Privacy Policy
Table of Contents
1. Introduction
Welcome to SWARM. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered cryptocurrency platform built on Solana.
By accessing or using SWARM services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Important: Blockchain transactions are public and permanent. Wallet addresses and transaction data are visible on the public blockchain and cannot be deleted.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, username, password (encrypted)
- Profile Data: Display name, avatar, bio, preferences
- Communication Data: Support tickets, feedback, survey responses
- Payment Information: Processed by third-party payment providers
2.2 Automatically Collected Information
- Wallet Data: Public wallet addresses, transaction history, token balances
- Usage Data: Pages visited, features used, time spent on platform
- Device Information: IP address, browser type, operating system, device ID
- Analytics Data: User behavior, feature engagement, conversion metrics
- AI Agent Interactions: Queries, commands, preferences, results
2.3 Blockchain Data
- All transactions on Solana are public and permanent
- We collect wallet addresses you connect to our platform
- Smart contract interactions are recorded on-chain
- Staking, trading, and governance activities are blockchain-recorded
2.4 Legal Basis for Processing (GDPR Art. 6)
We process your personal data under the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services, execute transactions, and manage your account
- Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations, tax reporting, and other legal requirements
- Legitimate Interest (Art. 6(1)(f)): Fraud prevention, security monitoring, platform improvement, and analytics
- Consent (Art. 6(1)(a)): Marketing communications, optional cookies, and data sharing with third parties
You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.
2.5 AI-Generated Inferences
- User Preferences: AI-driven predictions of trading preferences and risk appetite
- Behavioral Patterns: Analysis of usage patterns to personalize features
- Market Insights: Inferences about user investment strategies
- Platform Engagement: Predictions about feature usage and content preferences
2.6 CCPA Categories of Personal Information
California residents: we collect the following categories of personal information as defined by the California Consumer Privacy Act (CCPA):
| CCPA Category | Description | Collected? | Examples |
|---|---|---|---|
| A. Identifiers | Personal identifiers that can identify you | YES | Email address, wallet address, IP address, username, device ID |
| B. Personal Records | Personal information from records | YES | Name, KYC documents, payment information, account credentials |
| C. Protected Classifications | Characteristics of protected classes | YES | Age verification (18+ requirement only) |
| D. Commercial Information | Records of transactions and purchases | YES | Token purchases, transaction history, staking activities, trading records |
| E. Biometric Information | Physiological or biological characteristics | NO | Not collected |
| F. Internet Activity | Browsing and interaction history | YES | Pages visited, features used, search queries, AI agent interactions |
| G. Geolocation Data | Physical location information | YES | IP-based country/city location (not precise GPS) |
| H. Sensory Data | Audio, visual, or similar information | NO | Not collected |
| I. Professional Information | Employment or education data | NO | Not collected |
| J. Non-Public Education Records | Educational records from institutions | NO | Not collected |
| K. Inferences | Profile drawn from personal information | YES | AI-generated predictions about preferences, investment behavior, risk appetite |
12-Month Lookback: This table reflects personal information collected in the past 12 months (October 19, 2024 - October 19, 2025). We update this disclosure annually to ensure accuracy.
3. How We Use Your Information
We use the collected information for the following purposes:
Service Provision
Operate, maintain, and improve our AI-powered platform and services
Security
Detect, prevent, and address fraud, abuse, and security issues
Analytics
Analyze usage patterns to enhance user experience and platform features
Communication
Send updates, notifications, and respond to inquiries
Compliance
Meet regulatory requirements, KYC/AML obligations, and legal processes
Personalization
Customize your experience based on preferences and behavior
4. Blockchain & Wallet Data
Understanding blockchain privacy is crucial when using SWARM:
Public Blockchain: All transactions on Solana are publicly visible and cannot be deleted or modified.
4.1 What's Public
- Your wallet address and transaction history
- Token balances and transfers
- Smart contract interactions
- Staking activities and rewards
- Governance votes and proposals
4.2 What We Keep Private
- Email address and personal information
- Off-chain preferences and settings
- Private messages and support communications
4.3 Wallet Connection
When you connect your wallet:
- We only access public blockchain data
- We cannot access your private keys or seed phrase
- We cannot execute transactions without your approval
- You maintain full custody of your assets
5. Data Sharing & Disclosure
We may share your information in the following circumstances:
5.1 Service Providers
We work with third-party service providers who perform services on our behalf:
- Cloud hosting providers (AWS, Google Cloud)
- Analytics services (Google Analytics, Mixpanel)
- Email and communication platforms
- Payment processors
5.2 Legal Compliance
We may disclose your information when required by law:
- In response to court orders, subpoenas, or legal processes
- To comply with regulatory requirements
- To protect our rights, property, or safety
- To investigate fraud or security issues
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
5.4 With Your Consent
We may share your information with third parties when you provide explicit consent.
