Skip to content

Privacy Policy

Last updated: July 4, 2026

Quick Privacy Summary

Swiftin is built local-first: your data lives on your device by default, and the server only sees what is strictly necessary to deliver the Service. Here are the key facts:

  • Everything is local by default. Your translation history, saved dictionary, settings, language preferences, and the offline translation cache live in your browser, on your device, not on our servers. By default these never leave your machine; Team owners may opt in to server-side history for their team, and Pro and Team users may opt in to syncing their saved dictionary for cross-device access (see Section 2.2).
  • Document translation: your file never leaves your browser. When you translate a PDF, Word, Excel, PowerPoint, EPUB, or subtitle file at /translate-document, the document is parsed and re-assembled entirely in your browser. Only the extracted text strings, never the file itself, are sent to our standard translation API. The translated file is rebuilt locally and downloaded directly without round-tripping through our servers. This applies to every plan, including Free.
  • No translation content on our servers, unless you ask for it. The text you translate is processed in real time and immediately discarded. We never persist it on our servers on any plan by default. On the Team plan the team owner may opt in to server-side history (for example, to get cross-device sync for the team), and even then it is auto-deleted after at most 90 days by a daily database cleanup job. Free and Pro plans never have server-side history. Your saved dictionary is separate: Pro and Team users can sync it to our servers (off by default), while the Free plan keeps it on your device only (see Section 2.2).
  • No data selling. We never sell, rent, or trade your personal data to third parties or data brokers.
  • Minimal data collection. We collect only what is necessary: email, AI token counters for billing, and standard technical metadata (IP, browser version) to operate the Service.
  • AI processing, fully disclosed. When you translate, your text is sent over an encrypted connection to one of our third-party AI providers, or to a free public translation endpoint (currently Google Translate or Microsoft Bing). Some AI providers are reached through OpenRouter, which routes the request to the underlying inference hoster. Text-to-speech currently uses Google AI. The canonical, always-up-to-date list of providers, models, routing path, and countries of processing is at swiftin.dev/sub-processors. We do not train any AI models on your content ourselves. Each third-party provider processes your content under its own standard API terms; we have not negotiated bespoke Data Processing Agreements with them, so non-training commitments depend on each provider's published policy.
  • Account & data deletion. You can request deletion of your account at any time by contacting support@swiftin.dev. Deletion is completed within 30 days. Most data is hard-deleted (profile, translation history, server-synced dictionary, subscription state, team memberships, addon purchases, usage records). Two categories are kept anonymised, your link to them is removed, but the rows themselves are retained as required by law: payment records for 7 years (tax and accounting obligations) and consent records for 3 years (defence of consent under GDPR Article 7 and consumer-law statute of limitations). After their retention window, both are permanently deleted by automated cleanup jobs.

Prefer a plain-language walkthrough? See our privacy & security overview and translation history guide in the docs.

1. Introduction & Data Controller

Swiftin ("we," "our," or "us") operates the Swiftin browser extension and the website located at swiftin.dev (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and share information when you use our Service. By using Swiftin you agree to the practices described in this policy.

The data controller responsible for data processing pursuant to the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Swiftin

Email: support@swiftin.dev

Privacy inquiries: legal@swiftin.dev

Jurisdiction: Georgia (country)

Legal entity registration in Georgia is currently in progress; the formal entity name and registered postal address will be published on this page upon completion.

"Personal data" means any information relating to an identified or identifiable natural person, as defined in Art. 4(1) GDPR.

2. Information We Collect

2.1 Account Information

When you create or use an account we store, in our users table:

  • Email address (required for login and transactional email)
  • Display name (optional)
  • Translation style preference
  • Server-history opt-in (off by default), controlling whether team translation history is synced to our servers (Team only; the team owner controls it)
  • Dictionary sync opt-in (off by default), controlling whether your saved dictionary is synced to our servers (Pro/Team only)
  • Marketing consent flag (off by default; opt-in only)
  • Terms acceptance metadata: timestamp, version, IP address, and User-Agent at the moment you accepted the Terms / Privacy / payment Terms, kept as a GDPR Article 7 audit trail
  • Activity timestamps: account-created, last-updated, last-active

Passwords are managed by our authentication provider (Supabase Auth) using industry-standard hashing; we never see, store, or log plain-text passwords. Optional two-factor authentication (TOTP) is available in your account settings.

