Security &
Data Protection

Your data never leaves Switzerland. We apply bank-grade encryption, strict access controls, and full GDPR & nLPD compliance to every piece of information you share with us.

TLS 1.3 Encryption Swiss Data Hosting GDPR & nLPD Compliant No Data Sold. Ever. ISO 27001 Data Centre
PROTECTION

How We Keep Your Data Safe

Six layers of protection applied to every client file.

TLS 1.3 / HTTPS Everywhere
All data transmitted between your browser and our servers is encrypted with TLS 1.3, the latest and most secure transport layer standard. HTTP connections are automatically redirected to HTTPS.
Swiss Data Hosting
Your data is stored exclusively on servers in Switzerland, subject to Swiss nLPD and GDPR. We do not use data centres outside the European Economic Area.
AES-256 Encryption at Rest
Sensitive fields — identity documents, beneficial owner data, contract files — are encrypted at rest using AES-256. Encryption keys are managed separately from the data they protect.
Strict Access Controls
Your client file is accessible only to authorised VOZ staff on a need-to-know basis. Role-based access control (RBAC) with full audit logging of all access events.
24/7 Security Monitoring
Our infrastructure is monitored around the clock for intrusion attempts, anomalous access patterns, and vulnerability exposure. Critical patches applied within 24 hours of release.
Data Minimisation
We collect only the data required to provide our services and fulfil legal obligations. Documents are retained for the legally required period and then securely deleted.
INFRASTRUCTURE

Swiss Data Hosting

All client data is hosted with a certified Swiss data centre provider. Your information is subject to Swiss law — one of the world’s most protective data jurisdictions — and is never transferred to US cloud providers subject to CLOUD Act jurisdiction.

  • ISO 27001-certified data centre
  • Physical access controls and CCTV monitoring
  • Daily encrypted backups with 30-day retention
  • No data transfers outside Switzerland / EEA
  • Covered by Swiss nLPD and EU GDPR simultaneously
ENCRYPTION STANDARDS

End-to-End Encryption

From the moment you upload a document to the moment it is stored, your data is encrypted in transit and at rest. Multiple encryption layers so that no single failure exposes your information.

In transit
TLS 1.3
At rest
AES-256
Passwords
Bcrypt — never stored plain
HSTS headers
max-age 1 year enforced
Key management
Separate from encrypted data
GDPR & nLPD

Your Rights as a Data Subject

Under GDPR and Swiss nLPD, you have the following rights over your personal data. To exercise any right, contact support@virtual-office-zug.com

Right of Access
Request a copy of all personal data we hold about you, free of charge, within 30 days.
Right to Rectification
Ask us to correct inaccurate or incomplete personal data without undue delay.
Right to Erasure
Request deletion of your data where it is no longer necessary, subject to legal retention obligations.
Right to Restriction
Ask us to restrict processing while a dispute is resolved or an objection is pending.
Right to Portability
Receive your data in a structured, machine-readable format to transfer to another provider.
Right to Object
Object to processing based on legitimate interests, including direct marketing at any time.
We Never Sell Your Data

Your personal information is used exclusively to provide the services you subscribe to. We do not sell, rent, trade or share your data with advertisers or data brokers — ever. Third parties receive only the data legally required (e.g. Swiss Commercial Register) or technically necessary to deliver a specific service.

Questions about data protection?

Our team responds within 2 business days.

Contact Us →