Swfte Limited is committed to protecting your privacy and ensuring you have a positive experience when using our enterprise AI platform and services. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website, use our applications, or otherwise interact with our Services.
1. Introduction
This Privacy Policy ("Policy") describes the data practices of Swfte Limited ("Swfte," "we," "our," or "us"). It applies to all Swfte products and services, including Workstation, Studio, Marketplace, Connect, Embedded SDK, UpSkill, Monitor+, AvatarMe, Reachout, Inbound, and all related websites, APIs, and services (collectively, the "Services").
By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with our data practices, please do not use the Services.
This Policy is effective as of January 1, 2025.
2. Information We Collect
2.1 Account and Identity Information
When you create an account or use the Services, we collect contact information such as your name, email address, phone number, company name, job title, and mailing address. We also collect account credentials, including your username, password (stored in hashed form), and authentication tokens, as well as professional information such as your role, department, team membership, and organizational affiliations. You may also choose to provide profile information, including profile pictures, preferences, and other settings.
2.2 Technical and Device Information
We automatically collect certain technical information when you access or use the Services. This includes device information such as device type, operating system, browser type and version, screen resolution, and device identifiers; network information such as IP address, internet service provider, and approximate geographic location at the city or country level; and connection information such as access times, session duration, pages viewed, referring URLs, and navigation paths.
2.3 Usage and Interaction Data
We collect information about how you interact with the Services, including platform usage data such as features used, actions taken, agents deployed, workflows created, and configurations set. We also collect performance data including response times, error logs, and system performance metrics, as well as collaboration metadata regarding team interactions, shared resources, and collaboration patterns. We collect metadata regarding collaboration activity, not the substantive content of your communications.
2.4 Customer Data and Content
Depending on which products you use, we may process prompts and inputs (text, voice, and other inputs you provide to AI agents and workflows), documents and files that you upload for processing, training, or analysis, generated outputs including AI-generated responses, content, avatars, and other results, training content processed through UpSkill for learning generation, and communication data processed through Reachout or Inbound.
2.5 Integration Data
When you connect third-party services through the platform, we may collect and store authentication tokens and API keys for connected services (stored in encrypted form), integration metadata such as connection status, sync history, and integration configurations, and data accessed from connected systems as necessary to provide the integration functionality.
2.6 Payment Information
For paid subscriptions, we collect billing details including billing name, address, and payment method information, as well as transaction history including subscription plans, payment amounts, and invoice records. Credit card numbers and sensitive payment details are processed directly by our payment processors (such as Stripe) and are not stored on Swfte systems.
2.7 Communications
We collect information from your interactions with us, including support communications such as messages, tickets, and conversations with our support team; marketing preferences including email subscription settings and communication history; and feedback you voluntarily provide, such as product feedback, survey responses, and feature requests.
3. How We Collect Information
3.1 Direct Collection
We collect information that you provide directly when creating an account, configuring settings, or using the features of the Services. This includes content you upload, submit, or generate through the Services, as well as communications you send to us or through our platform.
3.2 Automated Collection
We collect information automatically through cookies, web beacons, pixels, and similar tracking technologies (as described in our Cookie Policy), server logs and analytics tools, and software development kits embedded in our desktop and mobile applications.
3.3 Third-Party Sources
We may receive information from third-party sources, including single sign-on providers (such as Google, Microsoft, and Okta) when you authenticate using their services, connected integrations and applications that you authorize, public business directories and databases for business contact information, and analytics and advertising partners.
4. How We Use Your Information
4.1 Providing and Operating Services
We use your information to create and manage your account, authenticate your identity and authorize access, process AI requests and generate outputs, execute workflows, agents, and automations, deliver features across all Swfte products, and process payments and manage subscriptions.
4.2 Improving and Developing Services
We use your information to analyze usage patterns and improve functionality and user experience, develop new features and products, improve our AI capabilities (see Section 6 for specific details regarding AI-related data practices), conduct research and generate aggregated insights, and test and debug the Services.
