1. Introduction
This Privacy Policy explains how Sway ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use the Sway mobile application ("App").
We are committed to protecting your privacy and handling your personal data with care. This Privacy Policy describes:
- What information we collect about you
- How we collect and process your information
- Why we need your information
- How we use and share your information
- Your rights regarding your information
- How we protect your information
By using Sway, you consent to the collection and use of your information as described in this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use Sway.
1.1 Affiliate Disclosure
IMPORTANT COMMERCIAL DISCLOSURE:
Sway participates in affiliate marketing programs. This means:
a) FINANCIAL RELATIONSHIP: We have a commercial relationship with third-party retailers whose products we recommend. When you click on product links and make purchases, we may receive financial compensation including but not limited to:
- Commissions based on sale prices
- Referral fees
- Advertising or marketing fees
- Revenue sharing arrangements
b) DATA USAGE FOR COMMERCIAL PURPOSES: We may use your interaction data, including click-through events and purchase information, to:
- Measure affiliate marketing performance
- Optimize product placement and recommendations
- Track revenue and commissions from affiliate relationships
- Improve our commercial partnerships and affiliate strategies
c) NO IMPACT ON PRICE: You will not pay more for products purchased through affiliate links. Commissions are paid by retailers as part of their marketing budget and do not increase your purchase price.
d) PRODUCT RECOMMENDATION INFLUENCE: The presence of affiliate relationships may influence which products are recommended and their display order. We encourage you to conduct independent research before making purchasing decisions.
e) TRANSPARENCY: We strive to be transparent about our commercial relationships. This disclosure is made in compliance with applicable advertising and marketing regulations.
2. Information We Collect
We collect the following types of information:
2.1 Information You Provide Directly
a) Account Information:
- Anonymous user identifier (UID) generated by Firebase Authentication
- Email address (if you choose to sign up with email)
- Authentication tokens and credentials
b) Preference Information:
- Brewing method preferences (Espresso, Pour-Over, French Press, etc.)
- Milk preference (with milk or without milk)
- Mood selection (Daily Driver, Adventurous, Refresher, Midnight Oil)
- Swipe card responses (liked or passed)
c) Product Interaction Data:
- Coffee bean recommendations you received
- Saved favorites ("Bean Vault")
- Links clicked ("View on Amazon" clicks)
2.2 Information Collected Automatically
a) Device Information:
- Device type and model
- Operating system and version
- Device language and locale settings
- Country code (detected from device locale)
- Unique device identifier
b) Usage Information:
- App session duration
- Features accessed within the app
- Number of recommendations generated
- Number of swipe interactions
- Error logs and crash reports
c) Location Information:
- Country/region (derived from device locale, not GPS)
- We do NOT collect precise GPS location
2.3 Information From Third Parties
a) Firebase Authentication:
- Authentication status
- User identifiers
- Session tokens
b) Google Gemini AI API:
- Recommendation generation logs
- API usage metrics (no personal data shared with Google)
c) Third-Party Retailers:
- We do NOT receive personal information from Amazon or other retailers
- Click-through tracking occurs within our app only
3. How We Use Your Information
We use your information for the following purposes:
3.1 Providing Our Services
- Creating and maintaining your anonymous user account
- Generating personalized coffee bean recommendations
- Storing your preferences for improved future recommendations
- Tracking your saved favorites
- Recording discovery sessions for analytics
3.2 Improving Our Services
- Analyzing usage patterns to improve the recommendation algorithm
- Identifying and fixing technical issues
- Understanding which features are most popular
- Testing new features and improvements
- Monitoring app performance and stability
3.3 Analytics and Metrics
- Tracking click-through rates on product links
- Measuring recommendation satisfaction
- Aggregating user preferences for catalog improvements
- Understanding brewing method popularity
- Analyzing mood selection patterns
3.4 Communications
- We do NOT send promotional emails or marketing communications
- We may send service-related notifications (e.g., app updates)
- We do NOT share your information with marketing partners
3.5 Legal Compliance
- Responding to legal requests and lawful authorities
- Enforcing our Terms of Service and User Agreement
- Protecting our rights and preventing fraud
- Complying with applicable laws and regulations
4. Data Storage and Retention
4.1 Where We Store Your Data
Your data is stored on:
a) Firebase Cloud Firestore:
- User profiles
- Discovery records
- Saved favorites
- Preference history
b) Firebase Authentication:
- Anonymous user accounts
- Authentication tokens
c) Your Device:
- Local app cache
- Authentication persistence tokens
4.2 Data Retention Periods
We retain your data for the following periods:
| Data Type |
Retention Period |
| Anonymous user ID |
Until account deletion |
| Discovery records |
2 years from creation |
| Saved favorites |
Until account deletion |
| Brewing preferences |
Until account deletion |
| Click-through records |
2 years from creation |
| Country code |
Until account deletion |
| Device identifiers |
1 year from last activity |
| Usage analytics |
Aggregated only, 1 year |
4.3 Data Deletion
When you delete your account or request data deletion:
- Your anonymous account is deactivated
- All associated data is marked for deletion
- Data is permanently deleted within 30 days
- Some backup copies may persist for up to 90 days
Note: Uninstalling the app does NOT automatically delete your account. To delete your account, contact us at [email protected].
