Privacy Policy
Last updated: May 15, 2026
1. Data We Collect
Swypik collects and processes the following personal data categories as a controller under Regulation (EU) 2016/679 (GDPR): (a) account data โ name, email, phone number (optional), password (stored as hash), date of birth for age verification; (b) browsing data โ IP address (pseudonymized), device type, browser, pages visited, session duration, video and product interactions; (c) purchase history โ orders, viewed products, cart items, delivery addresses, preferences; (d) user-generated content โ videos, comments, likes, reviews; (e) support communications. Some data is required for account operation; others are optional.
2. How We Use Your Data
We process data for these purposes under corresponding legal bases: (a) user authentication and session management โ necessary for contract performance; (b) personalizing your video feed and product recommendations based on past interactions โ Swypik's legitimate interest in providing relevant experience, with opt-out available; (c) payment processing via Stripe and transmitting minimal info for transaction authorization โ contract performance and legal obligation; (d) fraud and abuse prevention โ legitimate interest; (e) transactional communications (order confirmations, delivery notices) โ contract performance; (f) email marketing only with your explicit consent, with unsubscribe available anytime.
3. Cookies & Tracking
The platform uses essential technical cookies for session operation (login, shopping cart) and analytics cookies to understand aggregate behavior. Our reverse-proxy server (Caddy) logs IP addresses for debugging and security during necessary periods. Video feed interaction events are linked to an identifier derived from your IP via a salted hash function ("IP-salted feed events"), so raw IP isn't stored with behavioral data. You can manage cookie preferences in your browser settings, but disabling essential cookies may affect platform functionality.
4. Sharing With Third Parties
Your data may be shared with these authorized parties only for stated purposes: (a) Stripe Payments Europe Ltd. for payment processing โ minimal info needed for transaction authorization; (b) Cloudflare, Inc. for CDN, DDoS protection, and media storage in Cloudflare R2; (c) transactional email providers for notifications; (d) fulfillment and international dropshipping partners โ only when your order uses these channels, sharing delivery address and minimal order details. We don't sell or rent personal data to third parties for independent marketing. Transfers outside the European Economic Area are protected by standard contractual clauses.
5. Your Rights
Under GDPR, you have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete data ("right to be forgotten") within legal limits; (d) restrict processing; (e) data portability in a structured, commonly-used, machine-readable format; (f) object to processing, especially for legitimate interest or direct marketing; (g) not be subject to solely automated decision-making. To exercise any right, contact privacy@swypik.com. You can also file a complaint with ANSPDCP (www.dataprotection.ro).
6. Data Retention
We keep personal data only as long as needed for collection purposes, following these guidelines: account data โ for account lifetime plus 3 years after closure for dispute resolution; transaction and invoice data โ 10 years per Romanian tax law; browsing and technical logs โ up to 12 months; user-generated content (videos, comments) โ until you delete it or close your account. After these periods, data is securely deleted or irreversibly anonymized for aggregate statistics.
7. Security
Swypik applies appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration, or disclosure. These include: encrypted data transmission via HTTPS/TLS, password storage as salted cryptographic hashes, separated production and development environments, auditable logging of sensitive operations, role-based database access control, regular backups, and continuous infrastructure monitoring. However, no transmission or storage method is completely secure. We encourage strong passwords and protecting your login credentials.
8. DPO Contact
For requests about personal data processing, exercising GDPR rights, or reporting potential security incidents, contact our Data Protection Officer (DPO) at privacy@swypik.com. We'll respond within 30 calendar days of receipt, per GDPR.
9. Policy Changes
Swypik may update this Privacy Policy periodically to reflect legal, technological, or practice changes. Significant changes will be announced visibly on the platform or by email before taking effect. Updated versions include the last modification date; continued platform use after that date means you accept the new terms. We recommend reviewing this page regularly to stay informed about how we protect your data.