Privacy Policy YAPEAL

We are pleased with your interest in our financial services. YAPEAL AG, domiciled at Max-Högger-Strasse 6, 8048 Zürich, Switzerland (hereinafter referred to as "YAPEAL", "we", or "us") enables you or your company (hereinafter also referred to as "YAPSTER" or "you") to easily and securely perform financial services online (hereinafter referred to as "YAPEAL-Services").


YAPEAL collects and processes personal data relating to the YAPSTER as well as other individuals (referred to as "third parties").

Personal data" refers to data relating to specific or identifiable persons. "Sensitive data" represents a category of personal data that is particularly protected under the applicable data protection law. For instance, biometric data for identification purposes, data about administrative and criminal proceedings or sanctions, as well as health data, or data concerning religious, philosophical, political, or union-related views or activities are considered especially protected personal data. In section 3, you will find details what kind of data we process in the context of this privacy policy. "Processing" refers to any handling of personal data, e.g., collecting, storing, using, modifying, disclosing, and deleting.

We use the term "data" synonymously with "personal data" or "personally identifiable information".

In this Privacy Policy, we describe what we do with your data when you use the YAPEAL website (including YAPEAL Forum) or the YAPEAL front-ends (which include the YAPEAL Verify-App, the YAPEAL-App, YAPEAL Web-Frontends, or portals authorized by YAPEAL, e.g., web front-ends hosted by third parties), receive YAPEAL-Services, engage with us under a contract, communicate with us, or interact with us in any other way.

In addition, we may separately inform you about the processing of your data, such as in consent declarations, contract terms, additional privacy statements, and notices.

If you provide us with data about other individuals, we assume that you are authorized to do so and that this data is accurate. By submitting data about third parties, you confirm this. Please also ensure that these third parties are informed about this Privacy Policy.

This Privacy Policy is designed according to the requirements of the General Data Protection Regulation (GDPR) of the EU and the Swiss Data Protection Act (DPA). Whether and to what extent these laws apply, however, depends on the individual case.

This Privacy Policy does not apply to other websites, not overseen by YAPEAL, to which the YAPSTER may be redirected via a link. 


YAPEAL is responsible for the data processing described in this Privacy Policy. For questions and concerns related to data protection or in connection with the exercise of your rights (see section 12), please contact the following department within YAPEAL:

Max-Högger-Strasse 6
8048 Zürich

We have appointed the following data protection representative in accordance with Art. 27 GDPR in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and affected individuals for inquiries related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg


YAPEAL processes various categories of data, depending on the YAPEAL-Services we provide for you. The main categories are as follows: 

Identity Data

Contact Data

Customer Profile Data (KYC)

Contract Data

Account and Transaction Data 

Technical Communication Data

Analytics Data 


We process various data from different sources, depending on the situation and purpose.

Much of the data mentioned in Section 3 is provided by the YAPSTER themselves, for instance, when you communicate with us, transmit data, visit our website, or use our services or products. We may also obtain data from other sources, such as public registers or other publicly accessible sources, from authorities or other third parties.

If you do not provide us with data necessary to fulfill legal or regulatory obligations, or for the initiation, conclusion, or execution of a contract or business relationship with you, YAPEAL may not be able to accept you as a customer or provide YAPEAL services to you.


YAPEAL processes data for the following purposes:

5.1 Establishing a Relationship and Identifying the YAPSTER

During the opening of the relationship and identification, the following data is primarily collected from the YAPSTER: identification data, contact data, and technical communication data (see Section 3). This occurs through the download of the YAPEAL apps from a YAPEAL-supported app store (e.g., Apple, Google Play) where the YAPSTER is registered.

For authentication, the YAPSTER sets a PIN code and can also activate sign-in via fingerprint and/or facial recognition if the used device supports these features. These details are used for all future sign-ins to the YAPEAL apps. YAPEAL or the YAPEAL apps store this data for the purpose of ensuring the secure use of the YAPEAL interfaces and the YAPSTER account. In this context, neither YAPEAL nor the YAPEAL interfaces receive the biometric data (fingerprints and facial features) of the YAPSTER. For further questions about how fingerprint or facial recognition authentication works, the YAPSTER should contact the respective provider of this feature or their device.