4.3 Personalizing Your Experience
We use your information to customize content and recommendations, remember your preferences and settings across sessions, and provide relevant suggestions based on your usage patterns and activity.
4.4 Communication
We use your information to send service-related notifications, including security alerts, maintenance notices, and feature updates; to respond to your inquiries and support requests; to send marketing communications where you have provided consent or where otherwise permitted by applicable law; and to conduct surveys and solicit feedback regarding the Services.
4.5 Security and Compliance
We use your information to detect, prevent, and investigate fraud, abuse, and security incidents; to enforce our Terms of Service and acceptable use policies; to comply with applicable legal obligations and respond to valid legal requests; and to maintain audit logs for security, regulatory, and compliance purposes.
4.6 Business Operations
We use your information to manage our business relationship with you, administer billing and payment processing, conduct analytics and business intelligence, and fulfill our contractual obligations.
5. Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data on the following legal bases.
5.1 Performance of Contract
We process personal data where necessary to perform our contractual obligations to you, including account creation and management, delivery of the Services and their features, payment processing, and customer support.
5.2 Legitimate Interests
We process personal data where necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms. These interests include improving and developing the Services, ensuring the security of our platform and preventing fraud, marketing the Services to business contacts, and conducting analytics and business intelligence.
5.3 Legal Obligation
We process personal data where necessary to comply with legal requirements, including responding to valid legal process and governmental requests, meeting regulatory and reporting obligations, and fulfilling tax and accounting requirements.
5.4 Consent
We process certain personal data on the basis of your explicit consent, including the sending of marketing communications where consent is required under applicable law, optional data sharing features that you elect to enable, and certain cookies and tracking technologies as described in our Cookie Policy. You may withdraw your consent at any time by contacting us at privacy@swfte.com or by adjusting the relevant settings in your account. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.
6. AI-Specific Data Practices
6.1 Processing Customer Data for AI Features
When you use AI features across the Services — including Studio, Workstation, Marketplace agents, Embedded SDK, and Connect — your prompts and inputs are transmitted to AI model providers to generate responses. We may cache responses to improve performance and reduce latency. Conversation context may be retained during active sessions to enable multi-turn interactions.
6.2 Third-Party AI Model Providers
We integrate with various AI model providers (such as OpenAI, Anthropic, Google, and others) through our Connect gateway. When requests are routed to these providers, your inputs and the resulting outputs are transmitted to and processed by the selected provider in accordance with its own privacy practices. We implement technical measures to protect data in transit, and you may configure provider routing preferences through Connect settings.
6.3 Model Training
Customer Data Protection. By default, Swfte does not use your Customer Data — including prompts, documents, and outputs — to train foundational AI models.
Aggregated Insights. We may use de-identified, aggregated data to improve the Services, including for performance optimization, quality assessment, feature development, and benchmarking. Such data does not identify any individual user or organization.
Opt-in Improvement Programs. With your express consent, you may participate in improvement programs in which your feedback and usage data contribute to service enhancement.
6.4 AvatarMe and Synthetic Media
When you use AvatarMe or similar features, uploaded images, voices, and likenesses are processed to create digital avatars, and generated avatar content may be stored for your continued use. You are responsible for obtaining all necessary consents from individuals whose likeness is used. Swfte may retain generated content for the duration necessary to provide the service.
6.5 Communication Products (Reachout and Inbound)
For automated communication features, contact information you provide is used solely to deliver the communications you configure. Interaction data — including opens, clicks, and responses — may be collected for analytics purposes. Communication logs are retained in accordance with your configuration settings. Swfte complies with applicable anti-spam and telecommunications regulations.
7. Information Sharing and Disclosure
7.1 Service Providers
We engage third-party service providers to perform functions on our behalf, including cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure), AI model providers (OpenAI, Anthropic, Google, and others), payment processors (Stripe), analytics providers, customer support platforms, and email and communication services. All service providers are contractually bound to protect your information and to use it solely for the purposes for which it was disclosed.
