Privacy Policy

Last updated: May 8, 2026

1. Introduction

SwipeAce ("Company," "we," "us," or "our") is dedicated to protecting your privacy and the personal information you share when using our website, mobile applications, and related online services (collectively, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect your data, and explains the rights available to you. If you have any questions, reach out to us at hello@swipeace.app.

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services.

2. Scope

  • Applicability: This policy covers personal information collected through our Services and any related interactions that reference this policy.
  • Third-Party Links: Our Services may link to or integrate with third-party platforms. We are not responsible for their privacy practices and encourage you to review their policies independently.

3. Definitions

  • Personal Information: Any data that identifies or could reasonably be used to identify an individual, alone or in combination with other data.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • You / User: Any individual accessing or using our Services.

4. Information We Collect

A. Information You Provide

  • Account Registration: Name, email address, username, and password when creating an account.
  • Profile Information: Optional details such as a profile picture.
  • Study Materials: Text, images, PDFs, and other content you upload to generate flashcards and quizzes.
  • Communications: Messages you send us via email or support channels.
  • Payment Information: Billing details required to process subscriptions. Full payment card data is never stored on our servers — this is handled entirely by the App Store, Google Play, and RevenueCat. We only receive minimal identifiers such as transaction IDs and subscription status.

B. Information Collected Automatically

  • Usage Data: Features used, pages visited, and time spent within the app.
  • Device & Log Information: IP address, browser type, operating system, and device identifiers.
  • Analytics Data: Aggregated and anonymized behavioral data used to understand how users interact with the Services and to improve them over time.
  • Advertising Data: If you interact with ads shown within the Services, we or our advertising partners may collect data such as ad impressions, clicks, and attribution signals.
  • Cookies & Tracking: We and our service providers use cookies and similar technologies to improve your experience and analyze usage.

C. Information From Third Parties

  • Single Sign-On (Login): If you sign in via Google, Apple, or another identity provider, we receive basic profile data (name, email, unique identifier) in accordance with that provider's policy. We do not receive or store your passwords.
  • RevenueCat: We use RevenueCat to manage in-app subscriptions and purchases. RevenueCat receives your device identifier, App Store / Google Play receipt data, and subscription status. See RevenueCat's Privacy Policy at revenuecat.com/privacy.
  • Third-Party Integrations: Data may be received from other third parties when you connect their services to SwipeAce.

5. Login and Authentication

SwipeAce offers account creation via email/password and Single Sign-On (SSO) options such as Sign in with Apple and Sign in with Google. When you use SSO:

  • We receive only the profile information the provider shares (typically name, email address, and a unique account identifier).
  • We do not receive your SSO provider password.
  • Your SSO provider's own privacy policy governs how they handle your credentials.
  • Authentication tokens are stored securely and used solely to maintain your session.

6. Analytics

We use analytics tools to understand how the Services are used and to improve them. Analytics data is collected automatically and may include:

  • Screen views, feature interactions, and session duration.
  • Crash reports and performance metrics.
  • Device type, operating system version, and app version.

Analytics data is aggregated or anonymized wherever possible and is not used to identify you individually. You can opt out of analytics data collection through your device's privacy settings or by contacting us.

7. Advertising

The free tier of SwipeAce may display advertisements. In connection with advertising, we or our advertising partners may collect and use:

  • Ad Identifiers: Platform advertising identifiers (IDFA on iOS, GAID on Android) subject to your device-level privacy settings.
  • Attribution Data: Information about how you discovered SwipeAce (e.g., which ad or channel led to your install).
  • Contextual Signals: General, non-sensitive context (e.g., the section of the app in which an ad is shown) to serve more relevant ads.

You can limit ad tracking by enabling "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android in your device settings. Opting out does not remove ads but may make them less relevant to you.

8. Payments and Subscriptions

Premium features are available through in-app purchases and subscriptions managed by RevenueCat, processed via the Apple App Store or Google Play Store.