In line with the FINMA Circular 2016/7 Video and Online Identification or as per the VSB guidelines, YAPEAL collects and stores the necessary data during the identification process of the YAPSTER, which the YAPSTER enters via the YAPEAL apps or sends to us through other channels. This includes, for instance, photographs of the presented identification documents and the related data (name, first name(s), birthday, etc.), photos and video recordings of the YAPSTER, contact data (residential address, email address, mobile phone number, etc.).

5.2 Account Opening and Account Usage

For the activation of YAPEAL services and the corresponding opening of YAPSTER accounts, the YAPSTER collects additional data, in particular, customer profile data (KYC) via YAPEAL interfaces (see also Section 3), e.g., job-related data (employment status, industry, etc.), data on the purpose and scope of account use, beneficial ownership or details about the controlling person, tax domicile / tax status especially under FATCA and AIA, customizable IBAN.

Throughout the business relationship or for YAPSTERs classified as a high-risk business relationship, YAPEAL can collect additional data to fulfill its due diligence, e.g., origin of assets, income, education, expected transaction volumes.

Furthermore, YAPEAL is obligated to regularly review the accuracy of the data and have it confirmed by the YAPSTER. The YAPSTER can view many of these data themselves in the YAPEAL front-ends and update them as needed.

5.3 Use of Payment Services, Debit Cards, and Supplementary Services

The YAPSTER has the option, as a private or business customer, to use various payment and debit card services depending on the selected account package or individual contractual agreement and to largely manage and view these digitally at any time through the YAPEAL front-ends. In addition to identification and technical communication data, YAPEAL primarily processes account and transaction data for this purpose (see Section 3).

If the YAPSTER avails themselves of supplementary or additional services offered in collaboration with YAPEAL partners, corresponding additional contract data for the respective contractual relationship may be collected (see Section 3).

5.4 Notifications

The YAPEAL App uses a notification feature to provide the YAPSTER with current information on their account via "push notifications," such as for orders (credits and debits), account balance updates, etc. Through this notification function, the YAPSTER's usage of the YAPEAL App and the content of the messages are made known and stored with the Apple Push Notifications Service of Apple Inc. (“Apple"), One Infinite Loop, Cupertino, California 95014, USA, or the Google Cloud Messaging Service of Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

YAPEAL sends only a reference in the notification, through which the YAPSTER can directly access the corresponding information in the secure YAPEAL App. For further information on the functionality, the YAPSTER may contact the respective provider of these features.

5.5 Compliance with Laws, Directives, and Recommendations from Authorities and Internal Regulations ("Compliance")

We process data for the following purposes:

5.6 Development and Market Engagement

YAPEAL processes data from YAPSTERS as permitted and deemed appropriate for initiatives aimed at the further development of services and products, for the optimization of needs analysis for customer outreach and acquisition, and for advertising and marketing, as long as the YAPSTER has not objected to the use of their data.

5.7 Customer Support

If the YAPSTER contacts YAPEAL Customer Support ("Customer Support"), only the information that the YAPSTER provides to us during the communication, in addition to the app version and the operating system version, is transmitted to YAPEAL. Customer Support has access to this YAPSTER data to address the issue presented. YAPEAL stores the exchange of information between the YAPSTER and Customer Support, regardless of the communication medium used, to better assist the YAPSTER with future inquiries.

5.8 Use of the YAPEAL Website and the YAPEAL Forum (YAPSTER ZONE), Analysis and Tracking

When visiting the YAPEAL website ( and the YAPEAL Forum / YAPEAL ZONE (, we may collect identity data, contact data, technical communication data, and analytics data (see section 3).

