Privacy Policy

1. Introduction

Swarmify (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, swarmify.com, and our services (collectively, the “Service”).

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable privacy laws.

By using the Service, you acknowledge the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically, and information we obtain from third-party sources.

A. Information You Provide to Us:

• Account Information: When you register for an account, we collect your name, email address, password, and contact information.
• Payment Information: When you make a purchase, we collect payment information through our secure payment processor. This may include your name, billing address, and credit card details. We do not store your full credit card information on our servers.
• Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.

B. Information We Collect Automatically:

• Log and Usage Data: We collect information about your use of the Service, including your IP address, browser type, operating system, referring URLs, pages viewed, and access times.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service. See Section 2.C below for a categorized description of cookies used and their consent status.
• IP-based Country Detection: On first visit to our marketing site, we make a request to api.country.is (a third-party geolocation service) to detect your country. This is used solely to determine whether to display our consent banner (shown to visitors in the EU, UK, EEA, and Switzerland). No personal data is stored from this lookup; the resolved country code is held in your browser’s localStorage to avoid repeat requests.
• Abuse and Fraud Detection (reCAPTCHA Enterprise): Our contact form and our paid checkout use Google reCAPTCHA Enterprise to detect automated abuse and payment fraud. This loads scripts from google.com/recaptcha/enterprise.js, collects browser signals (including mouse movement, timing, and other behavioral telemetry), and shares them with Google to generate a risk score. At paid checkout, we additionally transmit to Google your IP address, user agent, email address, and the name and billing address you enter, so Google can assess the transaction for fraud; we do not send your card number. Your interaction is governed by Google’s Privacy Policy and Terms of Service.

C. Cookies and Tracking Technologies:

We categorize cookies and similar technologies as follows:

• Strictly Necessary: Required for core site functionality and to remember your consent choices. These include session/authentication cookies on logged-in dashboard areas, and a localStorage entry recording your consent banner choice and detected country. These cannot be disabled.
• Analytics (opt-in): We use Google Analytics 4 (GA4) to understand site usage. GA4 tags load in Consent Mode v2 default-deny state, meaning analytics, advertising, and personalization storage are not set until you opt in via the consent banner. Visitors in the EU, UK, EEA, and Switzerland see the banner on first visit. For visitors outside the EU, UK, EEA, and Switzerland, analytics consent is granted by default consistent with the legal basis applicable in those regions; you can withdraw consent at any time using the Cookie Settings link in the footer. The specific GA4 cookie names (e.g., _ga, _ga_*) are set by Google when consent is granted; see Google’s cookie documentation for current details.
• Analytics (opt-in) – Matomo (self-hosted): We also use Matomo, an analytics tool we self-host on our own infrastructure (st.swarmify.com); your usage data is processed on Swarmify-controlled servers and is not shared with any third-party analytics vendor. Matomo is gated behind the same consent banner as GA4 — it sets no analytics cookies and records no visit until you opt in (and is auto-enabled outside the EU, UK, EEA, and Switzerland on the same basis described above). When enabled, Matomo sets first-party cookies on the .swarmify.com domain: _pk_id.* (a pseudonymous visitor identifier, retained up to ~13 months) and _pk_ses.* (a short-lived session cookie). You can withdraw consent at any time using the Cookie Settings link in the footer, which clears Matomo consent in the same action.
• Advertising: We do not currently set advertising or cross-context behavioral advertising cookies on our marketing site. If this changes, we will update this Policy and require opt-in consent where required by law.

3. How We Use Your Information

• Provide, operate, and maintain our Service;
• Process your transactions and manage your account;
• Improve, personalize, and expand our Service;
• Understand and analyze how you use our Service;
• Communicate with you, either directly or through one of our partners, for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes;
• Screen for potential risk and fraud;
• Enforce our terms and policies, including our Fair Use Policy (available at https://swarmify.com/legal/fair-use-policy/), and comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following situations:

• With Service Providers: We may share your information with third-party vendors and service providers that perform services on our behalf, such as hosting and serverless compute (Google Cloud Platform), form abuse detection (Google reCAPTCHA Enterprise), analytics (Google Analytics 4, opt-in), support communications (Help Scout), and billing/payment processing. A current list is set out in Section 15 (Subprocessors). These third parties are contractually obligated to safeguard your information and are prohibited from using it for any other purpose.
• For Legal Reasons: We may disclose your information if we are required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). This includes responding to claims of copyright infringement pursuant to our DMCA Policy (https://swarmify.com/legal/dmca/)
• To Protect Our Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, or situations involving potential threats to the safety of any person.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Specific retention periods by data category are summarized in Section 16 (California Notice at Collection).