5.5 CCPA Third-Party Sharing Disclosure
For California residents, we disclose the following categories of personal information to third parties for business purposes:
| Third-Party Category | CCPA Categories Shared | Business Purpose |
|---|---|---|
| Cloud Service Providers (AWS, Google Cloud) |
A (Identifiers), D (Commercial Info), F (Internet Activity) | Data hosting, platform operation, backup and disaster recovery |
| Analytics Providers (Google Analytics, Mixpanel) |
A (Identifiers), F (Internet Activity), G (Geolocation) | Usage analytics, platform optimization, user experience improvement |
| Payment Processors (Stripe, Coinbase Commerce) |
A (Identifiers), B (Personal Records), D (Commercial Info) | Payment processing, transaction verification, refund handling |
| Communication Platforms (SendGrid, Twilio) |
A (Identifiers) | Email notifications, support communications, account alerts |
| Security Services (qualified third-party security firms (planned for Q2 2026), Cloudflare) |
A (Identifiers), F (Internet Activity) | Security audits, DDoS protection, threat detection |
We Do NOT Sell Your Personal Information: SWARM does not sell personal information to third parties for monetary or other valuable consideration. We do not share your data for cross-context behavioral advertising.
6. Data Security
We implement industry-standard security measures to protect your information:
Encryption
AES-256 encryption for data at rest, TLS 1.3 for data in transit
Access Control
Role-based access, multi-factor authentication, regular audits
Monitoring
24/7 security monitoring, intrusion detection, incident response
Audits
Regular security audits by qualified third-party security firms (planned for Q2 2026)
Your Responsibility: Never share your private keys, seed phrases, or passwords. We will never ask for this information.
7. Your Privacy Rights
Depending on your location, you may have the following rights:
7.1 Access & Portability
- Request a copy of your personal data
- Export your data in a machine-readable format
- Receive information about how we use your data
7.2 Correction & Deletion
- Correct inaccurate or incomplete information
- Request deletion of your personal data (subject to legal obligations)
- Note: Blockchain data cannot be deleted
7.3 Opt-Out Rights
- Unsubscribe from marketing emails
- Disable non-essential cookies
- Opt out of data sharing with third parties (where applicable)
7.4 Exercising Your Rights
To exercise your privacy rights, contact us at privacy@myswarm.io. We will respond within 30 days.
7.5 California Consumer Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. You have the following rights:
Right to Know
You have the right to request that we disclose:
- Categories of personal information collected about you
- Specific pieces of personal information we have about you
- Categories of sources from which information was collected
- Business or commercial purposes for collecting/selling information
- Categories of third parties with whom we share information
- Information collected in the past 12 months
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions:
- We will delete personal information from our records
- We will direct service providers to delete your information
- Exceptions: Legal obligations, security purposes, fraud prevention, contractual requirements
- Blockchain Note: On-chain data cannot be deleted due to blockchain immutability
Right to Opt-Out of Sale
You have the right to opt out of the sale of your personal information.
- Important: We do NOT sell your personal information
- We do not share data for monetary consideration
- We do not engage in cross-context behavioral advertising
- This right is available to you but not currently applicable
Right to Non-Discrimination
You have the right to not receive discriminatory treatment for exercising your CCPA rights.
- We will not deny goods or services
- We will not charge different prices or rates
- We will not provide different quality of service
- We may offer financial incentives with your opt-in consent
7.6 How to Exercise Your CCPA Rights
To exercise your California privacy rights, you may:
- Email us: privacy@myswarm.io with subject line "CCPA Request"
- Submit a request: Include your full name, email address, wallet address (if applicable), and specific right you wish to exercise
- Verification: We will verify your identity before processing requests (typically through email verification or account authentication)
- Response time: We will respond within 45 days (extendable by 45 days with notice)
- No fee: You may exercise these rights twice per 12-month period at no charge
7.7 Authorized Agent
You may designate an authorized agent to submit CCPA requests on your behalf. The authorized agent must:
- Provide written authorization signed by you
- Verify their own identity to SWARM
- Provide proof of authorization (power of attorney or signed permission)
- We may contact you directly to confirm authorization
CCPA Request Processing: We take your privacy rights seriously. All CCPA requests are processed securely and promptly. We will not discriminate against you for exercising your rights under California law.
9. Third-Party Services
SWARM integrates with third-party services that have their own privacy policies:
- Wallet Providers: Phantom, Trust Wallet, WalletConnect
- Blockchain Explorers: Solscan, Solana Explorer
- Analytics: Google Analytics, Mixpanel
- Payment Processors: Stripe, Coinbase Commerce
- KYC Providers: Sumsub, Onfido
We are not responsible for the privacy practices of third-party services. Please review their privacy policies before use.
10. International Users
SWARM operates globally and may transfer data internationally:
- Data may be stored in servers located in multiple countries
- We comply with GDPR (EU), CCPA (California), and other applicable laws
- Data transfers use standard contractual clauses or adequacy decisions
- Users in the EU have specific rights under GDPR
11. Children's Privacy
SWARM is not intended for users under 18 years of age. We do not knowingly collect personal information from children.
If we discover that a child under 18 has provided us with personal information, we will delete such information immediately. If you believe we have collected information from a child, please contact us at privacy@myswarm.io.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting.
- We will notify users of material changes via email or platform notification
- Continued use of SWARM after changes constitutes acceptance
- Previous versions will be archived and available upon request
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us: