Privacy Policy for Swiq

The controller for the processing of personal data is swiq gmbh, Wiener Strasse 22/4, 2340 Mödling, Austria. You can reach us at office@swiq.io. Represented by the statutory managing directors of swiq gmbh.

Further provider information is available in our legal notice at swiq.io/impressum.

This privacy policy applies to the Swiq mobile app (iOS and Android), the website at swiq.io, publicly accessible preview and deep-link pages (e.g. challenge and profile links), and contact requests via the contact form or email.

Swiq is a social challenge app. You can create an account, maintain a profile, upload short videos or preview images, start or accept challenges, vote, react with emojis, follow other profiles, report content, block users, and receive push notifications.

When you visit our website, we process technically necessary data such as IP address, date and time of access, URL requested, referrer, browser and device information, and server log data.

The website is hosted and delivered via Vercel Inc. Technical access data may be transmitted to Vercel and related CDN infrastructure.

Processing is carried out to provide the website securely and reliably, detect abuse, and fix errors. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).

To use the app, we process data required for registration, login, session management, and profile features. This includes user ID, email address, login information, username, display name, bio, avatar, language, settings, terms/privacy consent records, and internal timestamps.

You can sign in via email OTP as well as Sign in with Apple or Google. We process identity data provided by you or the respective provider where necessary for authentication.

Private profile data is processed only where required for app features, security, support, or legal obligations. Legal basis: Art. 6(1)(b) GDPR; for security and abuse prevention also Art. 6(1)(f) GDPR.

When you use Swiq, we process challenge data, video uploads, thumbnails, avatars, votes, emoji reactions, win/loss statistics, follow relationships, moderation and report status, and technical metadata needed for feed, profiles, duels, sharing, and result calculation.

Uploaded challenge videos, preview images, and avatars may be stored in publicly readable storage areas so they can be shown in the app, feed, profiles, or shared links. Content may therefore be accessible to other users or anyone with the corresponding link.

Legal basis: Art. 6(1)(b) GDPR. Moderation, abuse prevention, account restrictions, reports, blocks, and enforcement of our rules are based on Art. 6(1)(f) GDPR.

You may optionally add city, region, and country to your profile. If you do, this information may be shown to other users in profile or social features.

Legal basis: Art. 6(1)(b) GDPR; where you provide the information voluntarily, also Art. 6(1)(a) GDPR.

Swiq requests device permissions only when needed: camera and microphone for recording, media library access for uploads, and push notifications. You can revoke permissions at any time in system settings.

For technical operation and push delivery, we may process platform, device name, device model, operating system, OS version, app version, language/locale, time zone, push token, and last activity timestamps.

If you enable push notifications, we process a push token and related device and notification data to deliver messages about challenge events, results, votes, or other app features.

Delivery is handled via Expo Push Services and Apple or Google platform services. You can disable push notifications in the app or system settings. Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(b) GDPR where notifications are required for contractual features.

If you contact us via the contact form or email, we process your name, email address, subject, message, technical transmission data (e.g. IP address and user agent), and time of request to handle your inquiry.

Contact form delivery is provided by Resend (Resend, Inc.). Resend processes submitted content as a processor to deliver email to our mailbox.

Legal basis: Art. 6(1)(b) GDPR where your request relates to a contract or pre-contractual steps, otherwise Art. 6(1)(f) GDPR. We generally retain support emails in our mailbox for up to 24 months unless longer retention is required by law or legitimate interests (e.g. proof).

In the production mobile app, we use Sentry (Functional Software, Inc.) to detect and analyze crashes and technical errors. Sentry is not used for session replay or performance tracking; related sampling is disabled.

Data may include error type, stack trace, app version, platform, environment, timestamp, and an internal user ID. Supabase URLs are recorded without query strings; sensitive headers such as Authorization, API keys, or cookies are stripped.

Legal basis: our legitimate interest in stable and secure software under Art. 6(1)(f) GDPR.

If you use or purchase Swiq Pro, we process subscription and purchase status via RevenueCat (RevenueCat, Inc.) and the respective Apple or Google app store processes. This may include product ID, subscription status, renewal periods, and a pseudonymous user identifier.

We do not process payment card data; payment is handled by Apple or Google. Legal basis: Art. 6(1)(b) GDPR.

We use service providers that process data only on our instructions or for the purposes described. These include in particular:

• Supabase (Supabase, Inc.) for authentication, PostgreSQL database, storage, realtime, and edge functions — EU region (Ireland).
• Sentry for crash and error diagnostics in the mobile app.
• Expo (Expo Push Services) and Apple and Google for push delivery, app platforms, and store processes.
• Resend for delivering contact form messages to office@swiq.io.
• RevenueCat for subscription and purchase status management.
• Vercel for website hosting and delivery.

Where providers process data outside the EU or EEA (e.g. in the USA), this occurs only with appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, or comparable mechanisms where required.

For US providers such as Sentry, Resend, RevenueCat, Vercel, Expo, Apple, and Google, we rely on the data protection contractual modules offered by each provider where applicable.

We retain personal data only as long as necessary for the stated purposes, legal obligations apply, or legitimate interests such as security, abuse prevention, or proof justify further processing.

You can initiate account deletion in the app. This deletes login/auth data, private profile data, push devices, settings, follow relationships, avatars, and your media where no legitimate grounds require further processing.

For collaborative challenges, results, votes, win/loss data, and opponent history may remain anonymized or aggregated so other users' challenge history is not distorted. The deleted account profile is anonymized for this purpose.

Technical backups of our database infrastructure may still contain deleted data for a limited time until backups rotate. We limit backup retention to the technical minimum required.

Under the GDPR, you have the right of access, rectification, erasure, restriction of processing, data portability, and to object to certain processing. Where processing is based on consent, you may withdraw consent at any time with future effect.

Requests regarding access, portability, restriction, or other privacy rights may be sent to office@swiq.io. If we cannot reliably verify your identity, we will ask for verification.

A dedicated in-app export of all data is not currently provided; we handle access and portability requests via email support.

You also have the right to lodge a complaint with a supervisory authority. In Austria, this is in particular the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Wien, Austria (https://www.dsb.gv.at).

We may update this privacy policy when features, providers, or legal requirements change. The current version is available on swiq.io in German and English.