Privacy Policy

SwiftTrade (“SwiftTrade”, “we”, “us”, or “our”) is the data controller responsible for your personal data processed in connection with the SwiftTrade service (“Service”).

Contact: legal@swifttrade.app

Account data. When you register, we collect your email address and a hashed password, processed by Supabase Auth.

Subscription and billing data. When you subscribe, Stripe processes your payment details. We store the resulting Stripe customer ID, subscription ID, plan name, subscription status, and billing period dates in our database.

License data. Each active subscription generates a license key UUID. When the desktop app validates or connects using your key, we record the IP address of the connecting device and a timestamp(“last seen at”). This is used for fraud prevention and abuse detection only.

Trial data. For free-trial accounts we store a trial expiry timestamp.

We do not collect:

• Trading212 API keys or secrets.
• Your Trading212 portfolio holdings, balance, or transaction history.
• Location data beyond the IP address of your desktop connection.
• Device identifiers, hardware fingerprints, or biometric data.
• Browsing behaviour, analytics, or advertising identifiers.
• Any data about minors.

We process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)): processing your email address, subscription status, and license key is necessary to provide the Service you have subscribed to.
• Legitimate interests (Art. 6(1)(f)): recording the IP address and timestamp of desktop connections is necessary for our legitimate interest in detecting fraud, abuse, and unauthorised account sharing. This is proportionate and does not override your privacy rights.
• Legal obligation (Art. 6(1)(c)): retaining billing records for the period required by applicable tax and accounting law.

We use the following sub-processors to deliver the Service. They process your data only on our behalf and under data processing agreements:

We do not sell, rent, or share your personal data with any other third party for marketing purposes.

• Account (email, password hash): retained for the lifetime of your account, plus 30 days after deletion to allow recovery.
• Subscription and billing records: retained for 7 years from the date of the last transaction to comply with tax and accounting obligations.
• License key and IP logs: retained for 90 days on a rolling basis, then automatically purged.
• Trial expiry timestamp: deleted when the account is deleted.

When you delete your account, we delete or anonymise all personal data within 30 days, except where we are required to retain it by law (e.g. billing records under applicable accounting rules).

If you are in the European Union or EEA, you have the following rights. To exercise any of them, email legal@swifttrade.app and we will respond within 30 days.

• Right of access (Art. 15): obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16): ask us to correct inaccurate data.
• Right to erasure (Art. 17): request deletion of your data where there is no legitimate reason for continued processing.
• Right to restriction (Art. 18): ask us to restrict processing in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
• Right to lodge a complaint: you have the right to lodge a complaint with your national supervisory authority (e.g. the Commission for Personal Data Protection in Bulgaria, or your local authority in the EU).

The web portal uses the following cookies and browser storage:

• Session cookies set by Supabase Auth: required to keep you logged in. These are first-party, HttpOnly, Secure cookies and are strictly necessary to provide the Service.
• No analytics cookies, no advertising cookies, no third-party tracking.

Because we use only strictly necessary cookies, we do not display a cookie consent banner. If this changes in future, we will update this policy and seek consent where required.

Your data may be transferred to and stored in countries outside the EU/EEA (primarily the United States, where Supabase and Stripe have infrastructure). Such transfers take place under appropriate safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions where applicable.

You can request details of the specific safeguards in place by contacting legal@swifttrade.app.

We implement appropriate technical and organisational measures to protect your personal data, including:

• Passwords hashed by Supabase Auth (bcrypt).
• All web portal connections over TLS (HTTPS).
• Database access restricted via Supabase Row Level Security (RLS).
• Trading212 API keys encrypted at rest on your local machine — SwiftTrade servers never hold broker credentials.

No internet transmission or storage system is 100% secure. If you become aware of a security issue, please report it to legal@swifttrade.app immediately.

The Service is not directed at children under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with data, contact us at legal@swifttrade.app.

We may update this Privacy Policy from time to time. Material changes will be notified to your registered email address and on the Site at least 14 days before they take effect. The revised policy will be effective from the date shown at the top of this page.

For privacy questions, data subject requests, or complaints: legal@swifttrade.app