Privacy Policy

V1.5 - Last edited on February 27, 2026

We're Swarm ('we', 'our', 'us'). We are a brand owned by Growth Maps Media Ltd, a UK registered company (14823630).

The privacy of your data is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data.

If you have a question about something in this policy, or want to contact our Data Protection Officer (DPO), please send us an email at privacy@growthmaps.com.

The information we hold about you, and how we use it 👱

Information you give us through the product

When you sign up for an account with us, we collect the following information:

• Personal details like your name.

• Contact details like your email.

As a community platform, we also collect and store content you create, upload, or share:

• Text content including posts, comments, messages, and profiles

• Audio recordings and voice messages you create or upload

• Video content you record or upload

• Images and media files you share

• Links and references you post

• Tags, categories, and other organizational markers you create

• Interaction data such as likes, shares, and reactions

• Community relationships such as space and group memberships

• Profile customizations and settings preferences

• Collaborative content created with other community members

For this user-generated content:

• You retain ownership rights to your original content and any content you create, upload, or share remains entirely yours

• You grant us a license to store, display, and distribute your content as part of providing our services

• Our role is to securely store and process your content so that you can use it as intended

• You can delete your content at any time, though copies may remain in our secure backup systems for up to 30 days

• Some content may be cached locally on other users' devices temporarily to improve performance

• Public content you create may be viewed by any community member

• Private content is only accessible to users you specifically authorize

• We may review content for compliance with our community guidelines

We also collect metadata about your content, such as:

• Creation and modification timestamps

• File formats and technical specifications

• Usage statistics and engagement metrics

• Distribution and sharing history

Information we collect if you get in touch

If you get in touch, we collect the following information so we can answer your questions.

• Your full name.

• The email address you use and the contents of your email (and any attachments).

• Public details from your social media profile (like Facebook, Instagram or Twitter) if you reach out to us via these platforms, and the contents of your messages or posts to us.

Information we collect or generate when you use our products

We collect information about how you use our products to help improve features. This includes:

• Details about how you use our app like login dates, number of sessions, features you utilise.

Our reasons for using your information 📃

Data protection laws say we need to have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest or consent. In this section we explain which one we rely on to use your data in a certain way.

We need to use your data for a contract we have with you, or to enter into a contract with you.

We use details about you to:

• Set up and maintain your account

• Give you access to the services we provide

• Enable you to create, share, and interact with content

• Process and display your user-generated content (text, audio, video)

• Facilitate community interactions and connections

• Send you essential messages about your account

• Investigate and resolve complaints and other issues

• Exercise our rights under contracts we've entered into with you

• Maintain platform security and integrity

When it's in our 'legitimate interest'.

We need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party's) interest and which doesn't involve overriding your privacy rights.

Community Safety and Moderation

We:

• Monitor and analyze content for compliance with community guidelines

• Detect and prevent spam, abuse, or harmful content

• Verify account authenticity and prevent impersonation

• Investigate reported violations

• Maintain logs of moderation actions for transparency

• Implement safety features to protect vulnerable users

Community Engagement

We:

• Facilitate connections between members

• Recommend relevant content and discussions

• Send notifications about interactions with your content

• Alert you to responses to your contributions

• Inform you about community events and activities

• Generate engagement metrics and insights

Product development and marketing

We:

• Tell you about products and services through our product or other channels, like social media companies, based on how you use our products and services and other information we hold about you. We may also exclude ads on this basis. We do this so we can make sure our marketing is useful. We don't share any other identifying information about you with social media companies.

• Track, analyse and improve the services we give you and other customers and how you respond to ads we show. We may ask for feedback if you've shown interest in a product feature. We do this so that we can make our products better and understand how to market them.

• Use the personal information you share with us and data you create from using the product to suggest features you'd find useful.

Consent

We'll ask for your consent to:

• Record any issues you want us to know about so we understand how to best support you.

• Tell you about our products and services by email if we think they're of interest to you.

Legal Obligations

We may need to process your data to:

• Respond to legal requests from authorities

• Comply with court orders or subpoenas

• Meet regulatory requirements

• Protect users' vital interests

• Prevent and detect fraudulent activity

• Maintain required business records

• Report illegal activities to relevant authorities

• Maintain records of processing activities in line with GDPR requirements

• Conduct data protection impact assessments for high-risk processing

For each of these purposes:

• We only process data that's necessary for the specified purpose

• We maintain detailed records of processing activities

• We regularly review and update our processing practices

• We conduct impact assessments for high-risk processing

• We apply appropriate security measures to all data processing

Who we share your data with 🌥

Companies that give services to us.

Here we mean companies that help us provide services you use, and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).

• Cloud computing and storage: Amazon Web Services (AWS) and Google Cloud Platform (including Firebase) for hosting and data storage

• Application hosting: Vercel for application deployment and content delivery

• Analytics: Google Analytics for usage tracking (anonymised data)

• Communications: Google Workspace for email, Intercom for customer support

• AI processing: OpenAI for AI-powered features (temporary processing only, not used for model training)

• Payment processing: Stripe for handling payments securely

• Companies that help us with marketing (we won't share identifiable personal data with third parties)

How long we keep your information 📁

We keep most of your data as long as you're using the product, and for 6 months after that in case you decide to return to us and need access to any of this data.