When visiting the YAPEAL website, your browser primarily transmits technical communication data (see section 3). The collection and processing of this data aim to facilitate the use of the YAPEAL website (establishing a connection) and to ensure their system security and stability on a continuous basis. The IP address is evaluated on an event-specific basis only in the case of attacks on the YAPEAL network infrastructure and continuously in anonymized form for statistical purposes, without any conclusions being drawn about your identity. Your device's browser automatically sends information to YAPEAL when visiting the YAPEAL website.

Google Analytics

If the YAPSTER has given their consent for the use of necessary cookies, YAPEAL's website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies to allow an analysis of your use of our website. Information collected via cookies about your use of this website is usually sent to and stored on a Google server in the USA.

In Google Analytics 4, IP anonymization is activated by default. Due to IP anonymization, your IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of "events." Events can be page views, first-time website visits, session starts, visited web pages, "click paths," interaction with the website, scrolls, clicks on external links, internal searches, interaction with videos, file downloads, viewed/clicked ads, language settings. Additionally, the approximate location (region), date and time of visit, IP address (in truncated form), technical information about the browser and used devices (e.g., language settings, screen resolution), internet provider, and the referrer URL are collected. Reports provided by Google Analytics are used for analyzing the performance of our website.

Data recipients may include:

The maximum lifespan of Google Analytics cookies is 2 years. You can revoke your consent at any time with future effect by adjusting your cookie settings. The legality of processing done based on consent before its withdrawal remains unaffected.

For more information on Google Analytics' terms of use and privacy, visit Google Analytics Terms ( and Google Privacy Policy (

Friendly Automate

YAPEAL utilizes Friendly Automate ( for sending e-mails (e.g., newsletters or surveys) and analyzing behavior within emails and on our website. Friendly Automate is a service provided by Friendly GmbH, based in Switzerland, which exclusively stores all personal data on dedicated servers in Switzerland or within the EU. Visitors are identified across visits and devices; information about visitor behavior is collected; and relevant content is displayed based on the preferences of the visitor. Emails are sent via Friendly Automate through Amazon AWS with locations within the EU. Details regarding the nature, scope, and purpose of data processing, along with an overview of Friendly’s subprocessors, can be found in Friendly's privacy policy:


You must register to use the YAPSTER ZONE. This is done by entering a username and password, optionally along with additional information such as: first name, last name, and e-mail address. This information will be used for all future logins to the YAPSTER ZONE.


YAPEAL employs so-called cookies on their website. Cookies are small text files that are stored on your device (e.g., computer, smartphone, tablet) when you visit our websites. The information collected through cookies is used to simplify and improve the usage of the website.

A list of the cookies used can be viewed on YAPEAL’s website, in the Cookiebot pop-up window under "Details." YAPEAL uses Cookiebot to ensure that the use of cookies on our YAPEAL website complies with applicable data protection laws and regulations. Cookiebot analyzes the cookies used on our website and ensures that only those cookies that are necessary for the operation of the website or the forum, or for which we have obtained your consent, are set. 

When you visit our website, a cookie banner will appear informing about the use of cookies. You can change your cookie settings at any time or delete cookies by adjusting the settings in your browser, where you can see in detail which types of data are stored in the cookies. Please note that disabling cookies may restrict the functionality of our website.

5.9. Social Networks

We may operate pages and other online presences on social networks and platforms operated by third parties, and may consequently collect data about you. We receive this data from you and from the platforms when you interact with our online presences (e.g., when you communicate with us and comment on our content). At the same time, the platforms (not Yapeal) analyze your use of our online presences and link this data with other data known to them about you (e.g., regarding your behavior and preferences). They process this data independently and separately from YAPEAL for their own purposes, in particular for marketing and market research (e.g., to personalize advertising) and to manage their platforms (e.g., what content they show you). 


Due to Contractual Obligations

Initiation, conclusion, or execution of a contract or business relationship with the YAPSTER, or to fulfill YAPEAL's obligations arising from such a contract or business relationship.

To Safeguard Legitimate Interests of YAPEAL

The protection of our business, risk monitoring and management, receiving and handling complaints, improvement of our YAPEAL services, and our use of technology and market research.

