Legal
Privacy Policy
We built SwarmCherry for people who value their time — and their data. Here's exactly what we do with yours.
Last updated: March 2026
Short version: We collect only what we need to run the platform. We never sell your data. We never use it for advertising. You own everything you put in. You can delete it any time.
1What We Collect
We collect information in three ways: what you give us directly, what your use of the platform generates, and what your contacts' interactions produce.
Information you provide directly:
- Account details — your name, email address, and password when you sign up.
- Business information — your company name, phone number, and billing details (processed by our payment provider — we never store raw card numbers).
- CRM data you input — all contacts, deals, notes, email content, and any other data you import or create inside the platform. This is your data, not ours.
Information generated by your use:
- Usage data — which features you use, how often, and how the platform performs for you. We use this to fix bugs and improve the product.
- Log data — IP addresses, browser type, and timestamps for security and debugging purposes.
- Session cookies — a single session cookie to keep you logged in. See section 6 for details.
2How We Use Your Data
Every piece of data we collect has a specific, defined purpose. We do not use your data for anything beyond this list.
- To operate the platform — running your AI agents, processing your contacts, generating briefings, and delivering every feature you pay for.
- To communicate with you about the service — transactional emails like receipts, password resets, and important product updates. Not marketing unless you opt in.
- To improve features — aggregated, anonymised usage data helps us understand what's working and what needs fixing. No individual data is used for this.
- To protect security — detecting fraud, abuse, or unauthorised access to accounts.
- To meet legal obligations — where applicable law requires us to retain or disclose certain records.
3What We Never Do
These are not aspirational commitments. They are hard technical and contractual constraints built into how the platform operates.
- We never sell your data — to data brokers, marketing agencies, advertisers, or anyone else. Full stop.
- We never build advertising profiles — your data is not used to target you or anyone else with ads, anywhere.
- We never share CRM data with third parties for any purpose other than delivering the service you pay for.
- We never use your contacts' data beyond executing the specific campaigns and automations you configure.
We work with a small number of carefully vetted service providers who process data strictly on our behalf:
Each provider is contractually bound to use your data only for the purpose we engage them for, and nothing else.
4Your Rights
You have clear, enforceable rights over your data. We will fulfil any of the following requests within 30 days.
Access
Request a complete copy of all data we hold about you and your account.
Export
Download all your CRM data in a portable, machine-readable format (CSV / JSON).
Correction
Ask us to correct any inaccurate personal information we hold about you.
Deletion
Request full deletion of your account and all associated data. No dark patterns, no friction.
To exercise any of these rights, email privacy@swarmcherry.com from your registered address. We'll respond within 5 business days to confirm receipt and within 30 days to fulfil the request.
5Data Storage & Security
All SwarmCherry data is stored in EU/UK data centres operated by certified cloud infrastructure providers compliant with ISO 27001 and SOC 2.
- At rest: All data is encrypted using AES-256.
- In transit: All connections use TLS 1.3. Older protocol versions are blocked at the network level.
- Access controls: Strict internal role-based access — only engineers who need access to diagnose production issues can ever see platform data, and all access is logged and audited.
- Backups: Daily encrypted backups with 30-day retention, stored in a separate geographic region.
If we ever become aware of a security breach that affects your data, we will notify you by email within 72 hours — well within GDPR and UK GDPR requirements.
6Cookies
We use exactly one category of cookies, and it is the one you'd actually want.
- Session cookies — set when you log in, deleted when you log out or your session expires. These are strictly necessary for the platform to function and cannot be disabled without breaking your login.
What we do not use:
- No tracking cookies or pixels.
- No third-party analytics that build profiles about you (e.g., we do not use Google Analytics in its standard configuration).
- No advertising or retargeting cookies of any kind.
- No cross-site tracking.
If we ever add optional analytics cookies in the future, we will ask for your explicit consent first and provide a way to decline without affecting the platform experience.
7GDPR & UK GDPR
For users in the European Economic Area (EEA) and United Kingdom, the following lawful bases apply to our data processing:
- Contract performance — processing your account data, running your CRM, and delivering the service you subscribed to.
- Legitimate interests — security logging, fraud prevention, and improving platform performance (always balanced against your rights).
- Legal obligation — retaining billing records as required by tax and financial regulations.
- Consent — sending you optional marketing communications (you can withdraw this at any time).
Data retention periods:
- Active accounts: Data is retained indefinitely while your account remains active, so your CRM history is always available to you.
- Deleted accounts: All personal and CRM data is purged within 30 days of account deletion. Billing records are retained for 7 years as required by tax law, but are anonymised after the account is closed.
- Inactive accounts: Accounts with no activity for 24 months will receive a reactivation prompt. If unresponsive after 30 days, the account and data are scheduled for deletion.
8Children
SwarmCherry is a professional business platform. It is not intended for, and does not knowingly collect data from, anyone under the age of 16.
If you believe a person under 16 has created an account, please contact us at privacy@swarmcherry.com and we will delete the account and associated data promptly.
9Changes to This Policy
We will notify you by email at least 14 days before any material changes to this Privacy Policy take effect. "Material" means anything that affects your rights, what we collect, or how we use it.
Minor clarifications (fixing typos, adding examples) may be made without notice, but the "Last updated" date at the top of this page will always reflect when the document last changed.
Continuing to use SwarmCherry after a policy change takes effect constitutes acceptance of the updated terms.
10Contact
For any privacy-related questions, requests, or concerns — including GDPR data subject requests — contact our Privacy team directly.