7.2 Connected Integrations
When you enable integrations with third-party services, data is shared with those services to the extent necessary to provide the integration functionality. You control which integrations are enabled and may revoke access at any time through your account settings.
7.3 Business Transfers
In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of Swfte's assets, your information may be transferred to the acquiring or successor entity. We will provide notice of any such transfer and inform you of your choices regarding your information.
7.4 Legal Requirements
We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable laws, regulations, or valid legal process; to respond to lawful requests from governmental authorities; to protect the rights, property, or safety of Swfte, our users, or the public; or to enforce our Terms of Service.
7.5 With Your Consent
We may share your information with third parties when you provide explicit consent or specifically direct us to do so.
7.6 Aggregated and De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you for any lawful purpose, including research, analytics, marketing, and industry benchmarking.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.
8.1 Transfer Mechanisms
For transfers of personal data from the EEA, United Kingdom, or Switzerland to jurisdictions not recognized as providing an adequate level of data protection, we rely on approved transfer mechanisms, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions issued by the European Commission where applicable, and supplementary technical and organizational measures designed to ensure that your information remains protected.
8.2 US Data Processing
Certain aspects of the Services involve data processing in the United States. We implement appropriate safeguards as required by applicable law to protect personal data transferred to the United States.
9. Data Security
9.1 Technical Safeguards
We implement comprehensive technical security measures to protect your information, including encryption of data in transit using TLS 1.3 and at rest using AES-256, role-based access controls and least-privilege access principles, multi-factor authentication and secure session management, network security including firewalls, intrusion detection systems, and DDoS protection, and continuous security monitoring and anomaly detection.
9.2 Organizational Safeguards
We maintain organizational safeguards including regular security awareness training for all personnel, background screening of employees with access to personal data, periodic reviews and audits of access permissions, and documented incident response procedures.
9.3 Certifications and Compliance
Swfte maintains SOC 2 Type II certification, which is subject to annual third-party audit. We adhere to GDPR requirements for the protection of personal data of EEA, UK, and Swiss residents. Business Associate Agreements (BAAs) are available for qualifying enterprise customers that require HIPAA compliance.
9.4 Security Limitations
Despite our safeguards, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you acknowledge this inherent risk. If you discover a security vulnerability affecting the Services, please report it promptly to security@swfte.com.
10. Data Retention
10.1 Retention Periods
We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Policy. The following table sets forth our standard retention periods by data category:
| Data Category | Retention Period |
|---|---|
| Account information | Duration of account plus 3 years |
| Usage logs and analytics | 2 years |
| Customer Data (prompts, outputs) | Per your subscription settings, typically 90 days by default |
| Support communications | 5 years |
| Billing and payment records | 7 years (legal requirement) |
| Marketing communications | Until unsubscribe plus 1 year |
| Security and audit logs | 2 years |
10.2 Extended Retention
We may retain information beyond the periods stated above where required by applicable law, regulation, or legal proceedings; where necessary to resolve disputes or enforce agreements; where required for ongoing security investigations; or where you or your organization requests extended retention under an enterprise agreement.
10.3 Deletion
Upon account termination or upon receipt of a valid deletion request, we will delete or anonymize your personal information within thirty (30) days. Certain information may be retained in encrypted backups for up to ninety (90) days following deletion from our active systems. Information that we are legally required to retain will be maintained for the applicable statutory period.
11. Your Privacy Rights
11.1 Rights for All Users
Regardless of your location, you may (a) request access to a copy of the personal information we hold about you; (b) request correction of inaccurate or incomplete information; (c) request deletion of your personal information; (d) request a portable copy of your data in a commonly used, machine-readable format; and (e) opt out of marketing communications at any time.