5. Information Sharing and Disclosure
5.1 We Do NOT Sell Your Data
We do NOT sell, rent, or trade your personal information to:
- Third-party marketers
- Advertising networks
- Data brokers
- Any other third parties
5.2 Sharing With Service Providers
We may share your information with trusted service providers who assist us in operating our business:
a) Firebase (Google LLC):
- Purpose: Authentication and database services
- Data shared: User IDs, discovery records, preferences
- Privacy: Governed by Google's privacy practices
b) Google Gemini AI:
- Purpose: AI-powered recommendation generation
- Data shared: Preference data only (no direct identifiers)
- Privacy: Governed by Google's privacy practices
c) Amazon Affiliate Program:
- Purpose: Product recommendation links
- Data shared: Click-through events only (no personal data)
- Privacy: Governed by Amazon's privacy policy
5.3 Legal Requirements
We may disclose your information if required by:
- Applicable law or regulation
- Court order or subpoena
- Law enforcement request
- Government or regulatory authorities
- To protect our legal rights or safety
5.4 Business Transfers
If Sway is acquired, merged, or sold:
- Your information may be transferred to the acquiring entity
- You will be notified of such transfer
- The acquiring entity must honor this Privacy Policy
6. Data Security
6.1 Security Measures
We implement industry-standard security measures to protect your data:
a) Encryption:
- Data transmitted between your device and our servers: TLS/SSL
- Data stored in our databases: Encrypted at rest
b) Access Controls:
- Firebase Authentication for user sessions
- Role-based access for our personnel
- Multi-factor authentication for admin access
c) Regular Security Assessments:
- Code reviews and security audits
- Vulnerability scanning
- Penetration testing (as appropriate)
6.2 Security Limitations
No system is 100% secure. We cannot guarantee absolute security. You acknowledge that:
- Electronic data transmission has inherent risks
- We cannot guarantee unauthorized access will never occur
- You share information at your own risk
- You are responsible for keeping your device secure
6.3 Security Breaches
In the event of a data breach:
- We will notify affected users within 72 hours
- We will report to relevant authorities as required
- We will take immediate steps to mitigate the breach
- We will provide guidance on protecting yourself
7. Your Rights and Choices
7.1 Your Rights
Depending on your location, you may have the following rights:
a) Right to Access:
- Request a copy of your personal data
- Request details on how your data is used
b) Right to Correction:
- Request correction of inaccurate data
- Request completion of incomplete data
c) Right to Deletion:
- Request deletion of your data
- Request erasure of specific data items
d) Right to Restriction:
- Request limited processing of your data
e) Right to Data Portability:
- Receive your data in a structured format
- Request transfer of data to another service
f) Right to Object:
- Object to processing based on legitimate interests
7.2 How to Exercise Your Rights
To exercise any of these rights:
- Email us at [email protected]
- Include your request type and details
- We will respond within 30 days
- We may require identity verification
7.3 Your Choices
a) Anonymous Account:
- Default: Anonymous authentication (no personal data required)
- Alternative: Sign in with Google, Apple, or email (requires more data)
b) Location Data:
- We collect country code only (cannot be disabled)
- We do NOT collect GPS or precise location
c) Push Notifications:
- We do NOT send push notifications
d) Analytics:
- You cannot opt out of basic analytics
- Analytics data is aggregated and anonymized
e) Third-Party Links:
- You choose whether to click product links
- We cannot control third-party tracking after you leave
f) Affiliate Marketing Tracking:
- Click-through events are tracked within our app for affiliate purposes
- You cannot opt out of this tracking
- This tracking helps us measure affiliate performance and receive commissions
- Your interaction data may be used to optimize affiliate marketing strategies
8. Children's Privacy
8.1 Age Restriction
Sway is NOT intended for users under 18 years of age.
