Privacy Policy

Dipl.-Ing. Stefan Liebrecht (Owner of Swipeer) and his affiliates ("Swipeer," "we," "us," or "our") have prepared this privacy policy to explain what Personal Data (defined below) we collect, how we use and share that Personal Data, and your rights and choices concerning our data practices. Through our application (the "App"), we allow individuals ("Users" or "you") to manage notes, chats, and AI workflows in a simple, fast and delightful way. The App and https://swipeer.ai (the "Site") are referred to collectively in this Privacy Policy as the "Service".

This privacy policy does not apply to Personal Data we process on behalf of our customers in connection with their use of our Service. Those processing activities are subject to the privacy policies of our customers. If a third party, for example your employer, uses our Service to process your Personal Data, please contact them directly with questions about how they collect and use your Personal Data, including how we process Personal Data on their behalf.

Before using the Service or submitting any Personal Data to Swipeer, please review this privacy policy carefully and contact us if you have any questions. By using the Service, you agree to the practices described in this privacy policy. If you do not agree to this privacy policy, please do not access the Site or otherwise use the Service.

Local-First Architecture

Core Philosophy: Your Data Stays With You.

Swipeer is a "local-first" desktop-application. This means the primary storage for your work—including notes, prompt templates, and chat histories—resides on your local device. We utilize a specialized File Manager component to manage your data across the following local structures:

• Local Data Storage: Chat histories, notes, and application state are stored in structured JSON and text files within your application data directory.
• Encrypted Secrets: Sensitive credentials, such as your personal API keys, are never stored in plain text. They are encrypted using AES-256 encryption with a locally generated security key.
• Configuration: Local settings and non-sensitive configurations are stored in files within the user's local profile folder.

Because your data is local-first, we cannot recover your notes or chat history if they are deleted locally. We recommend utilizing our built-in Export Profile function to create local archives of your workspace.

1. Personal Data we collect

Personal Data you provide to us

We collect the following categories of information that alone or in combination with other information in our possession could be used to identify you ("Personal Data"):

Personal Data we receive from third parties

Social Media Data: We may receive Personal Data that you elect to provide to us from social media platforms when you interact with our pages.

Personal Data we automatically collect

When you use our Service, we automatically collect certain technical information necessary for license validation and security:

• Device Identifiers: A stable, unique hardware identifier (Device ID) to manage license activation limits.
• App & System Info: App version, OS version, and system architecture.
• Contextual Info: Device name (e.g., your hostname) to help you manage your activations.

2. How we use Personal Data

We use Personal Data for the following purposes:

• To provide the Service: We use Personal Data to operate, maintain, and provide you with our Service, including to process your payments. This includes performing our contractual obligations under our Terms of Service.
• To communicate with you: We use your Personal Data to respond to your inquiries, comments, feedback, or questions.
• To send administrative information: For example, we may send you information regarding the Service and changes to our terms, conditions, and policies.
• For analytics and product improvement: We use aggregated usage trends for the functionality of the Service. In most cases, we use only aggregated information which does not directly identify you.
• To protect our Service: To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks.
• For compliance and legal reasons: To comply with legal obligations and defend us against legal claims or disputes, including protecting our, your or others' rights, privacy, safety or property.

3. Sharing and disclosure of personal data

In certain circumstances we may share your Personal Data with third parties as set forth below:

• Vendors and Service Providers: To assist us in business operations (e.g., Supabase for hosting/auth, Merchant of Record for payment processing, OpenRouter for AI gateways). Pursuant to our instructions, these parties will access, process, or store Personal Data only to provide services to Swipeer.
• Professional advisors: Such as lawyers, auditors, bankers and insurers.
• Business Transfers: If we are involved in a merger, acquisition, reorganisation, or sale of assets, your Personal Data may be transferred as part of that transaction.
• Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights, prevent fraud, or protect the personal safety of Users.