To Comply with Legal or Regulatory Obligations or for the Fulfillment of Tasks in the Public Interest

YAPEAL may be required by law or by regulatory order to provide information regarding your data, or to disclose or transmit it, for example, to comply with reporting and control obligations under applicable financial regulations, identity checks, fraud, and financial crime; also, data on outgoing and incoming payments are collected, processed, and stored to fulfill ongoing compliance obligations, for example, for AML (Anti-Money Laundering) checks, PEP (Politically Exposed Persons), sanctions, and media screening.

With Consent from the YAPSTER

For additional purposes, the YAPSTER's data may be processed based on their consent, which can be revoked at any time.


7.1 Other YAPSTER (peer-to-peer payments)

YAPEAL may offer YAPSTER the ability to send money to other YAPSTER without having to enter an IBAN (peer-to-peer payments). If a YAPSTER wishes to use this feature, they must consent through the YAPEAL app to be discoverable by other YAPSTER for this purpose. This consent can be revoked and re-granted at any time by the YAPSTER within the YAPEAL app. Additionally, to use this feature, the YAPSTER must allow access to their contact list so that other YAPSTER who have also given consent can be identified by the phone number stored in the contact list. This consent can also be revoked and re-granted at any time.

7.2 Individuals or Companies to Whom the YAPSTER Transfers Money

Due to legal requirements for payment service providers, we share your data (transaction data, names, IBAN) with the payment recipient when you make a payment from your YAPEAL account.

7.3 Individuals or Companies Transferring Money to the YAPSTER

If you receive a payment to your YAPEAL account, we share your data with the payer (for example, your name and IBAN). This is necessary to confirm that the payment has been made to the correct account.

7.4 YAPEAL Service Providers

We collaborate with the following categories of service providers domestically and internationally, who process your data on our behalf or jointly with us, or receive data about you from us to fulfill our contractual, legal, and regulatory obligations:

7.5 YAPEAL Partners

We may share your data with partners to provide specific services you have requested through YAPEAL front-ends or digital interfaces. We will only share your personal data in these cases if you have requested the service and consented to the data sharing. If we broker products and services, we may transmit your data to a cooperating partner.

7.6 Authorities 

We may share your data with for example, courts, regulatory agencies, auditing firms, to fulfill our legal obligations, legal justifications, or administrative orders, as far as necessary to protect the legitimate interests of YAPEAL domestically and internationally. This is particularly the case if the YAPSTER has threatened or initiated legal action against YAPEAL, or made public statements; to secure claims of YAPEAL against the YAPSTER or third parties; and to restore customer contact after a breakdown in communication with the relevant Swiss authorities.

7.7 Market Operations Service Providers 

Providers of analytics, social media, and advertising companies (e.g., Google, YouTube, X, LinkedIn, Facebook, Instagram).

7.8 If You Instruct Us to Share Your Personal Data 

If you instruct us to share your data with a third party, we can do so. For example, you can authorize third parties to act on your behalf (e.g., a lawyer). In certain circumstances, we may require proof that a third party has been duly authorized to act on your behalf.

7.9 Other Recipients

Data may also be disclosed to other recipients if we are obliged or authorized to do so.

Please notethat multiple internet providers are involved in data transmission when data is transferred over networks. Therefore, it cannot be ruled out that third parties may access the transmitted data and use it without authorization. Sensitive data should therefore never be sent via email, SMS, or other unencrypted channels. Even when data is encrypted, the names of the sender and recipient remain visible. Third parties may therefore draw conclusions about existing or future business relationships.


As explained in Section 7, YAPEAL also discloses data to third parties. These are not only located in Switzerland. Therefore, your data can be processed both in Europe and in the USA; in exceptional cases, in any country worldwide.

To the extent that YAPEAL transmits data to third parties in countries outside of Switzerland for processing and for the free movement of data, YAPEAL shall ensure that the data recipients operate in countries with an adequate level of data protection.

