Privacy Policy

Last updated: 27 March 2026

1. Data controller

Controller: Swipelijk
KvK: 99851881
Address: Haarlem, Netherlands
Email: privacy@swipelijk.com (privacy requests)

EEA/UK users may lodge complaints with supervisory authorities:

  • Netherlands: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)
  • EEA list: edpb.europa.eu/about-edpb/members
  • UK: ICO (ico.org.uk)

We encourage you to contact us first so we can resolve concerns quickly.

2. What we collect

  • Account data: email address, auth identifiers, and optional profile details such as name, nickname, or location.
  • Learning data: progress, completed lessons, scores, streaks, exam date, and other study activity needed to run the service.
  • Subscription data: plan, entitlement status, billing metadata, and purchase state needed to unlock Premium correctly.
  • User content: text you submit in forms such as support requests, bug reports, and, on supported app features, writing or speaking practice responses.
  • Technical and diagnostic data: session data, cookies or local storage, device/browser information, reliability logs, and app crash or error events used to keep the service secure and stable.

Some features are platform-specific. For example, the iOS app may use Apple speech recognition, local notifications, App Store purchases, RevenueCat entitlement syncing, crash reporting, and AI feedback flows that are not used on the public web experience.

3. Legal basis (GDPR)

  • Contract: to provide account access and learning services.
  • Consent: for non-essential cookies/storage and optional communications, and where we ask you before using optional AI feedback features.
  • Legitimate interests: security, fraud prevention, product reliability.
  • Legal obligation: where required for tax/accounting/compliance.

4. Data processors and purposes

  • Supabase (EU Ireland): authentication and database storage.
  • Stripe: payment processing, billing, invoices, and subscription lifecycle for web purchases.
  • Apple: payment processing and subscription management for App Store purchases made in the iOS app.
  • RevenueCat: subscription entitlement processing and syncing for the iOS app.
  • OpenAI: text processing for premium AI feedback features in supported app experiences.
  • Sentry: error and crash monitoring to help us diagnose and fix technical issues.
  • Vercel: hosting and infrastructure delivery.
  • Resend: transactional email delivery.
  • Vercel Analytics (if consented): product usage analytics.

Processors may process data in the EEA and, where needed, outside the EEA with appropriate safeguards.

5. Platform-specific notes

  • Website: the website does not use the iOS app's local notification or App Store purchase flows.
  • iOS speech features: when you use speaking practice in the iOS app, microphone input is used to create a text transcript for the exercise. We do not intentionally store raw voice recordings in our own backend.
  • iOS AI feedback: on supported premium app features, writing responses and text transcripts may be sent through Swipelijk-controlled backend services and on to OpenAI to generate feedback when you choose to use AI feedback.
  • Crash diagnostics: when enabled in the app build, technical crash and error data may be processed through Sentry so we can investigate failures and improve reliability.
  • Support and bug reports: if you contact support or report a bug, we process the message content you send to investigate and respond.

6. Data retention

We keep personal data as long as needed for service delivery, legal obligations, and dispute handling. Account deletion requests trigger deletion or anonymization within a reasonable period, except where legally required retention applies.

7. Your rights (GDPR / UK GDPR)

  • Access, rectification, erasure, and restriction.
  • Data portability and objection.
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with your supervisory authority.

To exercise rights: privacy@swipelijk.com.

8. Data security

We use access controls, managed infrastructure, encrypted transport (HTTPS), and processor-level safeguards to protect data. No internet service is 100% secure, but we continuously improve security controls.

9. Third-party links

Our site may include links to third-party websites. We are not responsible for their privacy practices.

10. Cookies and local storage

See our Cookie Policy for details on essential and consent-based storage.

11. Contact

For privacy requests and GDPR rights: privacy@swipelijk.com. For general support, contact support@swipelijk.com. For billing questions, contact billing@swipelijk.com.

Back home