swfte.

Privacy Policy

How Swfte collects, uses, protects, and retains your information across our enterprise AI platform and products.

Info

Privacy and Data Protection — We are committed to protecting your privacy and ensuring the security of your personal information when using our enterprise AI platform. This policy explains how we handle your data across all Swfte products and services.

1. Introduction

Swfte ("we," "our," or "us") is committed to protecting your privacy and ensuring you have a positive experience when using our enterprise AI platform and services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our applications, or otherwise interact with our Services.

This policy applies to all Swfte products including Workstation, Studio, Marketplace, Connect, Embedded SDK, UpSkill, Monitor+, AvatarMe, Reachout, Inbound, and related websites, APIs, and services.

By accessing or using our Services, you acknowledge this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

Effective Date: January 1, 2025

2. Information We Collect

2.1 Account and Identity Information

When you create an account or use our Services, we may collect:

  • Contact Information: Name, email address, phone number, company name, job title, and mailing address
  • Account Credentials: Username, password (stored in hashed form), and authentication tokens
  • Professional Information: Role, department, team membership, and organizational affiliations
  • Profile Information: Profile pictures, preferences, and settings you configure

2.2 Technical and Device Information

We automatically collect certain technical information when you use our Services:

  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers
  • Network Information: IP address, internet service provider, approximate geographic location (city/country level)
  • Connection Information: Access times, session duration, pages viewed, referring URLs, and navigation paths

2.3 Usage and Interaction Data

We collect information about how you interact with our Services:

  • Platform Usage: Features used, actions taken, agents deployed, workflows created, and configurations set
  • Performance Data: Response times, error logs, and system performance metrics
  • Collaboration Data: Team interactions, shared resources, and collaboration patterns (metadata only)

2.4 Customer Data and Content

Depending on which products you use, we may process:

  • Prompts and Inputs: Text, voice, and other inputs you provide to AI agents and workflows
  • Documents and Files: Files you upload for processing, training, or analysis
  • Generated Outputs: AI-generated responses, content, avatars, and other outputs
  • Training Content: Materials processed through UpSkill for learning generation
  • Communication Data: Messages processed through Reachout or Inbound products

2.5 Integration Data

When you connect third-party services:

  • Authentication Tokens: OAuth tokens and API keys for connected services (stored encrypted)
  • Integration Metadata: Connection status, sync history, and integration configurations
  • Accessed Data: Data retrieved from connected systems as necessary to provide integration functionality

2.6 Payment Information

For paid subscriptions:

  • Billing Details: Billing name, address, and payment method information
  • Transaction History: Subscription plans, payment amounts, and invoice history

Note: Credit card numbers and sensitive payment details are processed by our payment processors (such as Stripe) and are not stored on our systems.

2.7 Communications

  • Support Communications: Messages, tickets, and conversations with our support team
  • Marketing Preferences: Email subscription preferences and communication history
  • Feedback: Product feedback, survey responses, and feature requests you submit

3. How We Collect Information

3.1 Direct Collection

  • Information you provide when creating an account, configuring settings, or using features
  • Content you upload, submit, or generate through the Services
  • Communications you send to us or through our Services

3.2 Automated Collection

  • Cookies, web beacons, pixels, and similar tracking technologies (see our Cookie Policy)
  • Server logs and analytics tools
  • Software development kits (SDKs) in our desktop and mobile applications

3.3 Third-Party Sources

  • Single sign-on providers (Google, Microsoft, Okta, etc.) when you authenticate
  • Connected integrations and applications you authorize
  • Public business directories and databases for business contact information
  • Analytics and advertising partners

4. How We Use Your Information

We use collected information for the following purposes:

4.1 Providing and Operating Services

  • Creating and managing your account
  • Authenticating your identity and authorizing access
  • Processing AI requests and generating outputs
  • Executing workflows, agents, and automations
  • Providing features across all Swfte products
  • Processing payments and managing subscriptions

4.2 Improving and Developing Services

  • Analyzing usage patterns to improve functionality and user experience
  • Developing new features and products
  • Training and improving our AI models (see Section 7 for details)
  • Conducting research and generating aggregated insights
  • Testing and debugging the Services

4.3 Personalizing Your Experience

  • Customizing content and recommendations
  • Remembering your preferences and settings
  • Providing relevant suggestions based on your usage

4.4 Communication

  • Sending service-related notifications (security alerts, maintenance notices, feature updates)
  • Responding to your inquiries and support requests
  • Sending marketing communications (with your consent where required)
  • Conducting surveys and requesting feedback

4.5 Security and Compliance

  • Detecting, preventing, and investigating fraud, abuse, and security incidents
  • Enforcing our Terms of Service and acceptable use policies
  • Complying with legal obligations and responding to legal requests
  • Maintaining audit logs for security and compliance purposes

