N Nebenkosten

MVP data handling notice

Privacy and data handling

This notice explains how the controlled Nebenkosten MVP handles rental statement text, uploaded document text, correction notes, and replay files while preparing a review packet.

Last updated: 2026-07-04

Launch readiness

Controlled beta. Public paid onboarding is not enabled.

Operator
Not configured
Operator address
Not configured
Privacy contact
Not configured
Support contact
Not configured
Privacy contact verified
Not configured
Offer
Not configured
Price
Not configured
Payment mode
Not configured
Checkout URL
Not configured
Payment contact
Not configured
Security check
Not configured
Beta access gate
Not configured
Analysis event log
Not configured
Raw text in server log
Not configured
Event log retention
Not configured
API rate limit
Not configured
  • Public operator name is missing
  • Public privacy contact is missing
  • Public offer name is missing
  • Public CHF offer price is missing or invalid
  • Public payment mode is missing
  • Public Turnstile site key is missing
  • Turnstile secret key is missing

Controller and contact

The MVP is operated under the Delivlog project for the nebenkosten.delivlog.com subdomain. During controlled testing, privacy requests should be sent through the same access or support channel that provided the MVP link.

Before open paid onboarding, the operating legal entity and a public privacy contact must be configured and published here.

Purpose

The service processes the information you enter only to create a Swiss rental ancillary-cost triage result, missing-evidence list, review signals, a draft clarification letter, and a replay file that lets the same case be rerun locally.

Data you provide

  • Case fields such as canton, billing year, and payment model.
  • Cost-line amounts, allocation labels, and readiness checks.
  • Text extracted from searchable PDFs or typed into the note box.
  • Human correction or missing-context notes entered before triage.

Browser-side document handling

Searchable PDF and text extraction runs in your browser before the triage request is sent. Scanned or unreadable PDFs are marked as requiring OCR and are not treated as automatically read.

Security check

Public triage requests can require Cloudflare Turnstile before the packet is submitted. The browser receives only a public site key. The server validates the one-time token before processing the case.

Server processing

When you run triage, the structured packet and extracted text are sent to the Cloudflare Pages Function at /api/analyze. The current MVP returns the result directly and does not create a customer account.

Production stores a metadata-only analysis event log for operations, auditability, and harness quality review. Metadata mode records the analysis ID, input signature, case summary, document-text length, findings, and harness status. It does not store raw document text in the server event log. The current production retention period is 90 days.

The API also applies a short-window rate limit using a hashed request identity. Rate-limit records store counters and a hashed key, not raw IP addresses.

Controlled beta deployments can require an access code before triage. Access codes are checked by the server and removed before analysis, replay export, or server event logging.

Infrastructure providers may process technical request metadata, security logs, and operational logs according to their platform controls.

AI provider use

The default harness mode is disabled. Test audits can use a local deterministic mock. External provider mode is only used if a production provider secret is configured and the request explicitly asks for provider mode.

AI harness output is supplementary. It must not decide payment, predict an authority outcome, or replace the deterministic review packet.

Replay files

If you download a replay log, it can contain the case fields, extracted document text, correction notes, and analysis result. Treat replay files as case data and store or delete them accordingly.

Data minimisation

Enter only rental ancillary-cost information needed for this review. Do not enter unrelated health, criminal, tax, banking, employment, family, or identity documents.

Your choices

  • You can avoid uploading files and paste only relevant excerpts.
  • You can remove names, account numbers, and unrelated identifiers.
  • You can decide whether to download and keep a replay file.
  • You can stop before running triage if you do not accept this handling.

Deutsch

Diese MVP-Version verarbeitet eingegebene Dokumenttexte und Notizen, um ein Nebenkosten-Pruefdossier und eine Replay-Datei zu erstellen. Durchsuchbare PDFs werden zuerst im Browser ausgelesen. Beim Start der Triage wird das strukturierte Dossier an /api/analyze gesendet.

Es wird kein Kundenkonto erstellt. Die Produktion speichert ein Metadaten-Protokoll zur Analyse fuer 90 Tage, aber keinen rohen Dokumenttext im Server-Protokoll. Replay-Dateien koennen Dokumenttext enthalten und sind als Falldaten zu behandeln. Geben Sie nur Informationen ein, die fuer die Nebenkostenpruefung erforderlich sind. Die API verwendet zudem eine kurzfristige Ratenbegrenzung mit einem gehashten Anfrage-Schluessel; rohe IP-Adressen werden in diesen Rate-Limit-Datensaetzen nicht gespeichert. Kontrollierte Beta-Versionen koennen einen Zugangscode verlangen; Zugangscodes werden vor Analyse, Replay-Export und Server-Protokoll entfernt.