Yaan
Get started

End-User Privacy Notice

End-User Privacy Notice

Effective Date: January 2, 2025
Last Updated: January 2, 2025

This privacy notice explains how Yaan (operated by Zenith Hosting KLG) processes your data when you visit websites that use our bot protection service. We are committed to protecting your privacy and comply with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

1. Who We Are

Data Controller: Zenith Hosting KLG
Address: Saegebachweg 16a, 2052 Zollikofen, Switzerland
Contact: privacy@wuemeli.com

Yaan is a bot detection service that helps websites distinguish between legitimate human visitors and automated bots. When you visit a website using Yaan, we process certain data to protect that website from automated attacks, fraud, and abuse.

2. What Data We Collect

When you visit a website protected by Yaan, we collect the following categories of data:

2.1 Browser and Device Information

  • Browser type and version (user agent)
  • Operating system and platform
  • Language preferences
  • Screen dimensions and window size
  • Device capabilities (touch support, CPU cores, memory)
  • Network connection information (round-trip time)

2.2 Behavioral Data

  • Mouse movements, clicks, and coordinates
  • Keyboard interactions (timing only, not content)
  • Page scroll position
  • Page focus and visibility state

2.3 Technical Identifiers

  • A session identifier (stored in a cookie)
  • Page URL and referrer
  • Timestamp of interactions

2.4 What We Do NOT Collect

  • Your name, email address, or contact information
  • Passwords or payment information
  • The actual content of what you type
  • Location data beyond what's in your IP address
  • Personal browsing history
  • Any data from other websites

3. How We Use Your Data

We process your data exclusively for security and fraud prevention purposes:

  • Distinguishing human visitors from automated bots
  • Protecting websites from spam, credential stuffing, and abuse
  • Issuing verification tokens for form submissions
  • Generating anonymous, aggregated statistics for website owners

4. Legal Basis for Processing

We process your data based on legitimate interest under Article 6(1)(f) GDPR and equivalent provisions under Swiss FADP.

Our legitimate interest is to:

  • Protect websites from automated attacks and fraud
  • Ensure the security and integrity of online services
  • Provide a friction-free experience (no CAPTCHAs)

This legal basis is specifically recognized in GDPR Recital 47, which states: "The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned."

Under Swiss FADP, data processing is lawful unless it violates a personality right, and security measures to prevent fraud are considered a justified purpose.

5. Data Retention

We retain your data for the minimum period necessary:

Data TypeRetention Period
Session data6 hours
Verification tokens10 seconds
Pseudonymized logsMaximum 24 hours
Aggregated analytics30 days (fully anonymous, non-traceable)

After these periods, data is automatically and permanently deleted.

6. Cookies We Use

Yaan uses a single, essential cookie:

Cookie NamePurposeDurationType
X-ZENITHSession identifier for bot detection6 hoursStrictly Necessary

This cookie is:

  • HttpOnly: Cannot be accessed by JavaScript
  • SameSite Lax: Protected against cross-site request forgery
  • Partitioned: Isolated per website for enhanced privacy

This cookie is classified as "strictly necessary" for security purposes and does not require consent under GDPR and the ePrivacy Directive.

7. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We share data only with:

7.1 Website Owners

Website owners receive only:

  • Aggregated, anonymous statistics (total sessions, bot vs. human counts)
  • A yes/no verification result for form submissions
  • No individual user data is shared

7.2 Infrastructure Providers

We use the following providers to operate our service, all located in GDPR-adequate jurisdictions:

ProviderLocationPurpose
nine.chSwitzerlandPrimary hosting
HetznerGermanyInfrastructure
ScalewayFranceInfrastructure
BunnyCDNEUContent delivery
KeyCDNSwitzerlandContent delivery

All providers are bound by data processing agreements and process data exclusively within the EU/EEA or Switzerland.

8. International Data Transfers

All data processing occurs within the European Union and Switzerland. We do not transfer your data to countries outside the EU/EEA or Switzerland.

Switzerland has an adequacy decision from the European Commission, ensuring equivalent data protection standards.

9. Your Rights

Regardless of where you are located, we extend the following rights to all users:

Under GDPR (EU/EEA residents)

  • Right of Access: Request a copy of data we hold about you
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restriction: Request limited processing of your data
  • Right to Object: Object to processing based on legitimate interest
  • Right to Portability: Receive your data in a machine-readable format
  • Right to Lodge a Complaint: File a complaint with your supervisory authority

Under Swiss FADP

  • Right to information about data processing
  • Right to data correction and deletion
  • Right to object to data processing
  • Right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC)

How to Exercise Your Rights

Contact us at: privacy@wuemeli.com

We will respond within 30 days. Note that due to our minimal data retention (maximum 24 hours for identifiable data), we may not have data to provide in response to access requests.

10. Automated Decision-Making

Yaan uses automated processing to distinguish humans from bots. This is not "automated decision-making" in the GDPR Article 22 sense because:

  • It does not produce legal effects concerning you
  • It does not significantly affect you (legitimate users pass through seamlessly)
  • It is necessary for the legitimate interest of preventing fraud

If you are incorrectly identified as a bot, the website may ask you to retry or contact their support.

11. Children's Privacy

Yaan does not knowingly collect data from children under 16. Our service processes the same minimal technical data regardless of the visitor's age, and we do not use this data to identify or profile individuals.

12. Changes to This Notice

We may update this privacy notice to reflect changes in our practices or legal requirements. Significant changes will be posted on this page with an updated "Last Updated" date.

13. Contact Us

For privacy-related questions or to exercise your rights:

Zenith Hosting KLG
Saegebachweg 16a
2052 Zollikofen
Switzerland

Email: privacy@wuemeli.com

14. Supervisory Authority

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.

For Swiss residents: Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
https://www.edoeb.admin.ch