If a recipient is located in a country without adequate legal data protection, we contractually obligate the recipient to comply with applicable data protection laws (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here:, unless they are already subject to a legally recognized framework ensuring data protection, or we can rely on an exemption clause. In addition to the service providers described in Section 5.8., data may specifically also be transferred to the USA or other third countries for processing by service providers in the area of payment networks, card processors, and mobile payment providers as per Section 7.4.

An exception may specifically apply in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have consented, or if the data are publicly accessible and you have not objected to their processing.


We take appropriate technical and organizational measures (TOM) to maintain the confidentiality, integrity, and availability of the YAPSTER's data. These measures are intended to protect against unauthorized or unlawful processing and to mitigate the risks of loss, accidental alteration, unwanted disclosure, or unauthorized access.

All data transfers via YAPEAL frontends are end-to-end encrypted. All data is encrypted when stored in the YAPEAL system. The keys are solely in the possession of YAPEAL.

YAPEAL's online communication is fully encrypted through the standardized TLS/SSL protocol. All orders are processed via YAPEAL frontends that communicate only through secure YAPEAL IT services (for approved third-party portals, the respective data protection regulations of these third parties apply). All YAPSTER customer data (except for transaction data) is stored in Swiss data centers.

Whenever possible, YAPSTER-YAPEAL customer communication takes place through YAPEAL's secure in-app communication (see YAPSTER Relationship Terms and Conditions).

YAPEAL points out that data transmission via the Internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Our service providers, who process YAPSTER data on our behalf, are subject to the data protection laws applicable to them. They are carefully selected by us and are audited for compliance with the technical and organizational measures they have taken to protect YAPSTER data. They are contractually obligated to process the data exclusively according to YAPEAL's instructions and solely for the purpose of fulfilling their contracted tasks. 


YAPEAL reserves the right to analyze and evaluate data automatically in the future, in order to identify essential personal characteristics of the YAPSTER, predict developments, and create customer profiles. These are primarily used for business analysis and for providing offers and information that YAPEAL may make available to the YAPSTER.

YAPEAL does not make automated individual decisions based on customer profiles but manually reviews any automated negative assessments (e.g., in the area of identification, sanctions screening).


The duration for which personal data is stored is determined by legal retention obligations and/or the purpose of the specific data processing.

As a general rule, YAPEAL stores the data for the duration of the business relationship or contract term, and subsequently for an additional ten or more years (depending on the applicable legal basis). This corresponds to the time frame within which legal claims against YAPEAL can be asserted. Ongoing or anticipated legal or regulatory proceedings may result in storage beyond this period.


If you disagree with how we handle your rights or privacy, please let us know (see Section 2).

You have the right to request specific information about your personal data and how it is processed (right to access). In particular, you can request that we correct or complete inaccurate or incomplete data (correction). You can also object to the processing for specific purposes or withdraw a separate consent (each with future effect). Under given conditions, you can request that we transfer certain data (data portability).

YAPSTERs also have the option to directly modify certain data (e.g., residential address or email) themselves via the YAPEAL front-ends.

The revocation of consent may result in YAPEAL services no longer being fully available to the YAPSTER, or that the contractual relationship with the YAPSTER must be terminated. The same applies if the YAPSTER wishes to delete their data. The rights to deletion and objection are not unrestricted rights. Depending on the individual case, overriding interests may require further processing, for example, certain data collection and storage may take place based on a legal basis, regardless of the existence of consent.

Every affected YAPSTER has the right to enforce their claims in court or to file a complaint with the competent data protection authority in their country. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner: relevant data protection authorities in the EU can be found at the following link:


The YAPSTER agrees to YAPEAL's Privacy Policy upon initiating the relationship.

YAPEAL reserves the right to modify this Privacy Policy at any time. The current version is always accessible through the YAPEAL front-ends and at

If you do not agree with this Privacy Policy and any subsequent changes (also refer to section 4), you have the option to terminate your account relationship at any time, which we would, of course, regret.

In case of any doubt, the German language version of this Privacy Policy and any supplementary provisions shall take precedence over translations into other languages.

Last update of this Privacy Policy: August 30, 2023.