GDPR Compliance

Last updated: December 1, 2025

1. Introduction

SwyftChat is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This document outlines our GDPR compliance measures and your rights as a data subject.

2. Legal Basis for Processing

We process your personal data based on the following legal bases:

  • Contractual Necessity: To provide our Service and fulfill our contractual obligations
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

3. Your Rights Under GDPR

As a data subject, you have the following rights:

3.1 Right to Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that personal data. You can export your data at any time through your account settings or by contacting us.

How to exercise: Use the "Export My Data" feature in your account settings, or contact us through our contact form.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your profile information at any time through your account settings.

How to exercise: Update your profile in the Account Settings page.

3.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

How to exercise: Use the "Delete My Account" feature in your account settings, or contact us through our contact form.

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., transaction records for accounting purposes).

3.4 Right to Restrict Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

How to exercise: Contact us through our contact form.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

How to exercise: Use the "Export My Data" feature in your account settings to download your data in JSON format.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

How to exercise: Contact us through our contact form.

3.7 Rights Related to Automated Decision-Making (Article 22)

We do not use automated decision-making, including profiling, that produces legal effects or significantly affects you.

4. Data Processing Agreements

We have data processing agreements (DPAs) in place with our third-party service providers who process personal data on our behalf, including:

  • Render.com (hosting infrastructure)
  • Vercel (frontend hosting)
  • Stripe (payment processing - when implemented)
  • Sentry (error tracking - when implemented)

These agreements ensure that our processors comply with GDPR requirements and only process data as instructed by us.

5. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

Notifications will include:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

6. Data Protection Officer

If you have questions or concerns about our data processing practices, please contact us through our contact form.

7. Supervisory Authority

If you are located in the EEA and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at:

European Data Protection Board - Member States

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. We ensure that such transfers comply with GDPR requirements through:

  • Standard Contractual Clauses (SCCs) with our processors
  • Adequacy decisions by the European Commission (where applicable)
  • Other appropriate safeguards as required by GDPR

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal data in accordance with our data deletion procedures, subject to any legal retention requirements.

10. Updates to This Document

We may update this GDPR compliance document from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated document on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us through our contact form.

Website: https://swyftchat.io

Return to Home | Terms of Service | Privacy Policy | Cookie Policy