Privacy Policy

Last updated: 8/29/2025

Effective date: 8/29/2025

1. Introduction

SwapStack ("we," "our," "us," or the "Company") operates the swapstack.ai website and platform (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Age Restriction: Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use our Service or provide any information to us.

2. Information We Collect

2.1 Personal Information You Provide

  • Account Information: First name, last name, email address, password, company name (optional)
  • Profile Information: Professional bio, profile picture, business role (buyer/seller)
  • Business Information: Business metrics (ARR, profit margins, customer count), tech stack, business descriptions
  • Communication Data: Messages between users, support inquiries, feedback
  • Transaction Data: Payment information, billing address, transaction history
  • Verification Documents: Business ownership proof, financial statements, NDAs

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: IP address, browser type, device type, operating system
  • Location Data: Country, region, city (derived from IP address)
  • Cookies & Tracking: Session cookies, preference cookies, analytics cookies
  • Log Data: Server logs, error reports, performance data

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations, payment status
  • Analytics Providers: Aggregated usage insights
  • Business Verification Services: Business registration confirmations
  • Social Media: If you connect social accounts (optional)

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance

To provide our services, process transactions, and fulfill our obligations to you.

Legitimate Interests

To improve our services, prevent fraud, ensure security, and conduct business analytics.

Legal Obligations

To comply with tax laws, respond to legal requests, and fulfill regulatory requirements.

Consent

For marketing communications and optional features (you can withdraw consent anytime).

4. How We Use Your Information

Service Delivery

  • Create and manage your account
  • Facilitate buyer-seller connections
  • Process transactions and payments
  • Verify business listings and metrics

Communication

  • Send transactional emails
  • Provide customer support
  • Send platform updates and announcements
  • Marketing communications (with consent)

Improvement & Analytics

  • Analyze usage patterns
  • Improve user experience
  • Develop new features
  • Conduct market research

Security & Compliance

  • Prevent fraud and abuse
  • Ensure platform security
  • Comply with legal obligations
  • Enforce our terms of service

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information in the following circumstances:

With Other Users

  • Seller profiles are visible to verified buyers
  • Basic buyer information shared with sellers upon inquiry
  • Messages exchanged through our platform

With Service Providers

  • Payment processors (Stripe)
  • Cloud hosting providers (AWS)
  • Email service providers
  • Analytics providers
  • Customer support tools

For Legal Reasons

  • To comply with legal obligations
  • To respond to lawful requests from authorities
  • To protect our rights and property
  • To prevent fraud or security issues

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active + 30 days after deletion
  • Transaction Records: 7 years for tax and legal compliance
  • Communications: 2 years or as required for dispute resolution
  • Analytics Data: 26 months
  • Marketing Lists: Until you unsubscribe + 30 days

7. Your Rights & Choices

GDPR Rights (EU Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit processing of your data
  • Right to Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Complain: Lodge a complaint with your supervisory authority

CCPA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices
  • Categories of Information: Request categories and sources of data collected

How to Exercise Your Rights

  • Email us at: privacy@swapstack.ai
  • Use the privacy settings in your account dashboard
  • Click "unsubscribe" in marketing emails
  • Submit a request through our support system

We will respond to your request within 30 days (45 days for complex requests).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, particularly the United States where our servers are located.

EU-US Data Transfers: We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Technical and organizational security measures
  • Data minimization principles

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Technical Measures

  • 256-bit SSL encryption
  • Encrypted database storage
  • Regular security audits
  • Firewall protection
  • Access logging and monitoring

Organizational Measures

  • Limited access controls
  • Employee training
  • Confidentiality agreements
  • Regular policy reviews
  • Incident response procedures

Data Breach Notification: In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide information about the breach and steps to protect yourself.

10. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience. For detailed information, please see our Cookie Policy.

Types of cookies we use:

  • Essential cookies (required for platform functionality)
  • Performance cookies (to improve our services)
  • Functionality cookies (to remember your preferences)
  • Marketing cookies (with your consent)

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification for significant changes

13. Contact Information

Data Protection Officer

SwapStack Privacy Team

Email: privacy@swapstack.ai

Data Protection: dpo@swapstack.ai

Address: SwapStack, Inc.
548 Market St #14966
San Francisco, CA 94104
United States

EU Representative

For EU residents, our representative can be contacted at:
Email: eu-privacy@swapstack.ai

Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection authority.

GDPR & CCPA Compliant

Your privacy is our priority. We are committed to transparency and protecting your personal information.