When you close your account:

• We begin deleting your personal data within 10 business days of account closure

• Some data may remain in secure backup systems for up to 30 days

• We may retain certain data longer where required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements)

Cookies and similar technologies 🍪

We use cookies and similar technologies (like local storage and session storage) to make our platform work, keep it secure, and remember your preferences.

Essential cookies

These are required for the platform to function:

• Authentication cookies: Keep you logged in and maintain your session

• Security cookies: Help protect against fraud and unauthorised access

• Stripe payment cookies (__stripe_mid, __stripe_sid): Help detect and prevent fraud during payment processing. These are required for secure transactions.

Functional cookies

These improve your experience but aren't strictly necessary:

• Intercom support cookies (intercom-device-id-[id], intercom-session-[id]): Allow our support chat to recognise returning visitors and maintain your support session. If you block these, the support tools may not work as intended.

• Preference cookies: Remember your settings and choices

Analytics cookies

We use Google Analytics to understand how people use our platform. This data is anonymised and helps us improve our services.

How to control cookies

You can control cookies through your browser or device settings. Most browsers let you refuse or delete cookies. You can also manage choices directly with third-party providers where relevant.

If you disable certain cookies, some features may not function correctly.

For more details, see our full Cookie Policy at https://swarm.to/legal/cookies.

Your rights 💖

You have a right to:

• Access the personal data we hold about you, or to get a copy of it

• Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else

• Make us correct inaccurate data

• Ask us to delete, 'block' or suppress your data, though for legal reasons we might not always be able to do it

• Say no to us using your data for direct marketing and in certain other 'legitimate interest' circumstances

• Withdraw any consent you've given us

To do any of these things, please contact us through the app or by emailing hey@swarm.to.

How we protect your data 🔐

We implement technical and organisational measures to protect your data:

Encryption

• All data stored with AWS and Google Cloud is encrypted at rest using industry-standard encryption (AES-256)

• Data in transit uses TLS 1.2 or higher for secure connections

Access controls

• Multi-factor authentication required for administrative access

• Role-based access control limiting data access to authorised personnel who need it

• Regular access reviews and audits

Backup and recovery

• Automated daily backups stored in geographically separate locations

• Recovery procedures designed to restore service within 24 hours

• Regular testing of backup and recovery processes

Security monitoring

• Continuous monitoring for potential security threats

• Defined incident response procedures

• Regular security assessments

If there's a data breach 🚨

If we become aware of a personal data breach affecting your information, we will:

• Notify the relevant supervisory authority (the ICO) within 72 hours where required by law

• Contact you directly if the breach is likely to result in a high risk to your rights and freedoms

• Take immediate steps to investigate, contain, and remediate the breach

• Document the breach and our response for regulatory compliance

Where we store or send your data 🔒

When you access our products via https://eu.swarm.to:

For EU customers using eu.swarm.to (or a white label domain directing to eu.swarm.to), we maintain strict data sovereignty by ensuring:

• All data is stored exclusively in the United Kingdom (London region) using Google Cloud (europe-west2) and AWS (eu-west-2)

• No customer data is transferred outside of the UK for routine operations

• Our backup and disaster recovery systems are also located within UK data centers

• We maintain compliance with UK GDPR and the Data Protection Act 2018

• We implement strict access controls, ensuring only authorized personnel based in the UK can access data processing systems

• Our technical infrastructure is designed to prevent unauthorized data transfers outside the UK

• We conduct regular audits to verify data remains within UK boundaries

• Any potential data transfers outside the UK (such as for essential third-party services) will only occur:

  • With explicit notification to affected customers

  • When covered by appropriate UK GDPR safeguards

  • Where we've agreed to standard data protection clauses approved by the UK Information Commissioner's Office

  • After completing Data Protection Impact Assessments (DPIAs)

We continuously monitor changes in UK data protection regulations and update our practices accordingly to maintain compliance with evolving standards.

When you access our products via https://we.swarm.to:

We may transfer and store the data we collect from you to organisations outside the UK and the European Economic Area ('EEA'). When we do this, we make sure that your data is protected and that:

• The European Commission says the country or organisation has adequate data protection, or

• We've agreed standard data protection clauses approved by the European Commission with the organisation

Additional safeguards for international transfers:

Where data is transferred internationally (for example, to sub-processors based in the US), we protect these transfers using:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• UK International Data Transfer Agreement (IDTA) where applicable

• Data Protection Impact Assessments for high-risk transfers

• Technical measures to prevent unauthorised access

If you'd like a copy of the relevant data protection clauses, please send an email to privacy@growthmaps.com.

How your data is used by AI 🤖

Our AI functionality is powered by OpenAI's API. When using OpenAI's API, your inputs (such as prompts or content) are not used for training or improving OpenAI's models. OpenAI respects user privacy and intellectual property, and API inputs are handled in a way that ensures confidentiality. This means the data we send via the OpenAI API is used solely to generate responses and is not retained or used for model improvement.

How to make a complaint 😐

If you have a complaint about how we use your personal information, please send an email to privacy@growthmaps.com and we'll do our best to fix the problem. You can also reach our Data Protection Officer in these ways.

If you're still not happy, you can refer your complaint to the UK's supervisory authority: the Information Commissioner's Office (ICO). For more details, you can visit their website at ico.org.uk.

Changes to this policy

We may update this privacy policy from time to time. When we make significant changes, we'll notify you through the platform or by email. We encourage you to review this policy periodically.