11.2 EEA, UK, and Switzerland Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation and equivalent legislation. These include the right to request restriction of processing of your personal data, the right to object to processing based on our legitimate interests, the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, the right to withdraw consent at any time where processing is based on consent, and the right to lodge a complaint with a supervisory authority in your jurisdiction.
11.3 California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act afford you additional rights, including the right to know what personal information has been collected, used, and disclosed; the right to request deletion of your personal information; the right to request correction of inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right to non-discrimination for exercising your privacy rights.
Notice of Collection. We collect the categories of personal information described in Section 2 of this Policy.
Sale and Sharing. Swfte does not sell personal information as defined under the CCPA. We may share personal information with third-party advertising partners for purposes of targeted advertising, which you may opt out of.
Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes other than providing the Services as described in this Policy.
11.4 Other Jurisdictions
Residents of other jurisdictions may have additional privacy rights under local law. Please contact us at privacy@swfte.com to inquire about and exercise your rights.
11.5 Exercising Your Rights
You may exercise your privacy rights by using the privacy controls available in your account settings, by contacting us at privacy@swfte.com, or by submitting a request at swfte.com/privacy-request. We will verify your identity before processing any request. We will respond within the timeframe required by applicable law — typically thirty (30) days under the GDPR and forty-five (45) days under the CCPA.
12. Children's Privacy
The Services are not directed to children under the age of sixteen (16), or under thirteen (13) in the United States where the Children's Online Privacy Protection Act (COPPA) applies. We do not knowingly collect personal information from children. If you believe that we have inadvertently collected information from a child, please contact us immediately at privacy@swfte.com, and we will take prompt steps to delete such information.
13. Third-Party Links and Services
The Services may contain links to third-party websites, applications, and services that are not operated or controlled by Swfte. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing any personal information.
14. Changes to This Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the end of this Policy. For material changes, we will provide prominent notice, such as an email notification or a banner within the Services. Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the revised terms.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Privacy Inquiries: privacy@swfte.com Data Protection Officer: dpo@swfte.com Postal Address: Swfte Limited, 6th Floor, 2 Grand Canal Square, Dublin 2, D02 A342, Ireland
EU Representative
For individuals in the European Union, our EU representative can be contacted at the Dublin address listed above.
UK Representative
For individuals in the United Kingdom, please contact privacy@swfte.com for UK representative details.
16. Additional Information by Product
16.1 Workstation
Workstation stores data locally on your device to enable offline functionality. When your device is online, data may be synchronized to Swfte's servers for backup and collaboration purposes. Anonymous desktop usage analytics are collected for product improvement and may be disabled in Workstation's settings.
16.2 Studio
Workflow configurations and agent definitions are stored within your workspace. Testing and debugging data is retained in accordance with your account settings. Observability logs are collected to support monitoring and troubleshooting.
16.3 Marketplace
Metadata associated with published agents and templates — including descriptions, categories, and publisher information — is displayed publicly within the Marketplace. Usage statistics are collected for recommendation and ranking purposes.
16.4 Connect
API request and response metadata is collected for routing, analytics, and billing purposes. Request payloads are transmitted to the AI model providers you select. Cost and usage metrics are collected for billing, optimization, and reporting.
16.5 Embedded SDK
SDK usage data is collected for metering, billing, and analytics purposes. End-user interactions are collected as configured by the implementing developer. Developers who integrate the Embedded SDK into their applications are responsible for providing their own privacy disclosures to their end users.
16.6 UpSkill
Training documents uploaded to UpSkill are processed to generate learning content. Learner progress and assessment data are collected to support the training experience. Completion certificates and credentials are stored within the platform.
16.7 AvatarMe
Uploaded media, including photographs and voice recordings, are processed to create digital avatars. Generated avatar content is stored for your continued use. Where you provide consent records for depicted individuals, those records are maintained within the platform.
16.8 Reachout and Inbound
Contact lists and communication templates are stored within the platform. Delivery and engagement metrics, including open rates, click-through rates, and response data, are collected for analytics. Communication logs are retained in accordance with your configuration settings.