Transparency Policy
Purpose
ESPA is a Swiss association (Verein) committed to transparency, proportionality, and accountability in the operation of its digital services and infrastructure.
This policy describes ESPA’s general principles regarding data handling, operational transparency, and responses to external requests.
Scope
This policy applies to:
- Websites, documentation, and services operated by ESPA
- Infrastructure and systems administered directly by ESPA
- Administrative and governance activities of the association
Services or tools provided by third parties are subject to their own policies and terms.
Principles
ESPA operates according to the following principles:
- Data minimisation – collect only what is necessary
- Purpose limitation – use data only for defined operational purposes
- Proportionality – apply controls appropriate to risk
- Transparency – communicate clearly where possible
- Legal compliance – operate in accordance with applicable Swiss law
Data Collection & Processing
ESPA is designed to function with minimal data collection.
ESPA does not engage in:
- Commercial data exploitation or resale
- Behavioral tracking or advertising
- Cross-service user profiling
Limited data may be processed strictly for:
- Service operation and stability
- Security and abuse prevention
- Compliance with applicable legal obligations
Where feasible, data is anonymized, aggregated, or deleted.
Logging & Retention
Operational logging is limited in scope and duration.
- Logs are retained only as long as necessary for operational or security purposes
- Retention periods are reviewed periodically
- Logs are not used for analytics unrelated to service integrity
ESPA does not maintain long-term user activity histories.
Requests From Authorities and Third Parties
ESPA evaluates all requests for information or action on a case-by-case basis.
- Requests must be legally valid under applicable Swiss law
- Jurisdiction and competence of the requesting authority are assessed
- Requests that are unlawful, disproportionate, or unclear may be rejected or challenged
Where legally permitted, ESPA prioritizes confidentiality and due process.
Transparency Reporting
Where feasible and legally permissible, ESPA may publish:
- Aggregate information on external requests
- High-level operational or security incidents
- Significant changes to policies or infrastructure
No disclosure will be made where it would compromise legal obligations, security, or the rights of others.
Security Measures
ESPA applies appropriate technical and organizational measures to protect its systems, including:
- Access control and role separation
- Infrastructure hardening
- Monitoring for misuse or abuse
Security measures are reviewed and adapted as risks evolve.
Governance
ESPA is governed in accordance with its statutes and Swiss association law.
Operational decisions are made by authorized members or bodies as defined in the association’s governance structure.
Changes to This Policy
This policy may be updated to reflect:
- Legal or regulatory changes
- Operational developments
- Improvements in transparency practices
Material changes will be published on this site.
Attribution & License
This policy is inspired by transparency principles and public documentation published by Quad9, and has been substantially adapted to reflect ESPA’s structure, scope, and governance as a Swiss association.
Portions are derived from materials licensed under:
Creative Commons Attribution–NonCommercial–ShareAlike 4.0 International (CC BY-NC-SA 4.0)
Original source: Quad9
License: https://creativecommons.org/licenses/by-nc-sa/4.0/
This policy is distributed under the same license.
Contact
Questions regarding this policy may be submitted through the official ESPA contact channels listed on this website.