Swiftimate Logo
Swiftimate

Privacy Policy

Effective Date: January 1, 2024 | Last Updated: January 1, 2024

Welcome to Swiftimate ("we," "our," or "us"). Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your information when you use our website, mobile app, and related services (collectively, the "Service").

By accessing or using Swiftimate, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

1. Information We Collect

a. Information You Provide Directly to Us

  • Account Information: When you register for an account, we collect your name, email address, business name, phone number, and password.
  • Client Data: Information you input regarding your clients and projects, including client names, addresses, phone numbers, contact persons, service details, estimate/invoice details, and payment statuses. This data is essential for the core functionality of Swiftimate.
  • Payment Data: When you subscribe to a paid plan, your payment information (e.g., credit card details, billing address) is collected and processed securely by our PCI-compliant third-party payment processor, Stripe. We do not directly store your full payment card details.
  • Communications: Records of your correspondence with us, such as support inquiries, feedback, or survey responses.

b. Information We Collect Automatically

  • Usage Data: Information about how you access and use the Service, including your IP address, device type, browser type, operating system, unique device identifiers, pages visited, features used, session duration, and referral URLs. We use this to analyze usage patterns and improve the Service.
  • Cookies and Tracking Technologies: We use cookies and similar tracking technologies (e.g., local storage) to remember your preferences, maintain your login session, analyze site performance, and understand how users interact with the Service. You can manage your cookie preferences through your browser settings.

c. Information from Third-Party Services

If you choose to integrate or connect Swiftimate with third-party services (e.g., signing in via Google, or other future integrations), we may receive information from those services in accordance with their respective privacy policies and your privacy settings on those services.

2. How We Use Your Information

We use your personal information for the following purposes:

  • To Provide and Maintain the Service: To operate, deliver, and improve Swiftimate's functionalities, including creating and managing user accounts, enabling the generation and delivery of estimates and invoices, and storing your client and project data.
  • To Process Transactions: To process your subscription payments and manage your billing through Stripe.
  • For Communication: To provide customer support, send you transactional emails (e.g., account verification, password reset, billing notifications), and inform you about updates or changes to the Service.
  • For Analytics and Improvement: To understand and analyze how users interact with our Service, identify trends, improve user experience, and develop new features.
  • For Security: To protect the integrity and security of our Service, prevent fraud, detect and address security incidents, and ensure compliance with our Terms of Service.
  • For Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to respond to lawful requests from public authorities.

We do not sell your personal information to third parties.

3. Legal Basis for Processing (For EU/EEA Users)

If you are located in the European Union or European Economic Area, we process your personal data based on the following legal grounds:

  • Performance of a Contract: The processing is necessary to provide the Service to you as per our Terms of Service (e.g., managing your account, providing core functionalities like estimates/invoices).
  • Legitimate Interests: The processing is necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., improving our Service, preventing fraud, maintaining security, analytics).
  • Legal Obligation: The processing is necessary to comply with a legal obligation (e.g., tax, accounting, or regulatory requirements).
  • Consent: In some cases, we may rely on your consent for specific processing activities (e.g., certain types of non-essential cookies), which you can withdraw at any time.

4. How We Share Your Information

We share your information with third parties only in the following limited circumstances:

  • Service Providers: We engage trusted third-party service providers to perform functions on our behalf and help us operate, provide, and improve the Service. These include:
    • Payment Processors: Stripe, for secure processing of your subscription payments.
    • Cloud Infrastructure & Database: Supabase, for secure data storage and backend services.
    • Analytics Providers: Tools like [e.g., Google Analytics, Vercel Analytics, Posthog - insert if applicable] to help us understand user behavior and improve the Service.
    • Email Communication Services: Providers that help us send transactional and service-related emails.
    • Hosting Providers: The underlying cloud provider for our application (e.g., Vercel, AWS, GCP where Supabase is hosted).
    These providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.
  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency request). We may also disclose your information to protect our rights, property, or safety, or that of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, asset sale, or similar transaction, your personal information may be transferred to the acquiring entity. We will notify you of any such transfer and choices you may have.
  • With Your Consent: We may share your information for any other purpose disclosed to you with your explicit consent.

We do not share or sell your data for advertising or marketing purposes without your explicit consent.

5. Our Role: Data Controller and Data Processor

  • Data Controller: For your personal account information (e.g., your name, email, billing details, and usage data), Swiftimate acts as the "Data Controller." This means we determine the purposes and means of processing this data.
  • Data Processor: For the client data and project information you upload and manage within Swiftimate (e.g., your clients' names, contact details, estimate details), Swiftimate acts as a "Data Processor." In this case, you are the "Data Controller," and you are responsible for ensuring that you have the necessary legal basis and rights to collect and process your clients' data using our Service. We process this data strictly according to your instructions (via your use of the Service).

6. Data Storage and Security

  • All user data is stored securely using industry-standard encryption protocols (TLS/SSL for data in transit and AES-256 for data at rest).
  • Passwords are hashed using strong, one-way cryptographic algorithms and are never stored in plain text.
  • Account access is secured, and we recommend enabling multi-factor authentication (if available) for added protection.
  • Your data, including that processed by Supabase, is primarily hosted on secure cloud infrastructure located within the United States.
  • We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

7. International Data Transfers (For EU/EEA Users)

As your data, including data processed by Supabase, is primarily hosted in the United States, if you are an EU/EEA user, your personal data will be transferred to and processed in the United States. The United States may not have the same data protection laws as your country. To ensure your data is adequately protected, we rely on legally recognized transfer mechanisms, such as Standard Contractual Clauses (SCCs) approved by the European Commission, and other appropriate safeguards. By using the Service, you acknowledge and agree to such transfers.

8. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal data:

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Right to Know: Request information about the categories and specific pieces of personal data we have collected about you, the sources from which it is collected, the purposes for collecting or selling it, and the categories of third parties with whom we share it.
  • Right to Delete: Request the deletion of personal data we have collected from you, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing: The right to opt-out of the "sale" or "sharing" of your personal data. Swiftimate does not sell your personal data in the traditional sense, nor do we share it for cross-context behavioral advertising.
  • Right to Correct: Request correction of inaccurate personal data.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information (we process very limited sensitive personal data).
  • Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

European Union Users (GDPR)

If you are located in the EU/EEA, you have the following rights concerning your personal data:

  • Right of Access: Obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data.
  • Right to Rectification: Request the correction of inaccurate personal data concerning you.
  • Right to Erasure ("Right to be Forgotten"): Request the deletion of personal data concerning you, under certain conditions.
  • Right to Restriction of Processing: Request that we restrict the processing of your personal data, under certain conditions.
  • Right to Data Portability: Receive the personal data concerning you in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.
  • Right to Object: Object to the processing of your personal data, under certain conditions.
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority regarding our processing of your personal data.

To exercise your rights, please contact us at privacy@swiftimate.com. We will respond to your request within a reasonable timeframe as required by applicable law.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you request account deletion, we will delete your personal data within a reasonable timeframe, subject to legal and regulatory retention requirements.

10. Children's Privacy

Swiftimate is not intended for children under the age of 13. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected such information from a child under 13, we will take steps to delete it immediately from our servers.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If material changes are made, we will notify users through email or an in-app notice, and update the "Last Updated" date at the top of this policy. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us at:

Email: privacy@swiftimate.com
Mailing Address: 123 Business Avenue, Suite 100, San Francisco, CA 94107