Swappix privacy policy
1. Data controller
Personal data controller (“Controller”):
- Legal name: add before publishing in app stores (sole proprietor, LLC, or equivalent). You may request current details at [email protected].
- Contact for privacy matters: [email protected]
This policy describes how we collect and process data when you use the Swappix mobile app (“App”) for Android and iOS, and the goswappix.app website (“Site”) where it relates to Swappix.
By using the App or relevant parts of the Site, you acknowledge this policy. If you do not agree, please do not use the service.
2. Data we process
Depending on your use, we may process the following categories:
2.1. Account and authentication
- Email address and password (password is stored in protected form by the authentication provider).
- If you sign in with a phone number: the number and data needed for verification (SMS or call).
- Technical session tokens to keep you signed in.
2.2. Profile and reputation
- Nickname and, optionally, profile photo.
- Rating and interaction history on the platform.
- Identity verification data (e.g. a check photo) if you complete verification.
2.3. Content you create
- Exchange requests (directions, amounts, currencies, comments, and other fields).
- Deal-related data (status, confirmations, meetup location and terms in the interface where applicable).
- Chat messages and attachments when synced to the server; data stored only on your device is removed if you delete the app or clear app data.
2.4. Location
If you use the map, nearby requests, meetup location, or SOS / trusted-contact alerts, we may process your location when you grant OS permission and enable the feature.
2.5. Technical and diagnostic data
- Device model, OS version, interface language.
- Analytics and automatic crash reporting are not enabled in the current App version; this policy will be updated if that changes.
2.6. Notifications
- With OS permission, local notifications may be used on the device (without sending a push token to a remote provider).
- Remote push (e.g. Firebase Cloud Messaging) is not used in the current version.
3. Purposes
We process data to:
- provide the service (sign-up, profile, requests, deals, chats);
- keep users safe and enforce platform rules (including moderation where applicable);
- respond to support requests;
- comply with legal obligations where applicable.
Swappix is an information platform connecting users; settlement between parties usually happens outside the App unless agreed otherwise.
4. Legal bases
For EEA residents and similar regimes, processing may rely on contract performance, consent (e.g. location, notifications, marketing if introduced), and legitimate interests (security, abuse prevention) where compatible with your rights.
For users in the Russian Federation, processing also takes into account Federal Law No. 152-FZ on personal data.
5. Processors and third parties
| Service | Purpose | Policy |
|---|---|---|
| Supabase (Supabase Inc.) | Database, authentication, file storage (avatars, verification), API | supabase.com/privacy |
| OpenStreetMap (tiles) | Map display | OSM tile policy |
| Google Fonts | When fonts load from Google — UI rendering | Google Privacy |
Opening Google Maps or other map apps from the App is subject to those services’ policies.
We do not sell personal data to third parties for advertising in the sense of “selling contact lists.”
6. Storage and international transfers
Data may be processed on Supabase and other processors’ servers, including outside your country (including the US and EU). Check your Supabase project settings for the deployment region.
7. Retention
- Account data is kept while your account is active.
- After account deletion, data is erased or anonymised as soon as technically and legally possible; backups may be retained for a limited period.
For retention details, contact [email protected].
8. Your rights
You may request access, correction, or deletion (within legal limits), withdraw consent where it applies, or complain to a supervisory authority. Contact: [email protected].
9. Children
The service is not directed at children under 16 (or the digital consent age in your jurisdiction if higher). If a child has provided data, contact us and we will take steps to delete it.
10. Security
We use organisational and technical measures (HTTPS, access control, database policies). No internet transmission is 100% risk-free.
11. Changes
We may update this policy; the new version applies from publication at this URL unless stated otherwise. Material changes may be notified in the App or by email where feasible.
12. Contact
The current version is always available at this URL. Before store submission, complete section 1 with your legal entity details (sole proprietor, company registration, etc.).