Does a newsletter need a double opt-in?

In practice, yes. Swiss unfair competition law (UWG) requires consent from recipients for commercial bulk emails. The double opt-in, meaning a confirmation email after sign-up, is the established way to prove that consent cleanly. Without that proof, you are in a weak position if there is a dispute.

Is Mailchimp allowed in Switzerland?

Yes, it is not forbidden. Mailchimp is a US provider, so your recipients' data goes to the US. You have to declare that in your privacy policy as a data transfer abroad. If you are choosing freely anyway, a provider with servers in the EU or Switzerland is usually the simpler choice for a Swiss SMB.

Does the newsletter tool have to be in the privacy policy?

Yes. As soon as an external tool processes your recipients' data, it belongs in the privacy policy, together with the purpose and any transfer abroad. That is what the duty to inform under the revFADP requires. A generator on its own does not know your specific tool, so this point has to be correct by hand.

Do I need consent for existing customers?

That is the one exception the UWG recognizes. If you received a customer's email address in the course of a sale, you may send them similar offers of your own, as long as the customer can easily object with every message. Even so, I prefer to run double opt-in here too, because it keeps the proof clean and saves arguments.

Which Newsletter Tool for Switzerland? (Privacy and revFADP) · Blog

There is no best newsletter tool. Two things matter: where your recipients’ data sits and whether you set up a clean double opt-in. For most Swiss SMBs, a provider with servers in the EU or Switzerland fits, because it keeps the privacy policy short and makes no transfer to the US necessary. Which specific tool you then pick is more a question of usability and price than of law.

That is the short answer. Now for an honest assessment, because with newsletters people like to mix up the technology and the law. The tool is chosen quickly, the clean sending is the actual work.

What does Swiss law require?

A newsletter is advertising, and advertising by email is governed by unfair competition law. Swiss unfair competition law (UWG) requires consent from recipients for commercial bulk emails. Three points are part of this in practice:

Consent via double opt-in. Whoever signs up first receives a confirmation email and is only on the list after the click. That is how you prove the person really agreed. Without that proof, you are in a weak position if there is a dispute.
Sender and unsubscribe link. Every message has to make clear who it comes from and contain a working unsubscribe link. That is not politeness, it is a duty.
Privacy policy. The tool you use and the purpose belong in the privacy policy. If the data sits abroad, for example in the US, that transfer has to be declared there.

There is a second form, single opt-in: there the person is on the list immediately upon sign-up, without a confirmation email. That is more convenient, but you have no proof that the address really belongs to the person who entered it. Someone enters a stranger’s address, and you are already sending advertising unasked. That is exactly what the UWG wants to prevent. So I stick with double opt-in, even though a small share of sign-ups will never be confirmed because of it. I would rather have a slightly shorter list with clean proof than a long one without.

Important for context: the revised Federal Act on Data Protection (revFADP) has applied since 1 September 2023 and requires this duty to inform, but no cookie banner for the newsletter. What it requires is transparency about who processes which data for which purpose. I have described what this looks like in detail in the article Privacy policy for Swiss websites.

The tool types compared

In practice, providers split into three groups, and the difference lies almost entirely in the data location. Here is the rough breakdown, without me pushing any particular product on you.

Type	Example	Data location	Privacy effort	When it fits
EU provider	Brevo	Servers in the EU	low, no US transfer	for most Swiss SMBs
US provider	Mailchimp	US	higher, declare transfer abroad	if you already know the tool or need features
Swiss provider	mailXpert, NetMailer	Switzerland	low, data stays in the country	when a CH data location matters

Do not read the table as a ranking. A US tool is not forbidden, it just makes the policy a bit longer and calls for an honest sentence about the data transfer to the US. A Swiss provider sounds the cleanest, but is not automatically easier to use or cheaper. I deliberately do not name exact prices here, because the rates often depend on list size and change quickly.

In practice, the vast majority of the SMBs I work with end up with an EU provider. Brevo, for example, has its servers in the EU, which covers the typical requirements without having to think about the US data transfer. Brevo is also widely used because the address book and sending often start out free or cheap for a small list.

With a US provider, the problem is not the sending but the data flow behind it. If your customers’ addresses sit on US servers, that is a disclosure abroad, and you have to name it in your policy. That is doable and no big deal, just an extra sentence and a topic you have to remember later. My point is not that Mailchimp is bad. It is a good tool. For a Swiss SMB that can choose freely, it is simply not the most obvious choice. Whoever already knows the tool and uses it productively should stick with it, instead of switching for no reason.

What SMBs should watch for when choosing

If you are facing the choice, in your position I would check in this order:

Clean double opt-in possible? Every serious tool can do this. Make sure the confirmation email is active and not switched off out of convenience. That is the single most important point.
Data location. EU or Switzerland keeps the privacy policy short. The US is allowed, but wants to be declared cleanly.
Unsubscribe and management. Does the unsubscribe link work reliably, and are unsubscribes taken into account automatically? A person who unsubscribed and still keeps getting messages is a real problem.
GDPR only if needed. If you specifically target recipients in the EU, the GDPR additionally comes into play, for example with a documented legal basis. For a purely Swiss list, that is not an issue. The same logic applies here as with the cookie banner under the revFADP: it is about how your offer is aimed, not about a few random addresses from Germany.

What should not be a selection criterion, on the other hand, is the sheer number of features. Most SMBs use a fraction of the options. A tool you understand and actually operate is worth more than one with a hundred features you never touch.

My pragmatic advice

For a small list, say a few hundred addresses, a simple EU tool is entirely enough. You do not need an expensive system or special software. What matters is not the tool but that the three basics are right: double opt-in active, unsubscribe link works, tool named in the privacy policy. If those are in place, the rest is comfort.

I will say the opposite case just as honestly: if you send a message to thirty regular customers twice a year, you may not need a newsletter tool at all. A carefully maintained recipient list and an ordinary email send can be enough, as long as the recipients agree and can unsubscribe. A tool becomes worthwhile once the list grows, you send regularly, or you want to keep clean proof of sign-up.

One point that often gets lost: as soon as you add a newsletter tool, your privacy policy changes. The new tool processes personal data, so it has to go in there, including the data location. Whoever takes care of this right when setting up saves themselves the correction later. With a website project or ongoing maintenance, I check this point along the way, so that the policy matches the technology actually in use.

In short

There is no best newsletter tool for Switzerland, it comes down to the data location and a clean double opt-in. For most SMBs, a provider with servers in the EU or Switzerland fits, because it keeps the privacy policy lean. Swiss unfair competition law (UWG) requires consent from recipients, and the double opt-in is the established proof of it. Name the tool and any disclosure abroad in your privacy policy, ensure a working unsubscribe link, and consider the GDPR only when you specifically target EU recipients.

The legally binding text comes from a generator or a lawyer, not from me. What I do: make sure the technology behind it is set up cleanly and your policy is correct in the end. If you are unsure where to start, I will get back to you within one business day (Mon to Fri).