A separate immutable consent log records each consent event (event type, ToS version, IP, User-Agent, timestamp) so we can demonstrate prior consent under GDPR Article 7; the user link is nullable to support anonymisation on account deletion.

2.2 Translation Data

Default behaviour: local only. Your translation history is kept in the browser extension on your device. It is never transmitted to our servers automatically. The Free and Pro plans have no server-side history at all, by design — it stays on your device.

Optional: server-side history for Team cross-device sync. On the Team plan, the team owner can turn on server-side history so the team's input-bar translations are available across browsers and devices. The opt-in is off by default and can be turned off at any time. Free and Pro plans keep history on-device only. When enabled, the translation_history table stores: original text, translated text, source and target languages, translation style and intensity, AI token counts (prompt + completion), the AI provider model used, and the timestamp. Only the team owner controls this single opt-in covering all team translations.

What happens when you turn the toggle off. Disabling the toggle stops new translations from being saved to the server. Existing server-side entries are not auto-deleted at toggle-off, they remain until either (a) they expire under the 90-day retention window (Team only) and are removed by the daily cleanup job, or (b) you manually clear them from the dashboard's history view, or (c) you delete your account, which hard-deletes all of your translation history.

2.2.1 Saved Dictionary (optional cloud sync)

Default behaviour: local only. Words and phrases you save to your dictionary are kept in the browser extension on your device. They are never transmitted to our servers automatically. The Free plan keeps the dictionary on-device only: nothing is ever stored on our servers.

Optional: dictionary sync for cross-device access (Pro and Team). If you are on a Pro or Team plan and you want your saved dictionary available across browsers and devices, you can explicitly turn on dictionary sync. The opt-in is off by default and can be turned off at any time. This opt-in is per user: every individual, including each member of a Team, controls their own dictionary sync. (This is different from translation history, where on Team a single owner-controlled toggle covers the whole team.)

What is stored. When sync is enabled, the dictionary_entries table stores, for each saved word or phrase: the source text (the word or phrase you saved), its translation, the source and target languages, the translation engine used, a favorite flag, rich linguistic metadata (such as transliteration, part of speech, definition, synonyms, antonyms, usage examples, and CEFR level), and create and update timestamps.

Personal scope. Your dictionary is private to you. Even on a Team plan there is no team-wide or team-owner view of any member's dictionary: each member can read and write only their own entries.

Retention. Your synced dictionary is durable while you are subscribed: it is kept until you delete it, and it is not auto-expired on a rolling time window while you are paying (this is intentionally different from server translation history, which is Team-only and expires after at most 90 days). You can delete individual entries or clear your whole dictionary from the product at any time while subscribed. If you downgrade to the Free plan, your server-synced dictionary is deleted 30 days after the downgrade by a daily database cleanup job. It is hard-deleted when you delete your account.

What happens when you turn the toggle off. Disabling dictionary sync stops new entries from being uploaded, but it does not auto-delete entries already on the server (the dictionary is durable by design). Existing server rows are removed only when you delete individual entries, clear the dictionary, downgrade to Free (after the 30-day window above), or delete your account.

Data export. Your saved dictionary is included in the structured data export you can request under your right of access and right to data portability (see Section 9).

2.3 Usage Data

We bill per AI token, the raw unit our AI providers report for each request, and track AI tokens consumed per billing period to enforce plan usage limits. A token is the unit the AI provider charges us for, roughly 1 token per character for most languages with some variation by language and provider. We also log the number of translation requests for rate-limiting and abuse-prevention purposes. We do not read or analyze the content of your translations for advertising, profiling, or any purpose other than providing the translation.

2.4 Payment Information

Payments are processed by third-party providers: Paddle (card payments) and NOWPayments (cryptocurrency payments). We do not directly store your full payment card numbers. Our payment providers handle all sensitive financial data in accordance with their own privacy policies and PCI DSS requirements. We store only the transaction identifiers and subscription status necessary to manage your account.

