Privacy Policy

1. Who we are

Swyftstack is operated by the company at the address listed on our About page. We are the data controller for the personal data described below.

2. What we collect

• Account data: name, email, organisation, password hash (bcrypt or argon2), and the auth provider you used.
• Billing data: billing address, last 4 digits of the card, invoice history. Card details are stored by our payment processor, never by us.
• Usage telemetry: request counts, storage and egress totals, error rates per project. Used to bill correctly and to debug issues you report.
• Server logs: IP, user agent, and request metadata for the dashboard. Retained 30 days, then aggregated.
• Customer data: the rows in your database and the files in your buckets. We treat this as if it were our own - no humans look at it unless you ask us to (e.g. during a support session) or we are legally compelled.

3. Why we collect it

• To run the service (provision databases, route requests, enforce quotas).
• To bill you correctly and pay applicable taxes.
• To answer support tickets and debug issues you report.
• To meet legal obligations (tax records, fraud prevention, lawful process).

4. What we don’t do

• We never sell personal data to anyone.
• We never train AI/ML models on customer database rows, bucket contents, or telemetry.
• We never read your data “in the background”. Access is logged and used only on your request or where strictly necessary to operate the platform (e.g. to investigate an abuse complaint we received).

5. Where data lives

Customer databases and buckets live in the region you select at signup (US-East, EU-West, or Asia-Pacific at launch). Backups are stored in the same region. Operational metadata (your account, billing, usage telemetry) lives in our control-plane database in the EU.

6. Sub-processors

We use a small number of vendors to run the service. The current list (Stripe for payments, Resend/Zeptomail for email, Cloudflare for DNS and CDN, the hyperscaler the chosen region maps to) is published at /security. We notify customers via email at least 30 days before adding a new sub-processor that handles customer data.

7. Your rights

If you are in the EEA, UK, California, or any jurisdiction with equivalent data-protection law, you have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. Email privacy@swyftstack.com and we will respond within 30 days.

8. Cookies

We use a minimal set of strictly-necessary cookies (session, CSRF, theme preference) on the website and dashboard. We do not run third-party advertising trackers. See the Cookie Policy for the full list.

9. Retention

Customer data is retained while your account is active. After cancellation, we hold it for 30 days so a re-activation does not lose state; after that we delete it. Billing records are retained for the period required by tax law (typically 7 years). You can request earlier deletion of personal data at any time.

10. Security

TLS 1.2+ everywhere, AES-256 at rest, encrypted backups, scoped credentials, weekly restore drills, and an internal access log for the production database. Details at /security.

11. Contacting us

Privacy questions or data-subject requests: privacy@swyftstack.com. Security issues: security@swyftstack.com. We answer both within one working day.

12. Changes to this policy

Material changes are announced via email at least 30 days in advance. The current version is always at this URL with the “Last updated” date.

Questions about this policy? Email legal@swyftstack.com and a human will reply. For product support email support@swyftstack.com. See also our Terms of Service, Privacy Policy, Cookie Policy, Refund Policy, and Acceptable Use Policy.