Privacy Policy

01 Who we are

Swipe ("Swipe", "we", "us", "our") is a creative reference management tool operated by Swipe.

Questions about this policy? Contact us at [email protected]

02 What data we collect

We collect different types of information depending on how you use Swipe:

Information you give us directly

• Account information: name, email address, and password when you create an account.
• Waitlist sign-up: email address when you request early access.
• Profile information: optional details such as your job title, company name, or profile photo.
• Communications: messages you send to our support team or via feedback forms.

Information we collect automatically

• Usage data: pages visited, features used, clicks, searches, and time spent on the platform.
• Device information: browser type and version, operating system, screen resolution, and device identifiers.
• Log data: IP address, access times, referring URLs, and error logs.
• Cookies and similar technologies: see Section 5 below.

Content you save

• Images, URLs, and metadata (source platform, save date, AI-generated tags) that you save to your Swipe library using the browser extension or web app.
• Folder structures, board names, and annotations you create.
• Content shared with you by other team members on shared boards.

Information from third parties

• If you sign in using a third-party provider (e.g. Google), we receive your name, email address, and profile picture from that provider.
• We do not scrape or store third-party platform content beyond the images and URLs you explicitly choose to save.

03 How we use your data

We use the information we collect to:

• Provide, operate, and improve the Swipe service.
• Create and manage your account and authenticate your identity.
• Process and fulfil waitlist requests and send early access invitations.
• Power AI-based image categorisation and search features.
• Send transactional emails (account confirmations, password resets, feature updates).
• Send marketing communications where you have opted in (you can unsubscribe at any time).
• Analyse usage patterns to improve performance, fix bugs, and develop new features.
• Enforce our Terms of Service and comply with legal obligations.
• Prevent fraud, abuse, and security incidents.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

04 Legal bases for processing (UK & EU users)

Under the UK GDPR and EU GDPR, we rely on the following legal bases:

• Contract: processing necessary to provide the service you've signed up for (e.g. account management, delivering features).
• Legitimate interests: analytics, security, fraud prevention, and product improvement — where these don't override your rights.
• Consent: marketing emails and non-essential cookies — you can withdraw consent at any time.
• Legal obligation: where we are required to process data to comply with applicable law.

05 Cookies & tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, and understand how Swipe is used.

• Essential cookies: required for the service to function (authentication, session management). These cannot be disabled.
• Analytics cookies: help us understand how users interact with Swipe (e.g. via Plausible or PostHog). These are privacy-friendly and do not track you across other sites.
• Preference cookies: remember your settings and preferences between visits.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the service.

06 Sharing your data

We share personal data only in limited circumstances:

• Service providers: trusted third parties who help us operate Swipe (e.g. cloud hosting, email delivery, analytics). They are contractually required to protect your data and may only use it to provide services to us.
• Team members: if you use Swipe in a team workspace, other members of that workspace can see shared boards and content you choose to share.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you in advance.
• Legal requirements: where required by law, court order, or to protect the rights and safety of Swipe, our users, or others.

We do not sell your personal data.

07 International data transfers

Swipe is based in the United Kingdom. Some of our service providers are located outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses (SCCs).
• Transfers only to countries with adequacy decisions from the UK ICO or European Commission.

08 Data retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: retained for the duration of your account plus 30 days after deletion to allow recovery.
• Saved content: deleted promptly upon account deletion request.
• Waitlist data: retained until you are invited or request removal.
• Usage logs: retained for up to 12 months for security and debugging purposes.
• Legal obligations: some data may be retained longer where required by law (e.g. financial records).

09 Your rights

UK & EU users have the following rights under the UK GDPR / EU GDPR:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Restriction: request that we limit how we process your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Object: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

California users (CCPA) have the right to:

• Know what personal information is collected, used, shared, or sold.
• Delete personal information we have collected.
• Opt out of the sale of personal information (we do not sell personal information).
• Non-discrimination for exercising your rights.

UK users also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10 Children's privacy

Swipe is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us at [email protected] and we will delete it promptly.

11 Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption in transit (TLS) and at rest.
• Access controls limiting data access to authorised personnel only.
• Regular security reviews and vulnerability assessments.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

12 Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) or by posting a prominent notice on our website at least 14 days before the changes take effect.

Your continued use of Swipe after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13 Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For urgent security concerns, please email [email protected] .