2.5 Extension Settings & Local Storage

Your extension preferences (target language, translation style, excluded sites, hotkeys, UI theme, per-component target languages, snooze/disable states) and the offline translation cache (IndexedDB, automatically evicted after 30 days) are stored locally in your browser. This data lives on your device, is not transmitted to our servers or any third party, and can be cleared at any time by clearing your browser's site data, uninstalling the extension, or (when available) using the "Clear translation cache" control in the extension settings.

2.6 AI-Generated Content & Engine Selection

When you use the translation or text-to-speech features, your source text is sent to one of our named third-party AI or machine-translation providers for processing. This applies to all translation sources, selected text, input fields, page content, and chat messages from supported platforms. These providers process your text in real time to generate translations or audio. We currently route requests as follows:

  • AI providers (paid quota, Free AI tokens, Pro, Team): the request is routed to one of our contracted AI providers for inference. The specific provider is selected based on the engine picked in the extension. Several of these providers are reached through OpenRouter, an inference router that forwards the request to the underlying hoster. The canonical, always-up-to-date list of providers, model identifiers, routing path, and country of processing is at swiftin.dev/sub-processors.
  • Free engines (Free plan default + Lite-mode fallback): a public translation endpoint (currently Google Translate or Microsoft Bing Translator). Free-engine requests are always sent directly from your browser to the provider, your IP address is exposed to the provider and Swiftin's servers do not see, log, or relay the request. This applies to every free-engine path: the Free plan's default engine, the Lite-mode fallback when a paid user's AI quota is depleted within a billing period, and any in-extension cascade after a backend error.
  • Text-to-speech: routed to our contracted TTS provider (currently Google AI).
  • Bring-Your-Own-Key (BYOK): if you configure your own AI provider API key in the extension settings, translation requests made with that key are sent directly from your browser to the provider you chose. Swiftin's servers do not see, log, or process the content of those requests, and we do not bill AI-token quota for them. (Text-to-speech is currently backend-only and not covered by BYOK.) The API key itself is stored in the browser extension's device-local storage area (chrome.storage.local, key swiftin_engine_keys), local storage is never replicated through Chrome Sync or Firefox Sync, is never transmitted to Swiftin, and can be removed via the extension settings or by uninstalling the extension.

Lite-mode fallback. If your AI quota is depleted within a billing period, the extension automatically switches to a free public translation endpoint (Google Translate or Microsoft Bing) so the service keeps working. We label this clearly in the extension UI as "Lite mode". Lite-mode requests are sent directly from your browser to the chosen provider, Swiftin's backend is not in the request path. Text submitted in this mode is processed under the free provider's public terms rather than under our paid-tier provider arrangements.

These providers process your text in real time to generate translations or audio. Per each provider's published API terms, they do not retain your content beyond what is needed to fulfil the request; we have not negotiated bespoke commitments with them, so actual behaviour depends on each provider's own policy (see Section 4). Swiftin does not control the behaviour, output quality, content-safety filters, or accuracy of third-party AI or machine-translation models. AI-generated translations and audio are provided "as is", see our Terms of Service for full disclaimers regarding AI output.

2.7 What We Do NOT Collect

We explicitly do not collect:

  • Passwords in plain text, all passwords are stored as one-way hashes by our authentication provider
  • Location data, GPS coordinates, or geolocation
  • Contacts, photos, files, or any data from other apps on your device
  • Browsing history or behaviour across other websites (the extension only processes the specific text you intentionally submit for translation)

We collect only the minimum information necessary to provide and operate the Service.

3. How We Use Your Information

  • Providing the Service: processing translations, generating text-to-speech audio, authenticating your account, and managing your subscription.
  • Usage Enforcement: tracking AI token usage to apply plan limits and prevent abuse.
  • Service Improvement: aggregated, anonymous metrics (e.g., total translations per day, popular language pairs) to improve performance and reliability.
  • Communication: sending transactional emails related to your account (e.g., password resets, billing receipts).
  • Marketing (opt-in only): if you explicitly consent, we may send promotional emails about product updates, tips, and offers. You can withdraw marketing consent at any time via Dashboard → Settings → Privacy & Cookies or by clicking "Unsubscribe" in any marketing email.