6. Your Data Protection Rights

A. Your Rights Under GDPR (For individuals in the EEA/UK):

• The right to access – You have the right to request copies of your personal data.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Where we act as a controller, our lawful bases include performance of contract, legitimate interests (e.g., service improvement and security), consent where required, and compliance with legal obligations. You may withdraw consent at any time; this does not affect processing that occurred before withdrawal. You also have the right to lodge a complaint with your supervisory authority.

B. Your Rights Under CCPA/CPRA (For California Residents):

• The right to know the categories of personal information collected, the purposes, sources, and categories of recipients, and to access specific pieces of personal information.
• The right to delete personal information, subject to exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising.
• The right to limit the use and disclosure of sensitive personal information. We only use sensitive information (e.g., account login, payment token, and the browser-behavioral signals collected by reCAPTCHA Enterprise on our contact form and at paid checkout) to provide and secure the Service.
• The right to be free from retaliation for exercising your rights.

To exercise any of these rights, please contact us as described in Section 10 (Your Privacy Choices). See also Section 11 for our verification and appeals process.

7. Children’s Privacy

Our Service is not intended for individuals under 16 years of age, and we do not knowingly collect personal information from children under 16. We also do not knowingly collect personal information from children under 13 as defined by the U.S. Children’s Online Privacy Protection Act (COPPA). If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date above. For material changes, we may also provide notice through email or a prominent notice on our Service. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Contact:

Privacy Agent, Swarmify Video LLC
Email: privacy@swarmify.com
Address: 7901 4th St N #17077, St. Petersburg, FL, 33702, USA

If you are located in the EEA/UK and do not have a direct relationship with Swarmify (e.g., your data is processed on behalf of a Swarmify customer), please contact that customer (the “controller”) to exercise your rights.

EEA/UK data subjects. If you are located in the EEA or UK, you may contact us directly at privacy@swarmify.com to exercise your data-protection rights, and you may lodge a complaint with your local supervisory authority. If we appoint an EU or UK representative under Article 27 of the GDPR or UK GDPR, we will name them here.

10. Your Privacy Choices

You can exercise your privacy rights at any time by emailing privacy@swarmify.com. Please include the request type in the subject line:

• “Access Request” – get a copy of your personal information.
• “Delete Request” – ask us to delete your personal information (where permitted).
• “Correction Request” – fix inaccurate information.
• “Do Not Sell or Share” – opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising; we honor opt-out signals (including via GPC) regardless.
• “Limit Sensitive PI” – limit the use/disclosure of sensitive personal information (we use it only to provide the Service).

Authorized agents may submit requests on your behalf where allowed by law. Requests are free and we will not discriminate against you for exercising your rights.

11. Verification and Appeals

Verification. To protect your information, we may verify your identity (e.g., confirm access to your account email or request limited additional details). Authorized agents must provide proof of authorization.

Appeals. If we deny your request, you may appeal within 30 days by replying to our decision or emailing privacy@swarmify.com with “Privacy Appeal” in the subject. If you remain unsatisfied, you may contact your state attorney general or applicable data protection authority.

12. Roles and Data Processing Addendum (DPA)

For personal data we collect on our own websites and marketing properties, Swarmify acts as an independent controller/business. For personal data we process on behalf of customers in connection with the Service (e.g., viewer analytics, delivery logs), Swarmify acts as a processor/service provider.

Our Data Processing Addendum (DPA) is incorporated into our Master Services Agreement and is available online at https://swarmify.com/legal/dpa/ or upon request.

In case of conflict between this Policy and the DPA for processing on behalf of a customer, the DPA controls. For purposes of the CCPA/CPRA and other U.S. state privacy laws, Swarmify acts as a ‘Service Provider’ or ‘Processor’ for personal data processed on behalf of customers in connection with the Service. We certify that we understand and will comply with the restrictions imposed by these laws and our agreements.