4.6 Business Operations

  • Managing our business relationship with you
  • Administering billing and payments
  • Conducting analytics and business intelligence
  • Fulfilling contractual obligations

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

5.1 Performance of Contract

Processing necessary to provide the Services you have requested, including:

  • Account creation and management
  • Service delivery and feature functionality
  • Payment processing
  • Customer support

5.2 Legitimate Interests

Processing necessary for our legitimate business interests, provided those interests are not overridden by your rights:

  • Improving and developing our Services
  • Ensuring security and preventing fraud
  • Marketing our Services to business contacts
  • Analytics and business intelligence

5.3 Legal Obligation

Processing necessary to comply with legal requirements:

  • Responding to valid legal requests
  • Meeting regulatory requirements
  • Tax and accounting obligations

5.4 Consent

Processing based on your explicit consent:

  • Marketing communications (where consent is required)
  • Optional data sharing features
  • Certain cookies and tracking technologies

You may withdraw consent at any time by contacting us or adjusting your settings.

6. AI-Specific Data Practices

6.1 Processing Customer Data for AI Features

When you use AI features across our products (Studio, Workstation, Marketplace agents, Embedded SDK, etc.):

  • Your prompts and inputs are sent to AI model providers to generate responses
  • We may cache responses to improve performance and reduce costs
  • Conversation context may be retained during sessions to enable multi-turn interactions

6.2 Third-Party AI Model Providers

We integrate with various AI model providers (such as OpenAI, Anthropic, Google, and others) through our Connect gateway. When using these providers:

  • Your inputs and outputs are transmitted to and processed by the selected providers
  • Third-party providers have their own privacy policies and data handling practices
  • We implement technical measures to protect data in transit
  • You can configure routing preferences in Connect settings

6.3 Model Training

Customer Data Protection: By default, we do not use your Customer Data (prompts, documents, outputs) to train foundational AI models.

Aggregated Insights: We may use de-identified, aggregated data to improve our Services, including:

  • Performance optimization
  • Quality assessment
  • Feature development
  • Benchmarking

Opt-in Improvement Programs: With your consent, you may participate in improvement programs where your feedback contributes to service enhancement.

6.4 AvatarMe and Synthetic Media

When using AvatarMe or similar features:

  • Uploaded images, voices, and likenesses are processed to create digital avatars
  • Generated avatar content may be stored for your continued use
  • You retain responsibility for obtaining necessary consents from depicted individuals
  • We may retain generated content as necessary to provide the service

6.5 Communication Products (Reachout and Inbound)

For automated communication features:

  • Contact information you provide is used to deliver communications
  • Interaction data (opens, clicks, responses) may be collected for analytics
  • Communication logs are retained per your configuration
  • We comply with applicable anti-spam and telecommunications regulations

7. Information Sharing and Disclosure

We may share your information in the following circumstances:

7.1 Service Providers

We engage third-party service providers to perform functions on our behalf:

  • Cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure)
  • AI model providers (OpenAI, Anthropic, Google, and others)
  • Payment processors (Stripe)
  • Analytics providers
  • Customer support platforms
  • Email and communication services

Service providers are contractually bound to protect your information and use it only for authorized purposes.

7.2 Connected Integrations

When you enable integrations with third-party services, data is shared as necessary to provide the integration functionality. You control which integrations are enabled and can revoke access at any time.

7.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices.

7.4 Legal Requirements

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal process
  • Respond to valid governmental requests
  • Protect the rights, property, or safety of Swfte, our users, or the public
  • Enforce our Terms of Service

7.5 With Your Consent

We may share information with third parties when you provide explicit consent or direct us to do so.

7.6 Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot reasonably identify you for any purpose, including research, analytics, and marketing.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We take appropriate safeguards to ensure your information remains protected:

8.1 Transfer Mechanisms

For transfers from the EEA, UK, or Switzerland:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with service providers
  • Adequacy Decisions: Where applicable, we rely on EU adequacy decisions
  • Supplementary Measures: We implement technical and organizational safeguards

8.2 US Data Processing

Certain data processing occurs in the United States. We implement appropriate protections as required by applicable law.

9. Data Security

We implement comprehensive security measures to protect your information:

9.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control and least-privilege principles
  • Authentication: Multi-factor authentication, SSO support, and secure session management
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Monitoring: Continuous security monitoring and anomaly detection

9.2 Organizational Safeguards

  • Employee Training: Regular security awareness training
  • Background Checks: Screening of personnel with data access
  • Access Reviews: Regular review and audit of access permissions
  • Incident Response: Documented incident response procedures

9.3 Certifications and Compliance

  • SOC 2 Type II: Annual third-party audit of security controls
  • GDPR Compliance: Adherence to EU data protection requirements
  • HIPAA Ready: BAA available for qualifying enterprise customers

9.4 Security Limitations

Despite our safeguards, no method of transmission or storage is completely secure. You acknowledge this inherent risk. If you discover a security vulnerability, please report it to security@swfte.com.