4. Third-Party Services

To deliver the Service we share limited data with third-party providers. The current list, including each provider's purpose, the data we share with them, and the country in which it is processed, is published at swiftin.dev/sub-processors. That page is the canonical source and is updated independently of this Privacy Policy.

Two behaviours from the sub-processor list are worth surfacing here, given their sensitivity:

  • Session Replay (Sentry) is enabled on the web dashboard at a 10% session sample rate and 100% on errors. Text content is masked (maskAllText: true), media is blocked, Supabase auth URLs are excluded from network capture, and request/response headers are not captured by the replay SDK. (Note: separately, our backend error-tracking SDK may capture request bodies with sensitive fields stripped, see /sub-processors for the full Sentry configuration.) Replays are retained for 90 days then automatically deleted by Sentry.
  • Free-engine translations (Google Translate, Microsoft Bing) are issued directly from your browser to the provider, Swiftin's servers do not see, log, or proxy these requests. Your IP is exposed to the provider on every free-engine path, including Lite-mode fallback.

Each provider processes data in accordance with its own privacy policy; we encourage you to review them independently. We notify Team plan customers by email at least 30 days before adding or replacing a sub-processor, giving them a reasonable opportunity to object (see our Data Processing Agreement §5).

AI output and content-safety filters: AI providers may apply built-in content-safety filters that alter, soften, omit, or refuse to process certain types of content (profanity, sensitive material, hate speech, etc.). We do not control these filters and cannot guarantee the accuracy, completeness, or fidelity of any AI-generated translation or text-to-speech output. You are solely responsible for verifying the suitability of any output before use. See our Terms of Service Section 10 for full disclaimer details.

Limited Use of Google API data. The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

5. Lawful Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

Processing ActivityLegal BasisGDPR Article
Account registration & authenticationContract performanceArt. 6(1)(b)
Translation processing & deliveryContract performanceArt. 6(1)(b)
Subscription billing & paymentsContract performanceArt. 6(1)(b)
Usage tracking & plan limit enforcementContract performanceArt. 6(1)(b)
Rate-limiting & abuse preventionLegitimate interestArt. 6(1)(f)
Product improvement & aggregated analyticsLegitimate interestArt. 6(1)(f)
Transactional emails (password reset, billing)Contract performanceArt. 6(1)(b)
Product updates & service notificationsLegitimate interestArt. 6(1)(f)
Marketing emails & promotionsConsent (opt-in)Art. 6(1)(a)
Analytics cookies (PostHog)Consent (opt-in)Art. 6(1)(a)
Server-side translation history (Team only; owner opt-in)Consent (opt-in)Art. 6(1)(a)
Server-synced dictionary (Pro: user opt-in; Team: per-member opt-in)Consent (opt-in)Art. 6(1)(a)
Billing record retentionLegal obligationArt. 6(1)(c)
ToS/Privacy consent audit trail (IP, User-Agent)Legal obligation (GDPR Art. 7(1), controller must demonstrate consent)Art. 6(1)(c)

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

6. Data Storage & Security

Your account data and any opted-in server-side translation history are stored on Supabase-hosted infrastructure with encryption at rest and in transit (TLS 1.2+). Passwords are managed by Supabase Auth using industry-standard hashing (bcrypt), we never see, store, or log plain-text passwords. Authentication tokens (JWT) are short-lived; refresh tokens are rotated on every use and revoked on logout, password reset, and account deletion. Optional two-factor authentication (TOTP) is available in your account settings.

Database access is protected by row-level security (RLS) policies; service-role keys are stored only on our backend and are never exposed to the browser, the extension, or any third party. All API endpoints are rate-limited and protected by automated abuse-detection middleware.

While we take commercially reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Cross-border Data Transfers

The bulk of user data, account information, opted-in translation history, and backend application data, is hosted in the European Union: Supabase (Paris, France), Railway (Eemshaven, Netherlands), and Resend (Ireland). Sentry error events are stored in Germany (Frankfurt). The United Kingdom adequacy decision applies to Paddle (card payments).

