Skip to content
swypix

Privacy Policy

Last updated: 23 May 2026

This policy describes the personal data swypix processes when you use our mobile app or this website. It applies in parallel under the Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and the EU General Data Protection Regulation (GDPR).

1. Data controller

The controller responsible for the processing of personal data is:

Maximilian Rechenauer
Am Stadtrand 43
8600 Dübendorf
Switzerland

Email: support@swypix.com

Because we are based in Switzerland and do not currently have an EU establishment, we act as a non-EU controller under Art. 27 GDPR. If you are based in the EU and have concerns, you can contact us directly via email.

2. Scope

This policy covers the mobile app 'swypix' (iOS & Android) and this website (swypix.com). Linked third parties (App Store, Google Play, RevenueCat account page) have their own privacy policies that we do not control.

3. Core principle: your photos stay local

swypix is a local-first app. Your photo library is read exclusively on your device. We do not transmit any images, preview thumbnails, or photo hashes to our servers or to third parties. The only things our backend sees are anonymous usage stats (with your consent) and — if you subscribe to Pro — your subscription status.

4. Categories of data processed

We process the following categories:

a) Device and usage data (Firebase Analytics)

When you open the app we collect — with your consent — anonymous usage events: app opens, swipe actions (without photo reference), achievement unlocks, onboarding steps. These data contain neither your name nor a direct device ID that would identify you. Firebase generates a pseudonymous installation ID. You can disable analytics collection in app settings or via the cookie banner on this website.

b) Crash reports (Firebase Crashlytics)

If the app crashes we collect the stack trace and your device model so we can fix it. No photo content and no identifying data are collected.

c) Subscription status (RevenueCat)

If you purchase swypix Pro, Apple or Google forwards the purchase receipt to our subscription provider RevenueCat (see processors). RevenueCat manages whether your subscription is active. We see a pseudonymous identifier and the subscription status — not your name, Apple ID, or payment details.

d) Advertising (Google AdMob)

On the free tier we show ads via Google AdMob. On iOS we ask you up front through the App Tracking Transparency framework whether personalized advertising is permitted. If you decline — or you're on Android — you see non-personalized ads. Depending on your consent, AdMob processes your advertising ID and IP address.

e) Local data on your device

Streak days, achievement progress, lifetime stats, and app settings are stored exclusively on your device (Shared Preferences / NSUserDefaults). Uninstalling the app irrevocably erases this data.

f) Website server logs (Firebase Hosting)

Visiting this website causes Firebase Hosting to log technically necessary data: truncated IP address, user agent, requested URL, timestamp. These logs are retained for at most 90 days for security and debugging.

g) Consent audit log (cookie banner)

When you click 'Accept', 'Reject' or 'Save selection' in the cookie banner, we write a record to a Firebase Firestore collection containing the timestamp, your choice, your browser (user agent), the page language and a randomly generated client identifier (UUID, persisted in your browser storage). We do not log IP addresses. Legal basis is Art. 6(1)(c) and (f) GDPR / Art. 31(2)(b) and (d) revFADP (fulfilment of the statutory obligation to prove consent). These records are retained for 3 years so we can demonstrate, in case of a dispute, when and how consent was given.

5. Purposes and legal bases

We process your data exclusively for these purposes:

  • Providing app functionality (contract performance — Art. 31(2)(a) revFADP / Art. 6(1)(b) GDPR)
  • Stability and debugging (legitimate interest — Art. 31(2)(d) revFADP / Art. 6(1)(f) GDPR)
  • Analysis and improving the app (consent — Art. 31(1) revFADP / Art. 6(1)(a) GDPR)
  • Advertising and personalization (consent — as above)
  • Subscription management (contract performance — as above)

6. Processors and data transfers

We use carefully selected processors. We have a data processing agreement (DPA) with each. The following providers process data on our behalf:

  • Google Firebase (Analytics, Crashlytics, Remote Config, Hosting) — Google LLC, USA; processing in the EU / US
  • Google AdMob — Google LLC, USA
  • RevenueCat, Inc. — USA (subscription management)
  • Apple Inc. — USA (App Store subscriptions)
  • Google LLC — USA (Play Store subscriptions)

We base transfers to the US on the EU-US Data Privacy Framework, the Swiss list of recognised third countries, and supplementary Standard Contractual Clauses. We will share copies of the DPAs on request.

7. Retention

  • Local app data: until uninstall
  • Firebase Analytics: 14 months from collection (Google default)
  • Crashlytics reports: 90 days
  • Hosting logs: 90 days
  • Consent audit log: 3 years
  • Subscription data: up to 7 years after contract end (statutory retention)

8. Your rights

Regardless of where you live, you have the following rights:

  • Access to your personal data (Art. 25 revFADP / Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 32 revFADP / Art. 16 GDPR)
  • Erasure (Art. 32 revFADP / Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability where technically feasible (Art. 28 revFADP / Art. 20 GDPR)
  • Withdrawal of consent — at any time, with effect for the future
  • Lodge a complaint with the competent supervisory authority (Switzerland: FDPIC; EU: your local authority)

Email us at support@swypix.com for any of these requests. We respond within 30 days.

File a data request

You can exercise any of your rights straight from this form. We open a pre-filled email to our privacy team — you just need to send it.

Identity verification

Before releasing or altering data, we have to make sure you're really the account holder. We reply by email and may ask for proof of identity (e.g. the email address used in the account). Pure objections or consent withdrawals don't require additional verification.

Response time

We confirm receipt within 72 hours and reply substantively within 30 days. If we need more time (complex requests) we'll tell you upfront.

Open email now

If your email client doesn't open, write directly to support@swypix.com.

9. Cookies and similar technologies

This website uses cookies and similar technologies. Details and granular consent options are available in the Cookie Policy.

10. Children

swypix is intended for users 13 years and older (matching the app stores' minimum age). We do not knowingly collect data from children under 13. If you are a parent or guardian and become aware that your child has provided us with data, please contact us — we will delete it immediately.

11. Security

We use TLS for all transmissions, encryption at rest with our processors, and run periodic security reviews. Despite our care, no method of electronic transmission can be 100% secure.

12. Changes to this policy

We may adjust this policy if legal requirements or our features change. The current version is always available on this page. We announce material changes prominently in the app or via an update notice.