SwarmGen

Privacy Policy

Last updated: April 2025

1. Who We Are

SwarmGen is operated by Swarm Labs IO Ltd (“we”, “us”, “our”). Swarm Labs IO Ltd is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, and protect personal data when you use our image generation platform (the “Service”).

For any privacy-related queries, contact us at [email protected].

2. Information We Collect

We collect only the data necessary to operate the Service:

  • Account data: your email address and securely hashed password provided at registration
  • Usage data: renders performed, templates created, API calls made, and credit usage
  • Content data: templates, uploaded images, brand assets, and sample data you provide
  • Analytics data: pseudonymised usage data such as page views, session duration, and referral source, collected via Google Analytics
  • Billing data: payment method details processed by Stripe — we do not store card numbers

3. How We Use Your Data

We use your data to:

  • Provide and operate the Service, including processing render jobs
  • Manage your account and authenticate access
  • Process payments and manage subscription billing
  • Send transactional emails (password resets, billing receipts)
  • Monitor platform health and prevent abuse
  • Understand how the Service is used in aggregate to improve it

We do not sell your personal data to third parties.

3A. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual necessity: to provide and operate the Service you have signed up for
  • Legitimate interests: to monitor usage, prevent abuse, and improve the Service
  • Legal obligation: to comply with applicable laws, including financial record-keeping
  • Consent: where required, for analytics cookies

4. AI Features

SwarmGen uses AI to assist with template building and content generation. We do not retain AI conversation content after processing. Prompts and responses are processed transiently to fulfil the request and are not stored by us once the request is complete. AI processing may be performed by third-party providers acting on our behalf.

5. Cookies and Analytics

We use two categories of cookies:

  • Essential cookies: session cookies required to keep you logged in. These cannot be disabled without affecting Service functionality.
  • Analytics cookies: we use Google Analytics to collect pseudonymised data about how visitors use the site. This data does not directly identify you. Google Analytics may set cookies including _ga and _gid.

You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on.

6. Data Storage and Security

Your account data and content are stored on infrastructure provided by Supabase (PostgreSQL database) and Cloudflare R2 (file storage). Data is encrypted in transit using TLS. Data at rest is protected using industry-standard security controls provided by our infrastructure providers. Access is restricted to authorised personnel on a need-to-know basis.

While we implement industry-standard security measures, no system is completely secure. We encourage you to use a strong, unique password and keep your credentials confidential.

7. Third-Party Services

We use trusted third-party providers to process personal data on our behalf where necessary to operate the Service, including for hosting, payment processing, and analytics. These providers are contractually required to protect your data in accordance with applicable data protection laws.

Some providers may process data outside the United Kingdom or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms, in accordance with UK GDPR.

8. Data Retention

Different types of data are retained for different periods:

  • Template thumbnails are compressed and resized before storage and may be stored in a publicly accessible location to support gallery display. They may be accessible to anyone with the direct URL. We use measures to discourage search engine indexing, but cannot guarantee they will not be discovered.
  • Rendered outputs (images and PDFs) are stored for 7 days and then automatically deleted.
  • Account data and templates are retained for as long as your account is active.
  • Billing and transaction records may be retained for up to 6 years to comply with UK legal and accounting obligations.

If you delete your account, your personal data, templates, and any remaining stored files will be deleted within 30 days, except where retention is required by law.

9. Your Rights

Under UK GDPR and other applicable laws, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict certain processing
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled improperly: ico.org.uk.

10. Children’s Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant regulators in accordance with applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. The “Last updated” date at the top of this page indicates when the policy was last revised.

13. Contact

For any questions or concerns about this Privacy Policy, please contact: [email protected]