8.2 No Data Collection From Children
We do NOT knowingly collect personal information from:
- Children under 18 years of age
- Any users who indicate they are under 18
If we become aware that we have collected data from a child under 18:
- We will immediately delete that data
- We will prevent future collection
- We will take appropriate measures
8.3 Parental Controls
Parents who believe their child has provided information to Sway should:
- Contact us immediately at [email protected]
- Request deletion of the data
- We will respond within 72 hours
9. Third-Party Services
9.1 Firebase (Google LLC)
a) Services Used:
- Firebase Authentication (anonymous sign-in)
- Cloud Firestore (database)
b) Data Shared:
- User identifiers
- Discovery records
- Preference data
c) Privacy Policy: https://firebase.google.com/support/privacy
9.2 Google Gemini AI
a) Purpose: AI-powered coffee bean recommendations
b) Data Shared:
- Preference and selection data only
- No direct personal identifiers
- Anonymous user IDs
c) Privacy Policy: https://policies.google.com/privacy
9.3 Amazon Affiliate Links
a) Purpose:
- Product recommendation links
- Click-through tracking
b) Data Shared:
- Click events (no personal data)
- Product identifiers
- No Amazon account information
c) Privacy Policy: https://www.amazon.com/privacy
9.4 Apple Sign-In (if used)
Privacy Policy: https://www.apple.com/legal/privacy
10. International Data Transfers
10.1 Data Location
Your data may be stored and processed in:
- United States (primary)
- Firebase Cloud servers (global)
10.2 International Transfers
If we transfer data outside your country:
- We ensure adequate protection measures
- We use Standard Contractual Clauses (SCCs)
- We comply with applicable data protection laws
10.3 Your Consent
By using Sway, you consent to:
- Transfer of your data to the United States
- Processing of your data in accordance with this Privacy Policy
11. Changes to This Privacy Policy
11.1 Updates
We may update this Privacy Policy from time to time. Changes may be made for:
- Legal or regulatory updates
- Changes in our data practices
- New features or services
- Security improvements
11.2 Notification
We will notify you of material changes by:
- Updating the "Last Updated" date above
- Posting a notice within the Sway app
- Sending an email to your registered address (if applicable)
11.3 Your Responsibility
You are responsible for:
- Reviewing this Privacy Policy periodically
- Staying informed of any changes
- Contacting us with questions
Continued use of Sway after changes constitutes acceptance of the revised Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Fields Collected by Sway
For your reference, here is a complete list of data fields we collect:
| Field Name |
Description |
Collection Method |
| user_id |
Anonymous Firebase UID |
Automatic |
| country_code |
Device locale country code |
Automatic |
| provider_id |
Auth provider (anonymous, google) |
Automatic |
| lifetime_saves |
Number of saved recommendations |
User action |
| method_selection |
Brewing method preference |
User input |
| modifier |
Milk preference |
User input |
| mood_selection |
Selected mood category |
User input |
| swipe_summary |
Summary of card swipes |
User action |
| click_through |
Amazon link clicked (true/false) |
User action |
| ai_recommendation |
Generated recommendation data |
Generated |
| created_at |
Discovery timestamp |
Automatic |
| last_login |
Last authentication timestamp |
Automatic |