0 / 48
0%

Swiss SaaS Β· 48 items πŸ‡¨πŸ‡­

Before you ship a Swiss SaaS,
check this list.

48 things every Swiss-sovereign SaaS needs before launch β€” billing, nFADP, VAT, hosting residency, hardening, legal entity. Swiss-specific. Checks are saved in your browser. Items marked Already CH ship pre-wired.

Already CH Included in Already CH
build / file You do this
Payrexx & Billing0 / 8
Payrexx live-mode keys swapped in build
Move PAYREXX_API_KEY + PAYREXX_WEBHOOK_SECRET from test to live. Verify with a CHF 1 self-purchase before announcing.
Payrexx gateway IDs unique per plan Already CH
Plan key is derived from transaction amount β€” duplicate amounts break the plan mapping.
Webhook handler is idempotent Already CH
Persisted in payment_events. Processing same transaction ID twice is safe.
Dead-letter queue for failed webhooks Already CH
payment_events_failed + /debug-webhook admin page.
TWINT enabled in Payrexx dashboard file
Apply via Payrexx β†’ Payment methods. Approval takes 1–3 business days.
PostFinance + Swiss cards enabled file
PostFinance requires a separate contract. Visa/Mastercard/AmEx come standard.
Apple Pay + Google Pay domain-verified file
Add your production domain in the Payrexx wallet settings + Apple developer.
Settlement bank account verified file
Confirm IBAN in Payrexx settings. T+1 CHF settlement to Swiss bank.
Swiss VAT & Tax0 / 6
VAT 8.1% rate set in config/billing.ts Already CH
vatRate = 0.081. Standard rate from 1 January 2024.
Swiss VAT registration filed (if turnover > CHF 100k) file
ESTV / AFC online registration. Below threshold, registration is optional but lets you reclaim input VAT.
UID printed on every invoice build
Format CHE-xxx.xxx.xxx. Required on invoices once registered.
EU OSS registration considered (EU B2C sales > €10k) file
Once cross-border B2C exceeds €10k/yr, register OSS via a fiscal rep in one EU country.
Reverse-charge wording on B2B invoices to EU build
"Reverse charge β€” Art. 196 EU VAT Directive". Customer accounts for VAT locally.
10-year invoice retention configured Already CH
Required by Art. 958f Swiss Code of Obligations. Stored in Supabase + Exoscale SOS.
nFADP & Data Protection0 / 8
nFADP data register seeded (Art. 12) Already CH
Admin UI at /admin/data-register. Seed entries for Payrexx, Infomaniak, Supabase, Matomo, GitHub.
Privacy policy references nFADP Art. 19 Already CH
Pre-written template at /legal/privacy. Update controller name + address.
Data export endpoint (Art. 25, 30-day SLA) Already CH
User can request all personal data. 30-day legal response window per nFADP Art. 25 Β§6.
Account + data deletion endpoint (Art. 32) Already CH
Hard-delete or anonymise personal data on request; preserve commercial records for 10 years.
DPIA documented if processing high-risk data (Art. 24) file
Triggers: AI profiling, large-scale sensitive data, systematic monitoring.
Sub-processor list published & up to date Already CH
Required by Art. 19. Linked from privacy policy.
FDPIC-recognised SCCs for CH→US transfers (e.g. GitHub) Already CH
Standard contractual clauses referenced in DPA template.
Data breach notification process (72h to FDPIC) build
Runbook for who, what, when. Train support before launch.
Hosting & Data Residency0 / 6
Production deployed to Exoscale CH-GVA-2 or CH-DK-2 Already CH
Geneva or Zurich data centre. Verify region in Coolify.
Supabase self-hosted on Exoscale, not Supabase Cloud Already CH
Cloud routes through US/EU multi-region; self-hosted stays in CH.
Backups encrypted & stored in Exoscale SOS (CH) Already CH
Daily Postgres backups. AES-256, stored in CH bucket.
TLS via Caddy + Let's Encrypt, HSTS preloaded Already CH
Strict-Transport-Security, max-age 1yr, includeSubDomains, preload.
DNS at Infomaniak / Hostpoint / Switch (not US registrar) file
CH registrar removes one US touchpoint. SWITCH is the canonical .ch registry.
No US sub-processors enabled by default Already CH
Anthropic/OpenAI/Google are opt-in fallbacks; primary AI is Mistral (FR).
Analytics & Cookies0 / 5
Matomo running in cookie-free mode verified Already CH
Open browser dev tools β†’ Application β†’ Cookies. None should be set by Matomo.
Anonymised IP truncation enabled in Matomo Already CH
Last octet truncated (anonymizeIP = full). nFADP compliant by default.
No Google Analytics, no Facebook Pixel Already CH
If you add US trackers, you must add a consent banner β€” defeats the point.
No consent banner needed (cookie-free) Already CH
If you only set technical cookies, no banner is required under nFADP or GDPR.
Single technical cookie al-th only (dark-mode pref) Already CH
No personal data, local-only. Explicitly noted in privacy policy.
Security & Hardening0 / 6
Friendly Captcha verified on sign-up + sensitive endpoints Already CH
DE-based, privacy-first. Replaces Vercel BotID. Verify server-side.
Rate limits on auth + write endpoints via ioredis Already CH
rate-limiter-flexible. Per-user and per-IP.
CSP nonces + HSTS + secure transport headers Already CH
Caddy config bakes these in. Verify with securityheaders.com.
TOTP + Passkeys + org-wide MFA mandate Already CH
Owners can force-enrol all members. Required by enterprise procurement.
Secrets in macOS Keychain, never in .env Already CH
Service-role key, Payrexx API key, SMTP password β€” all injected from Keychain in dev.
GlitchTip error tracking live, PII scrubbed Already CH
Sentry-compatible DSN. beforeSend hook strips user identifiers.
Localisation0 / 4
German (DE) translations reviewed by a native build
German is the largest CH market (~63%). Machine translation is not enough.
French (FR) translations reviewed build
Romandie (~23%). Different sales culture β€” formal, longer cycles.
Italian (IT) translations reviewed build
Ticino (~8%). Smaller but loyal market.
Imprint + privacy + terms localised Already CH
i18n keys exist for all legal pages. Translate before launch.

Skip the technical setup. Already CH ships the whole stack pre-wired.

Payrexx + TWINT, nFADP register, Matomo cookie-free, Friendly Captcha, GlitchTip, Mistral AI, i18n β€” all wired into a Swiss-sovereign Next.js codebase you own.

Get Already CH β€” CHF 199 β†’

Solo CHF 199 Β· Team CHF 399 Β· Enterprise +CHF 299