13. Security

We employ administrative, technical, and physical safeguards appropriate to the nature of the personal information we process, including access controls, least-privilege design, encryption in transit, vulnerability management, and logging/monitoring. No method of transmission or storage is 100% secure; if we confirm a security incident affecting your personal information within our control, we will notify you without undue delay in accordance with applicable law. For a more detailed description of our security measures, please see our Data Processing Addendum.

14. International Data Transfers

We are based in the United States and may transfer personal information to the U.S. and other countries where we or our subprocessors operate. Where required, we use appropriate safeguards such as the Commission Implementing Decision (EU) 2021/914 on standard contractual clauses for the transfer of personal data to third countries, including the UK International Data Transfer Addendum and Swiss adaptations as required. Where we certify under an approved adequacy framework (e.g., the EU-U.S. Data Privacy Framework), we will rely on that as applicable.

15. Subprocessors

To support delivery of the Service, we engage the following third-party subprocessors. The same list, with processing locations, also appears in our Data Processing Addendum:

• Google Cloud Platform – hosting and serverless compute (Cloud Functions for the contact-form endpoint; supporting infrastructure).
• Google reCAPTCHA Enterprise – bot, abuse, and payment-fraud detection on the public contact form and at paid checkout.
• Google Analytics 4 – site usage analytics; loaded under Consent Mode v2 default-deny and only activated after user consent.
• Help Scout – support ticketing, knowledge base (support.swarmify.com), and Beacon search/chat widget.
• Recurly – subscription billing and payment processing (engaged on the customer dashboard rather than the public marketing site).
• Wasabi – object storage for uploaded video and generated assets.
• Bunny.net – content delivery network (CDN) for video and asset delivery.
• Hetzner and OVH – Swarmify-operated encoding/edge servers (Hetzner nodes are located in the EU; OVH nodes in the US).
• Sentry – application error monitoring and diagnostics.
• MailerLite – product and lifecycle email to account holders.
• Slack – internal operational notifications (may include an account holder’s name, email, and company).
• api.country.is – one-time IP-based country lookup to decide whether to show the consent banner (no personal data stored).

Self-hosted, first-party tools we operate on our own infrastructure — such as our Matomo analytics (described in Section 2.C) — are not third-party subprocessors and are therefore not listed above.

This list is subject to verification at the time of any vendor change; we will update it when subprocessors are added or removed. You may request notice of new subprocessor additions by emailing privacy@swarmify.com.

16. California Notice at Collection (Summary)

We collect the following categories of personal information for the purposes below. We do not sell or share personal information for cross-context behavioral advertising. You may still submit a “Do Not Sell or Share” request by emailing us with that subject (see Section 10), and we honor Global Privacy Control (GPC) signals. We obtain these categories from you directly, automatically from your device and browser as you use the Service, and from our service providers (e.g., analytics, security, and payment processors); we may disclose them to the categories of recipients described in Section 4 (How We Share) and Section 15 (Subprocessors).

• Identifiers (e.g., name, email, IP address, account ID) – to create/manage accounts, provide support, secure the Service, and communicate with you.
• Customer Records & Commercial Info (e.g., billing address, plan tier, purchase history) – to process payments, comply with tax/audit duties, and administer your account.
• Internet/Network Activity (e.g., log data, device/browser info, pages viewed) – to operate the Service, secure it, debug, and understand usage.
• Inferences (marketing sites only) – to personalize content or measure marketing performance.
• Sensitive Personal Information (account login and payment token; we do not store full card numbers; and browser-behavioral signals such as mouse movement and timing collected by Google reCAPTCHA Enterprise on our contact form and at paid checkout) – used only to provide and secure the Service, prevent fraud and abuse, and protect your account.

Retention (summary): account/profile data for the life of the account plus up to 3 years; billing/transaction records for 7 years (tax/audit); Service logs for ~12–24 months (longer if needed for security); support records for ~24 months after closure; marketing/analytics data for up to 12 months unless you opt out sooner.

← Back to Legal Center