Some sub-processors are located outside the EEA. Most AI inference partners (Google AI, OpenAI, Anthropic, xAI, Meta, OpenRouter and its downstream inference hosters) operate from the United States; PostHog is also US-based. DeepSeek inference is called directly from our backend to DeepSeek's API in China. NOWPayments operates from the Netherlands and Seychelles; Cloudflare and Vercel operate on global edge networks. Free-engine translation requests (Google Translate, Microsoft Bing) are issued directly from your browser to the provider and do not pass through our servers. The per-provider current routing is documented on the Sub-processors page.

Where personal data of EU/EEA, UK, or Swiss residents is transferred to a country without an adequacy decision, transfers are covered by Standard Contractual Clauses (SCCs adopted by the European Commission, Decision 2021/914) or, where the recipient has self-certified, by the EU-US Data Privacy Framework. The current per-provider transfer basis is documented on our Sub-processors page; you may also request a summary by contacting legal@swiftin.dev.

8. Data Retention

  • Account data is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days.
  • Inactive accounts: Free plan accounts with no activity for 12 months may be automatically deleted. You will not receive prior notice; to prevent deletion, simply use the Service at least once within any 12-month period.
  • Translation history (server-side) retention depends on your plan:
PlanServer HistoryNotes
FreeNot storedHistory is stored locally in the browser extension only
ProNot storedHistory is stored locally in the browser extension only (same as Free). Pro has no server-side history.
Team90 daysServer-side storage is off by default. The team owner controls a single opt-in covering all team translations. Disabling the opt-in stops new translations from being saved to the server; existing entries remain and are pruned by the standard 90-day retention window (nothing is kept longer than 90 days). For immediate erasure, owners can use the account-deletion procedure in section 9.
  • Server-synced dictionary (Pro/Team, per-user opt-in) is kept for as long as you remain subscribed. Unlike translation history, it is not auto-expired on a rolling window while you are paying: your saved words and phrases persist until you delete them. If you downgrade to the Free plan, your server-synced dictionary is deleted 30 days after the downgrade by a daily database cleanup job. It is hard-deleted when you delete your account, and you can remove individual entries or clear the whole dictionary from the product at any time while subscribed.
  • Usage data (AI token counts) is retained for the current billing period and one prior period for billing accuracy.
  • Local extension data (settings, local history, IndexedDB translation cache) is controlled entirely by you and can be cleared at any time through the extension settings, by clearing your browser's site data, or by uninstalling the extension. The extension stores up to 5,000 translation entries in its local history; older entries are automatically removed, with favorited translations protected from deletion. The IndexedDB translation cache evicts entries older than 30 days automatically.
  • Team data: When a Team plan is deactivated (cancelled, expired, or downgraded), all team-related records, including member associations, team usage statistics, pending invitations, and team translation history, are permanently deleted 30 days after deactivation.
  • Automated enforcement. Server-side translation history (Team only) is capped at 90 days by a database cleanup job that runs every day at 04:00 UTC and removes any entries older than 90 days. A separate daily job at 04:30 UTC deletes the server-synced dictionary of any user who downgraded to the Free plan more than 30 days ago. Anonymised payment records and consent records (see below) are purged by separate weekly cleanup jobs after their respective retention windows expire. All cleanup is automatic, you do not need to request deletion for retention to take effect.
  • Consent audit trail. When you accept these documents, we record the version, your IP address, and your User-Agent in our consent log to demonstrate compliance under GDPR Article 7. These records remain linked to your account while it exists. On account deletion the link to your account is removed (the row is anonymised), and the anonymised row is permanently deleted by an automated cleanup job 3 years after anonymisation. Three years is a typical statute-of-limitations window for consent-related disputes under EU consumer law.
  • Billing records (transaction amount, currency, status, payment provider, provider transaction id, plan reference) remain linked to your account while it exists. On account deletion the link to your account is removed (the row is anonymised, what survives is just the financial metadata, no email or user identifier). The anonymised row is permanently deleted by an automated cleanup job 7 years after anonymisation. Seven years matches typical tax record-keeping requirements (EU general 6-10 years, US federal tax 7 years, etc.).