  • Payment Processing: All payment card data is handled exclusively by Apple or Google. We never see or store your full card number.
  • RevenueCat: RevenueCat acts as our subscription management layer. It receives purchase receipts, subscription entitlements, and device identifiers to validate and manage your subscription status.
  • What We Receive: We receive only subscription status (active, expired, trial) and anonymized transaction identifiers from RevenueCat — not raw payment details.
  • Refunds: Refund requests must be submitted to the App Store or Google Play. We may share usage data with the relevant store to assist in evaluating refund requests.

9. Data Storage

Your data is stored using Supabase, a cloud database and infrastructure provider. Storage locations may include servers in the European Union and the United States, depending on your region.

  • Account data (email, username, preferences) is stored in our Supabase database.
  • Study materials you upload are stored in Supabase Storage and processed to generate flashcards. They are retained for as long as your account is active.
  • Subscription data is stored by RevenueCat and referenced by your anonymized user ID.
  • Analytics data is stored by our analytics provider in aggregated or anonymized form.
  • We implement encryption at rest and in transit (TLS) across all storage systems.

10. How We Use Your Information

  • Service Provision: Creating and managing your account, generating AI-powered flashcards, quizzes, and study sessions.
  • Personalization & Analytics: Tailoring your experience based on study progress and analyzing usage to improve the app.
  • Advertising: Serving ads on the free tier and measuring ad performance.
  • Communication: Responding to support requests and sending transactional messages such as password resets.
  • Payment & Subscriptions: Processing billing and managing subscription status via RevenueCat.
  • Security & Compliance: Detecting fraud, preventing abuse, and meeting legal obligations.

11. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Functions: Maintaining session state and core app functionality.
  • Analytics: Collecting anonymized usage statistics to improve the Services.
  • Personalization: Remembering your preferences across sessions.

You can manage or disable cookies through your browser settings, though doing so may affect some features of the Services.

12. Legal Bases for Processing

  • Consent: Where you have explicitly agreed to data processing.
  • Contract Performance: Where processing is necessary to deliver the Services you requested.
  • Legitimate Interests: Where processing serves our reasonable business interests, such as improving security and functionality.
  • Legal Obligations: Where we are required to process data to comply with applicable law.

13. Data Sharing and Disclosure

  • Service Providers: We share data with trusted third parties including Supabase (infrastructure), RevenueCat (subscription management), analytics providers, and advertising partners — solely to operate and improve the Services.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the succeeding entity under equivalent privacy protections.
  • Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and the safety of users.
  • Aggregated Data: We may share anonymized, de-identified data that cannot be linked back to any individual.

14. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including where our service providers (such as Supabase and RevenueCat) operate. We take reasonable steps to ensure transferred data receives adequate protection in line with applicable privacy laws.

15. Data Retention

We retain personal information for as long as necessary to provide the Services and meet legal obligations. When data is no longer needed, we securely delete or anonymize it. You may request deletion of your account and associated data at any time (see Section 16).

16. Security

We implement technical and organizational safeguards to protect your data, including:

  • Encryption: Data in transit is protected using TLS encryption; data at rest is encrypted by our storage providers.
  • Access Controls: Personal data is accessible only to personnel who need it to operate the Services.
  • Secure Infrastructure: We use Supabase and other reputable providers that maintain high security standards.

No method of transmission over the internet is entirely secure. While we apply best practices, we cannot guarantee absolute security.

17. Children's Privacy

SwipeAce is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that such data has been collected without parental consent, we will delete it and terminate the associated account.

18. Your Rights

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Ask us to correct inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data, subject to legal retention requirements.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Data Portability: Request a machine-readable copy of your personal data where legally applicable.

To exercise any of these rights, contact us at hello@swipeace.app.

19. Managing Your Information

  • Account Settings: You can view, update, or delete certain personal information directly within the app.
  • Email Preferences: You can unsubscribe from marketing emails at any time via the unsubscribe link. Transactional messages (e.g., password resets) cannot be opted out of.
  • Ad Tracking: You can limit ad tracking via your device's privacy settings at any time.

20. Marketing Communications

  • Service Emails: We may send account-related or security notifications which are required for operation of the Services.
  • Promotional Emails: With your consent, we may send updates about new features or offers. You can opt out at any time by contacting us or using the unsubscribe link.

21. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the app or email. Continued use of the Services after changes take effect constitutes acceptance of the revised policy.

22. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at: hello@swipeace.app