DPA): governs the processing of recipient data of our business customers on behalf of and in accordance with instructions from the respective business customer in accordance with Art. 28 GDPR.

Sub-processor list: sendlix.io/subprocessors.

Terms and Conditions: sendlix.io/agb.

Imprint: sendlix.io/impressum.

14) Changes to this Privacy Policy

We reserve the right to update this privacy policy in order to adapt it to changes in the law, features of the website or service providers used. The version currently in force is available at sendlix.io/datenschutz.

Stand: April 2026