Sub-processors

Purpose. Managed Postgres database and authentication.

Data shared. Account information (email, hashed password, display name), usage counters, and translation history (only when a Pro or Team user has opted in to server-side history).

Purpose. AI translation inference via Gemini models.

Data shared. Source text submitted for translation. Requests are sent to Google’s Generative Language API and governed by Google’s API Terms.

Purpose. Audio synthesis for text-to-speech.

Data shared. Target text for audio generation. Same API and terms as the Gemini translation endpoint.

Purpose. AI translation inference.

Data shared. Source text submitted for translation. Governed by DeepSeek’s API terms.

Purpose. AI translation inference.

Data shared. Source text submitted for translation. Governed by xAI’s API terms.

Purpose. Free translation engine for the Free plan and Lite-mode fallback when AI quota is exhausted.

Data shared. Source text submitted for translation. Called directly from your browser on every path; SwiftIn’s servers do not proxy or relay these requests.

Purpose. Free translation engine for the Free plan and Lite-mode fallback when AI quota is exhausted.

Data shared. Source text submitted for translation. Called directly from your browser; SwiftIn’s servers do not proxy these requests.

Purpose. Card payment processing as Merchant of Record (handles VAT and tax remittance).

Data shared. Email address, billing address, subscription metadata. Card data is collected by Paddle directly and never reaches SwiftIn.

Purpose. Cryptocurrency payment processing.

Data shared. Order amount, plan metadata, and the receiving crypto wallet address for the payment intent.

Purpose. Transactional email delivery (account verification, password resets, team invitations, billing receipts).

Data shared. Recipient email address, email content, and delivery metadata (timestamps, delivery status). Resend does not use this data for its own purposes.

Purpose. Sign-up captcha to prevent automated abuse.

Data shared. Captcha challenge solution and standard browser metadata. No email or password is sent to Cloudflare via Turnstile.

Purpose. Hosting for the SwiftIn website and dashboard at swiftin.dev.

Data shared. Standard HTTP request metadata (IP address, User-Agent, URL) for serving the website.

Purpose. Hosting for the SwiftIn backend API at api.swiftin.dev.

Data shared. Standard HTTP request metadata (IP address, User-Agent, URL) for serving API requests. Backend operational logs are stored here.

Purpose. Crash and error tracking, used to detect and resolve service-reliability issues (legitimate interest, GDPR Art. 6(1)(f)).

Data shared. Backend (Node/Express) error tracking captures stack traces, error messages, request URL/method, browser/OS metadata, and IP address; request bodies are captured with field-name redaction (password, token, secret, apiKey are replaced with [REDACTED]) and sensitive headers (Authorization, Cookie, payment-webhook signatures) are stripped before transmission. Web (browser) error tracking strips Authorization/Cookie headers; request/response bodies are not captured. Session Replay is enabled on the web dashboard only, at a 10% session sample rate and 100% on errors, with text content masked (maskAllText: true), media blocked (blockAllMedia: true), Supabase auth URLs excluded from network capture, and request/response headers not captured. Replays are kept for 90 days then automatically deleted by Sentry.

Purpose. Product analytics for understanding feature usage. Strictly consent-based: off by default until you accept the cookie banner.

Data shared. Anonymous usage events and page views — only after explicit consent. Individual-user identification is not enabled.