Arnaut Belcour

Legal

Privacy

Last updated: 26 June 2026.

Arnaut Belcour (“we”, “us”) builds and sells trousers. This page explains what data we collect when you use arnautbelcour.com, why, where it is stored, and the rights you have over it.

We aim for the same restraint with data that we ask of the garment: collect only what is needed, keep it briefly, and be honest about who else sees it.

1. Who is responsible

The data controller is:

Arnaut Belcour
David Lienert, Alexis Hirsiger, Leslie Jörger
Schulgasse 14
4106 Therwil, Switzerland

Questions about your data: contact@arnautbelcour.com.

2. What we collect, and why

We only process the categories listed below. We do not buy or enrich your data from outside sources.

2.1 Newsletter

When you sign up via the “Notify” form, we record your email address and the time of sign-up. Purpose: send you occasional notes about the collection, the making, and the first release. Legal basis: your consent (Art. 6 para. 1 lit. a GDPR; Art. 31 revFADP). You can unsubscribe at any time using the link at the bottom of every email.

2.2 Account and fit profile

If you create an account, we store the email address you use to sign in, your name (if you choose to enter one), and the measurements and size recommendations you choose to save – waist, hip, height, inseam, fit preference, the recommended size, and any hem adjustment. Purpose: remember your size between visits and devices, and offer better fit advice. Legal basis: performance of a (pre-)contract (Art. 6 para. 1 lit. b GDPR) and your consent for the measurements you actively save (Art. 6 para. 1 lit. a GDPR).

2.3 Orders and reservations

When you reserve or order, we process the email used at checkout, the piece, cloth, size, and any hem adjustment, the payment status, and – for a shipped order – the delivery address you enter. Purpose: take the deposit or payment, make and send your trousers, and keep the transaction records the law requires. Legal basis: performance of the contract (Art. 6 para. 1 lit. b GDPR; Art. 31 revFADP) and our legal retention duties (Art. 6 para. 1 lit. c GDPR; Art. 958f CO).

2.4 Contact form

When you write through the contact form, we receive the name (optional), email, topic, and message. Purpose: answer you. Legal basis: pre-contractual / contractual (Art. 6 para. 1 lit. b GDPR) or our legitimate interest in handling enquiries (Art. 6 para. 1 lit. f GDPR).

2.5 Server logs

Our hosting provider records standard request logs (IP address, user-agent, timestamp, requested URL) for security and debugging. These are deleted on a rolling basis, typically within 30 days. Legal basis: legitimate interest (Art. 6 para. 1 lit. f GDPR).

3. Cookies and similar technologies

We use only the cookies and local-storage entries strictly necessary for the site to work – for example, to keep you signed in, to remember a draft size measurement during a single session, or to validate forms. We do not use advertising cookies or third-party tracking pixels.

4. Who else processes your data

We rely on a small set of carefully chosen processors. Each is bound by a data-processing agreement. They act on our instructions only.

  • Supabase, Inc. – authentication (sign-in by email and password) and the database for accounts and fit profiles. EU region (Frankfurt / Ireland, depending on configuration).
  • Resend (Plus Five Five, Inc.) – email delivery (order/reservation confirmations and the newsletter). United States, transfers covered by the EU–US Data Privacy Framework / SCCs.
  • Stripe Payments Europe, Ltd. – payment processing for reservations and orders. Ireland (EU), with onward transfers under SCCs as applicable. We never see or store your full card details.
  • Vercel Inc. – hosting and request logs. EU and global edge.

We do not sell or rent your data to anyone, ever.

5. International transfers

Some of our processors are based in the United States. Where your data leaves the EU/Switzerland, transfers are covered by the EU–US Data Privacy Framework or by Standard Contractual Clauses with additional safeguards as required.

6. How long we keep your data

  • Newsletter address: until you unsubscribe, then removed from our list and Resend within a short period.
  • Account and fit profile: until you delete your account or ask us to.
  • Order and reservation records, including invoices: retained for ten years from the end of the financial year, as Swiss accounting law requires (Art. 958f CO), then deleted.
  • Contact messages: kept up to 24 months for support history, then deleted unless we need them for legal reasons.
  • Server logs: typically 30 days.

7. Your rights

Under the Swiss FADP and the EU GDPR you have the right to:

  • Ask what data we hold about you, and receive a copy.
  • Have inaccurate data corrected.
  • Have your data deleted (where there is no overriding legal obligation to keep it).
  • Restrict or object to specific processing.
  • Receive your data in a portable, machine-readable format.
  • Withdraw any consent you have given, with future effect.
  • Lodge a complaint with the Swiss FDPIC or your local EU supervisory authority.

To exercise any of these, write to contact@arnautbelcour.com. We will reply within 30 days.

8. Security

The site uses TLS for all traffic. Sign-in is by email and password, handled by Supabase Auth – passwords are stored hashed by Supabase, never by us. Profile data sits in a database with row-level security, and service credentials are kept server-side.

9. Children

The site is not directed at children under 16. We do not knowingly collect data from them.

10. Changes to this policy

When we make material changes, we update the date at the top of the page and, for newsletter subscribers and account holders, announce it before it takes effect.

This policy is effective as of the date shown above.