10. Data Retention

10.1 Retention Periods

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy:

Data CategoryRetention Period
Account informationDuration of account plus 3 years
Usage logs and analytics2 years
Customer Data (prompts, outputs)Per your subscription settings, typically 90 days by default
Support communications5 years
Billing and payment records7 years (legal requirement)
Marketing communicationsUntil unsubscribe plus 1 year
Security and audit logs2 years

10.2 Extended Retention

We may retain information longer when:

  • Required by law, regulation, or legal proceedings
  • Necessary to resolve disputes or enforce agreements
  • Required for security investigations
  • You request extended retention (enterprise customers)

10.3 Deletion

Upon account termination or upon your request:

  • We will delete or anonymize your personal information within 30 days
  • Some information may be retained in backups for up to 90 days
  • Certain information may be retained as required by law

11. Your Privacy Rights

11.1 Rights for All Users

Regardless of your location, you may:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Export: Request a portable copy of your data
  • Communication Preferences: Opt out of marketing communications

11.2 EEA, UK, and Switzerland Residents (GDPR)

Under GDPR, you additionally have the right to:

  • Restriction: Request restriction of processing
  • Objection: Object to processing based on legitimate interests
  • Automated Decisions: Not be subject to decisions based solely on automated processing
  • Withdraw Consent: Withdraw consent where processing is based on consent
  • Complaint: Lodge a complaint with a supervisory authority

11.3 California Residents (CCPA/CPRA)

California residents have the right to:

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of personal information
  • Correct: Request correction of inaccurate personal information
  • Opt-Out of Sale/Sharing: Opt out of sale or sharing of personal information
  • Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights

Notice of Collection: We collect the categories of personal information described in Section 2.

Sale and Sharing: We do not sell personal information. We may share personal information with third parties for targeted advertising (you may opt out).

Sensitive Personal Information: We do not use sensitive personal information for purposes other than providing our Services.

11.4 Other Jurisdictions

Residents of other jurisdictions may have additional rights under local law. Contact us to exercise your rights.

11.5 Exercising Your Rights

To exercise your privacy rights:

We will verify your identity before processing requests. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

12. Children's Privacy

Our Services are not directed to children under the age of 16 (or 13 in the United States where COPPA applies). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at privacy@swfte.com. We will promptly delete such information.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the bottom of this policy
  • For material changes, we will provide prominent notice (such as email notification or a banner in the Services)
  • Continued use after the effective date constitutes acceptance

We encourage you to review this policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

  • Email: privacy@swfte.com
  • Data Protection Officer: dpo@swfte.com
  • Postal Address: Swfte Limited, 6th Floor, 2 Grand Canal Square, Dublin 2, D02 A342, Ireland

EU Representative

For users in the European Union, our EU representative can be contacted at the address above (Dublin, Ireland).

UK Representative

For users in the United Kingdom, contact privacy@swfte.com for UK representative details.

16. Additional Information by Product

16.1 Workstation

  • Local data stored on your device for offline functionality
  • Sync data transmitted when online for backup and collaboration
  • Desktop usage analytics collected for product improvement

16.2 Studio

  • Workflow configurations and agent definitions stored in your workspace
  • Testing and debugging data retained per your settings
  • Observability logs collected for monitoring and troubleshooting

16.3 Marketplace

  • Published agent and template metadata displayed publicly
  • Usage statistics collected for recommendations and rankings
  • Publisher information displayed as part of listings

16.4 Connect

  • API request/response metadata collected for routing and analytics
  • Request payloads transmitted to selected model providers
  • Cost and usage metrics collected for billing and optimization

16.5 Embedded SDK

  • SDK usage data collected for metering and analytics
  • End-user interactions collected as configured by the implementing developer
  • Implementing developers are responsible for their own privacy disclosures

16.6 UpSkill

  • Training documents processed to generate learning content
  • Learner progress and assessment data collected
  • Completion certificates and credentials stored

16.7 AvatarMe

  • Uploaded media (photos, voices) processed for avatar creation
  • Generated avatar content stored for your use
  • Consent records maintained for depicted individuals (where provided)

16.8 Reachout and Inbound

  • Contact lists and communication templates stored
  • Delivery and engagement metrics collected
  • Communication logs retained per configuration

Last Updated: January 1, 2025