We may share Personal Data with advertising partners (such as Meta or Google) for marketing and interest-based advertising purposes. You can manage your preferences in the settings or via your browser.

4. International Data Transfers

Our primary infrastructure (API, authentication, and user databases) is hosted on servers provided by Hetzner Online GmbH and Supabase, located in the European Union.

However, some Personal Data may be transferred to service providers in the United States (e.g., AI providers such as OpenAI, Anthropic, or Google).

We ensure that such transfers are protected by appropriate safeguards in accordance with Art. 46 GDPR:

• Data Protocol & Gateway: We use OpenRouter as our gateway to access various AI models. OpenRouter processes your prompts on our behalf and routes them to the respective providers (e.g., OpenAI, Anthropic).
• Standard Contractual Clauses (SCCs): We rely on the terms provided by the underlying AI model providers (e.g., OpenAI, Anthropic), which typically incorporate Standard Contractual Clauses (SCCs) to ensure legal data transfer mechanisms to the USA.
• Data Minimization: We configure our systems to minimize data retention. As a default, we instructing providers not to use your data for model training where such settings are available.

5. How long your personal data will be kept

We will not retain your Personal Data for longer than necessary. Generally, we store Personal Data until it is no longer necessary to provide the Service or until your account is deleted – whichever comes first. When it is no longer necessary, we will delete or anonymise it.

6. Your rights and choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us as provided in the "Contact us" section below. You may continue to receive service-related communications and other non-marketing emails.

Personal Data requests. We also offer you choices that affect how we handle your Personal Data. Depending on your location and the nature of your interactions with our Service, you may request the following in relation to Personal Data:

• Information about how we have collected and used Personal Data. We have made this information available to you without having to request it by including it in this privacy policy.
• Access to a copy of the Personal Data that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
• Correction of Personal Data that is inaccurate or out of date.
• Deletion of Personal Data that we no longer need to provide the Service or for other lawful purposes. You can delete any Personal Data we might collect about you by logging out of your account or contacting us.
• Additional rights, such as to object to and request that we restrict our use of Personal Data.

To make a request, please email us or write to us as provided in the "Contact us" section below. We may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an "authorised agent" to submit requests on your behalf. We will require authorised agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the "Contact us" section below.

Right to complain. We hope that we can resolve any query or concern you may raise about our use of your information. However, depending on where you reside you may have the right to complain to your local data protection regulator.

7. Cookies

We use cookies on our Site. Cookies are text files that websites store and access on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser to allow us to distinguish you from other Users of our Service. We use both first-party cookies (set by Swipeer) and third-party cookies from providers like Google or Meta for performance, analytics, and advertising purposes.

We only use cookies which are strictly necessary to provide you with the Site and to use some of its features, such as the ability to log-in and access to secure areas. These cookies are essential for using and navigating the Site, you can set your browser to block or alert you about these cookies but then some parts of the Service may not work.

For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

8. Children

Our Service is not directed to children who are under the age of 18. Swipeer does not knowingly collect Personal Data from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Data to Swipeer through the Service please contact us and we will endeavor to delete that Personal Data from our databases.

9. Links to other websites

The Service may contain links to other websites not operated or controlled by Swipeer, including social media services ("Third Party Sites"). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this privacy policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

10. Security

You use the Service at your own risk. We have appropriate security measures to prevent Personal Data from being accidentally lost, or used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

However, no Internet or e-mail transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Data to Swipeer via the internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.

11. Changes to privacy policy

The Service and our business may change from time to time. As a result we may change this privacy policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated privacy policy, or notified you by other means if applicable, you acknowledge to have read the revised privacy policy and practices described in it.

12. Contact us

Swipeer is the entity responsible for the processing of Personal Data under this privacy policy (as a controller, where provided under applicable law).

If you have any questions about our privacy policy or information practices, please feel free to contact us at our designated request address: support@swipeer.ai, or by mail to: