Data Act Switching & Exit Policy
Version 2.2 — 2026-06-13
Provider: Oleksandr Chornous (Boncard), Drewerstraße 5, 59602 Rüthen, Germany.
Legal basis: EU Regulation 2023/2854 (Data Act), in force since 2025-09-12; fully applicable to switching provisions from 2027-01-12.
1. Purpose
This policy describes how customers (tenants) of the Boncard platform may export their data and switch to a different provider. It implements the requirements of the EU Data Act, which applies to cloud and SaaS services regardless of provider size (no micro-enterprise exemption).
2. Scope (data subjects)
This policy applies to:
- Business owners (OWNER) — counterparty to the Boncard SaaS contract
- End customers (loyalty-card holders) — owner-mediated rights independent of this policy (see Privacy Notice Art. 15/17/20 GDPR)
3. Export scope & formats
Complete export of all tenant data in structured, commonly used, machine-readable format (JSON per RFC 8259, available free of charge) per Art. 30(2) Data Act:
| Data category | Format | Path |
|---|---|---|
| Business owner profile (Barbershop) | JSON | /api/admin/export (OWNER login) |
| End-customer master data | JSON | in export bundle |
| Loyalty-card records | JSON | in export bundle |
| Points transactions | JSON | in export bundle |
| Rewards catalogue | JSON | in export bundle |
| Redemption history | JSON | in export bundle |
| Services / categories | JSON | in export bundle |
| Consent evidence (Art. 7(1)) | JSON | in export bundle |
The export does not contain internal technical fields (unsubscribeToken, passwordHash, mongoUri).
4. Switching conditions (termination & transition) — Art. 23+ Data Act
4.1 Free-of-charge export
- Data export is free of charge.
- Format: open JSON standard (RFC 8259). CSV on request.
4.2 Notice period
- Maximum notice period: 2 months from receipt of written termination (by email to
sahajaret@gmail.comor via Account Settings → "Delete account"). - All functionality remains active during the notice period.
4.3 No switching fees (from 2027-01-12)
- From 2027-01-12, per Art. 25 Data Act, no termination, switching, or data-extraction fees.
- Before this date: no such fees foreseen already today.
4.4 Functional equivalence (primary switching path)
Boncard offers as primary switching path the free, full, structured JSON export (schema boncard.tenant.v1 via /api/admin/export): the OWNER may at any time retrieve a complete, machine-readable data bundle in the open JSON standard (RFC 8259). This export is a valid portability mechanism under Art. 20 GDPR and Art. 23/29/30 Data Act.
- Export follows the Boncard data types documented in
src/lib/db/types.ts(schema truth). - Direct import into a competing SaaS is not guaranteed (no established loyalty-industry standards exist).
- Boncard supports the customer with migration by email (best-effort).
4.4a Public data-structure register
Pursuant to Art. 26(b) Data Act and Art. 30(2) a publicly accessible, up-to-date register is published at /data-act-register containing:
- JSON schema dictionary of all end-customer data fields (
Customer,Card,Transaction,Reward, etc.) - Data formats (UTF-8 JSON, RFC 8259)
- Interoperability specifications (e.g. points-calculation logic)
- Versioning with change history
Link: /data-act-register (live since 2026-06-12). Internal schema truth: src/lib/db/types.ts.
4.4b Pre-contractual information duty
Prior to contract conclusion the customer receives, per Art. 26 Data Act:
- The full text of this Switching Policy (linked on the
/registerpage) - List of all data categories that are migratable
- List of any non-portable data categories (with rationale)
- Switching-fee information (currently none; mandatorily free from 2027-01-12)
- Identity of the competent authority (Bundesnetzagentur)
Acceptance is recorded analogously to the DPA: policyAcceptances[] field on Barbershop with kind: 'data-act-switching', IP+UA stored.
4.5 Cooperation obligations
- Written switching requests are answered within 5 business days.
- Technical export details (field definitions, schema) provided on request; see also /data-portability.
4.6 Transition phase after termination
After expiry of the 2-month notice period Boncard grants a 30-calendar-day transition phase (Art. 25(2)(a)(ii) Data Act) during which the customer:
- Can retrieve a full export in machine-readable JSON form (
/api/admin/export) - May request repeated exports if needed (up to 3× free of charge)
- Retains live read access to facilitate migration to the target platform
If technically infeasible within 30 days: justification within 14 business days, maximum extension to 7 months (Art. 25(2)(d) Data Act).
4.7 Right to erasure instead of export — two switching options
Per Art. 25(2)(a)(i) Data Act the customer may choose one of two switching options:
- (a) Portability to a new provider with full export (default, see §3 and §4.4)
- (b) Immediate deletion instead of export: all exportable data is directly and irreversibly deleted; the contract terminates automatically upon completion of deletion.
Option (b) is offered if the customer explicitly states they do not want an export. Boncard confirms deletion via a deletion-log entry.
5. Pre-deletion grace (data deletion after switching)
- After termination: 30-day grace window per Deletion Concept §5.1.