9. Your Rights

Under the GDPR and similar data protection laws, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR), request confirmation of whether we process your data and obtain a copy.
  • Right to rectification (Art. 16 GDPR), request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR), request deletion of your personal data. You can request account deletion at any time by contacting support@swiftin.dev.
  • Right to restriction of processing (Art. 18 GDPR), request that we limit the processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR), request an export of your data in a structured, machine-readable format.
  • Right to withdraw consent (Art. 7(3) GDPR), where processing is based on your consent (e.g., analytics cookies, marketing emails, server-side history), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to object (Art. 21 GDPR), you may object to processing based on legitimate interest. If we process your data for direct marketing, you have an unconditional right to object.
  • Right to lodge a complaint, you have the right to lodge a complaint with a supervisory data protection authority in your country of residence.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know, you may request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share it.
  • Right to delete, you may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, security, legal obligations).
  • Right to correct, you may request correction of inaccurate personal information.
  • Right to opt-out of sale/sharing, Swiftin does not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary.
  • Right to non-discrimination, we will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights (GDPR or CCPA), please contact us at legal@swiftin.dev. We will respond within 30 days (GDPR) or 45 days (CCPA). For data portability requests, we maintain a backend endpoint that produces a structured JSON export of your account data (profile, subscription, consent history, payments, team memberships, translation history, server-synced dictionary, usage history, and add-on purchases); request the export through the same email and we will deliver the file to your registered address.

Right to Lodge a Complaint

If you believe our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement. EU/EEA users can find their national authority at edpb.europa.eu/about-edpb/members. UK users may complain to the Information Commissioner's Office (ICO). We always prefer to resolve concerns directly first, so please consider contacting legal@swiftin.dev before escalating.

Automated Decision-Making (GDPR Art. 22)

We do not subject you to decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. Translation routing, plan-quota enforcement, abuse detection, and rate limiting are operational systems that govern access to the Service; they do not produce legal effects within the meaning of Article 22.

10. Cookies & Tracking

The Swiftin website uses essential cookies required for authentication and session management. These cookies are strictly necessary and do not require consent.

We also use local browser storage (localStorage) to store authentication tokens and user preferences. On the website this data remains on your device and is not transmitted to third parties; most keys are cleared when you log out, while a small handoff token may persist so that the browser extension can detect your authenticated state on next launch. The browser extension also uses localStorage to persist per-component settings such as independently chosen target languages and temporary disable/snooze states; this data stays on your device and is never sent to our servers.

We also use optional analytics cookies (via PostHog) to understand how the Service is used and to improve the user experience. Analytics cookies are only activated after you give explicit consent through the cookie banner shown on your first visit.

You can withdraw your analytics cookie consent at any time from Dashboard → Settings → Privacy & Cookies. The browser extension stores authentication tokens locally on your device and does not set or read website cookies.

11. Data Breach Notification

In the unlikely event of a personal data breach, we are committed to acting swiftly and transparently:

  • Within 72 hours of becoming aware of a breach, we will notify the relevant supervisory authority as required by GDPR.
  • Affected users will be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  • Notifications will include a description of the breach, the data affected, likely consequences, and the measures we are taking to address it.
  • We will provide a dedicated point of contact to answer any questions related to the breach.

If you believe you have identified a security vulnerability, please contact us immediately at legal@swiftin.dev.

12. Children's Privacy

Swiftin is not directed to children under the age of digital consent in their jurisdiction, generally 16 years old in the European Economic Area and the United Kingdom (per GDPR Article 8 and applicable Member State derogations down to 13), and 13 years old in the United States (per COPPA) and most other jurisdictions.

By creating an account, you confirm that you meet the minimum age of digital consent in your jurisdiction. We do not require document-based age verification. We do not knowingly collect personal data from children below the applicable threshold. If you believe a child has provided us with personal data, please contact legal@swiftin.dev and we will delete it within 30 days of receiving a credible report.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through the Service. Your continued use of Swiftin after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach us at:

Swiftin

General support: support@swiftin.dev

Privacy & data rights: legal@swiftin.dev

Jurisdiction: Georgia (country)

We aim to acknowledge and respond to all privacy-related inquiries and data-rights requests within 30 days of receipt, in line with GDPR Article 12 §3. Where a request is particularly complex or we have received a high volume of requests, this period may be extended by up to two further months; in that case we will inform you of the extension and the reasons for it within the initial 30-day window.