Privacy Policy

Effective Date: April 5, 2026  |  Last Updated: April 5, 2026

SWFT ("we," "us," or "our") operates the SWFT platform at goswft.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account or use our Service, we may collect:

• Account information: name, email address, phone number, business name, and password.
• Customer data: names, email addresses, phone numbers, and physical addresses of your customers that you enter into the platform.
• Payment information: billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
• Communications: SMS messages sent through Twilio, emails sent through Gmail API integration, and in-app messages.
• Job and business data: quotes, invoices, job details, scheduling information, photos, and notes.
• AI interactions: messages and prompts you send to our AI chat feature.

1.2 Information Collected Automatically

• Usage data: pages visited, features used, click patterns, session duration, and interaction data.
• Device information: browser type, operating system, device type, screen resolution, and IP address.
• Cookies and similar technologies: we use cookies, localStorage, and sessionStorage to maintain your session, authenticate your account, and analyze usage patterns. See our Cookie Policy for details.

1.3 Information from Third-Party Integrations

When you connect third-party services, we may receive data from those services:

• Google (Gmail, Calendar): email content and calendar events you authorize us to access.
• QuickBooks: financial and accounting data you authorize us to sync.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and send billing-related communications via Stripe.
• Send SMS messages on your behalf via Twilio.
• Send and receive emails on your behalf via Gmail API integration.
• Sync scheduling data with Google Calendar.
• Sync financial data with QuickBooks when authorized.
• Power AI-assisted features using Anthropic Claude to help you draft messages, generate quotes, and manage your business.
• Analyze usage patterns and improve the Service using Google Analytics and Firebase Analytics.
• Communicate with you about your account, updates, and support requests.
• Detect, prevent, and address fraud, abuse, or technical issues.
• Comply with legal obligations.

3. Third-Party Services

We share data with the following third-party service providers, each of which has its own privacy policy:

• Stripe — payment processing. Stripe Privacy Policy
• Twilio — SMS messaging. Twilio Privacy Policy
• Google (Firebase, Gmail API, Google Calendar, Google Analytics) — authentication, email, scheduling, and analytics. Google Privacy Policy
• Anthropic — AI chat and content generation via Claude. Anthropic Privacy Policy
• Square — additional payment processing. Square Privacy Policy

We only share the minimum data necessary for each service to function. We do not sell your personal information to third parties.

4. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

• Essential cookies: Firebase Authentication cookies to keep you signed in and manage your session.
• Analytics cookies: Google Analytics (Measurement ID: G-B8BEW7E87V) to understand how users interact with the Service.
• Payment cookies: Stripe sets cookies to enable secure payment processing and fraud prevention.
• Local storage: we use localStorage and sessionStorage in your browser to store application state and preferences.

For more information, see our Cookie Policy.

5. SMS/TCPA Compliance

Our Service enables you to send SMS messages to your customers via Twilio. In connection with this feature:

• You are responsible for obtaining proper consent from your customers before sending them SMS messages, as required by the Telephone Consumer Protection Act (TCPA) and applicable state laws.
• All SMS recipients must have the ability to opt out of receiving messages. Standard "STOP" opt-out functionality is supported.
• Message and data rates may apply. Message frequency varies based on your usage.
• We do not send marketing SMS messages on our own behalf to your customers without your direction.
• You agree to comply with all applicable laws and regulations governing SMS communications, including the TCPA, CAN-SPAM Act, and any applicable state consumer protection laws.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: retained while your account is active and for a reasonable period thereafter for legal and business purposes.
• Customer data: retained as long as your account is active. When you delete your account, your customer data is permanently deleted.
• Usage and analytics data: retained in aggregated, anonymized form and may be kept indefinitely for analytical purposes.
• Payment records: retained as required by applicable tax and financial regulations.

You may delete your account at any time through the account settings within the Service. Upon account deletion, we will permanently remove your personal data and customer data from our active systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently purged.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete personal data.
• Deletion: request that we delete your personal data (you may also use the delete account feature in the app).
• Portability: request a machine-readable copy of your data.
• Objection: object to certain processing of your personal data.

To exercise any of these rights, contact us at ethan@goswft.com. We will respond to your request within 30 days.

8. California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know: you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: you may request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: we do not sell personal information. If this changes, we will provide an opt-out mechanism.
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at ethan@goswft.com. We may ask you to verify your identity before processing your request.

9. EU Residents — GDPR Rights

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with the following rights:

• Lawful basis: we process your data based on contractual necessity (to provide the Service), legitimate interest (to improve and secure the Service), and consent (where applicable, such as for marketing communications).
• Right of access: obtain confirmation that your data is being processed and request a copy.
• Right to rectification: request correction of inaccurate data.
• Right to erasure: request deletion of your data under certain circumstances.
• Right to restrict processing: request that we limit how we use your data.
• Right to data portability: receive your data in a structured, commonly used format.
• Right to object: object to processing based on legitimate interest.
• Right to withdraw consent: withdraw consent at any time where processing is based on consent.

To exercise your GDPR rights, contact us at ethan@goswft.com. You also have the right to lodge a complaint with a supervisory authority in your member state.

10. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Firebase Authentication for secure account management.
• Role-based access controls.
• Regular security reviews.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at ethan@goswft.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the Service. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13. Contact Us