- During grace: data can be re-exported or termination cancelled.
- After expiry: full hard-delete; deletion log archived for 3 years (Art. 28(3)(g) GDPR).
- No backup window on the current tier: on the beta/M0 tier no Atlas backups are configured (
atlasBackupConfigured() === false) — the hard-delete is immediate and irreversible, with no restore available. A backup window (~35 days) exists only if Atlas backups are configured (higher tiers, M10+), and is then restored in exceptional cases only.
Distinction: this 30-day grace (§5) is the pre-deletion grace. It chronologically follows the 30-day transition phase per §4.6 (Art. 25(2)(a)(ii) Data Act). Sequence: notice period (max. 2 months, §4.2) → transition phase (30 days, §4.6) → pre-deletion grace (30 days, §5) → hard-delete.
6. Sub-processor change notice
Tenants are informed at least 30 days before sub-processor changes per Art. 28(2) GDPR and EDPB Opinion 22/2024 (archive_subprocessor_log).
7. Procedure — step by step
- Notify switching intent — email to
sahajaret@gmail.comwith subject "Data-Act-Switching: <tenant name>". - Confirmation within 5 business days — export link (signed URL valid for 7 days) and choice-of-option notice (options (a)/(b) per §4.7).
- Download export — OWNER uses
/api/admin/export(self-service) or receives a JSON bundle. - Submit termination — via Account Settings or by email.
- 2-month notice period — system fully active (§4.2).
- 30-day transition phase — live read access + up to 3× repeat export free of charge (§4.6).
- 30-day grace — system active, export still available (§5).
- Hard-delete — automatic after grace expiry; deletion confirmation by LEGAL_NOTICE email.
8. Competent authority & dispute resolution
- Written complaint to
sahajaret@gmail.com. - Boncard is not obliged to participate in out-of-court dispute resolution (B2B only per § 14 BGB).
- Expected competent authority per Art. 37(1)(a) Data Act (German implementing act not yet in force): Bundesnetzagentur (BNetzA) — bnetza.de.
- Venue: Soest.
9. Contract duration & update history
- 2026-05-15: Version 1.0 — initial release after EU Data Act 2025-09-12
- 2026-05-26: Version 2.0 — audit fixes ahead of the 2027-01-12 deadline:
- §3 export wording aligned with Art. 30(2): "structured, commonly used, machine-readable format" (JSON per RFC 8259)
- §4.4 "own MongoDB" elevated to primary switching path (Art. 23/29/30)
- §4.4a public data-structure register added (Art. 26(b) + Art. 30(2))
- §4.4b pre-contractual information duty added (Art. 26 + Art. 25(1)); acceptance via
policyAcceptances[].kind = 'data-act-switching' - §4.6 30-day transition phase after termination added (Art. 25(2)(a)(ii)) with 7-month extension clause (Art. 25(2)(d))
- §4.7 third switching option "immediate deletion instead of export" added (Art. 25(2)(a)(i))
- §5 distinction note between transition phase and pre-deletion grace added
- §7 procedure extended with the transition-phase step
- §8 Bundesnetzagentur citation refined to Art. 37(1)(a) Regulation (EU) 2023/2854 (Data Act); German implementing act not yet in force
- 2026-06-12: Version 2.1 — maintenance update:
- Placeholder reference "i.c.w. DigVO" in the update history resolved — replaced by the proper citation: Regulation (EU) 2023/2854 (Data Act)
- §4.4a register page /data-act-register is live (previously: "planned Q3 2026")
- Policy version realigned with
src/lib/legal/versions.ts(2026-06-12)
- 2026-06-13: Version 2.2 — service update (removal of per-tenant own MongoDB):
- §4.4 the per-tenant own MongoDB cluster (
Barbershop.mongoUri) is no longer a switching path (feature removed). The primary switching path is now the free, full, structured JSON export (schemaboncard.tenant.v1via/api/admin/export) as a valid mechanism under Art. 20 GDPR / Art. 23/29/30 Data Act - §4.7 option "(b) on-prem migration (own MongoDB cluster)" removed — now two switching options: (a) portability with full export, (b) immediate deletion; references adjusted
- §5 backup-window wording made honest: on the current beta/M0 tier there is no Atlas backup window (immediate, irreversible hard-delete); the ~35-day window applies only conditionally if Atlas backups are configured (M10+) — mirrors
atlasBackupConfigured()
- §4.4 the per-tenant own MongoDB cluster (
10. Review triggers
- Mandatory review before 2027-01-12 (no-fee switching deadline)
- Publication of harmonised standards (Art. 30(5) Data Act) — common-specs clock starts 12 months after EU publication; Boncard adapts schema register and export format within those 12 months.
- Change to
src/lib/db/types.ts(schema truth) → automatic update notice on /data-act-register.
Cross-references: /avv (DPA per Art. 28 GDPR), /data-act-register (public data-structure register), /data-portability (portability workflow).