SwarmEngines.CLOUD

Privacy Policy

What information we collect, how we use it, and the choices you have. Written in plain English.

Effective: 2026-04-15Last updated: 2026-04-15Contact: contact@swarmengines.com

Contents

  1. Who we are
  2. Information we collect
  3. How we use information
  4. How we share information
  5. AI and customer data
  6. Data retention
  7. Your rights
  8. Security
  9. Cookies and tracking
  10. International transfers
  11. Children
  12. Changes to this policy
  13. Contact us

1 · Who we are

SwarmEngines LLC ("SwarmEngines," "we," "us") operates swarmengines.com, an AI agent platform for small and mid-sized businesses. This Privacy Policy describes how we collect, use, share, and protect information about you and the business you represent when you visit our website, create an account, or use our Services.

If you have questions, contact our privacy team at privacy@swarmengines.com.

2 · Information we collect

Account information

When you sign in with Google, we receive your name, email address, profile image, and a unique Google account identifier. We do not receive your Google password. We do not request access to Gmail, Drive, or Calendar at sign-in — those are separate per-integration connections you opt into later.

Integration credentials

When you connect third-party services (for example, Twilio, HubSpot, Shopify, DocuSign), we store authentication tokens or API keys required for the skill to call those services on your behalf. Credentials are encrypted at rest using AWS Key Management Service (KMS) with envelope encryption; only the specific agent runtime executing your skill can decrypt them at runtime.

Agent inputs and outputs

When our agents execute skills on your behalf, we process inputs you or your tools provide (for example, the content of a missed call event, a lead's form submission, or a transcript) and produce outputs (SMS drafts, CRM updates, emails). We store a log of inputs and outputs for 30 days for debugging, error recovery, and billing accuracy, after which they are automatically purged.

Usage telemetry

We collect pages viewed, features used, feature activation events, agent run counts, and cost-per-run metrics. We associate this with your account to bill you accurately and to improve the product.

Billing information

Payment information (card number, billing address) is collected directly by our payment processor Stripe and is never transmitted to or stored on our servers. We store a Stripe Customer ID and subscription state so we know which plan you're on.

Communications

When you email us, use our chat, or book a call, we keep a record of the communication for quality and support.

3 · How we use information

  • Provide, operate, and maintain the Services.
  • Execute the skills you activate (reading the data they need, producing the outputs they promise).
  • Send you transactional messages: welcome, receipts, usage warnings, incident notifications.
  • Detect abuse, debug errors, and improve reliability.
  • Process payments and enforce plan limits.
  • Respond to your inquiries.
  • Comply with legal obligations (tax records, law-enforcement requests backed by lawful process).

We do not sell your personal information. We do not share it with advertisers for their own purposes.

4 · How we share information

We share information only with service providers ("sub-processors") who help us run the Services and only to the extent they need the data to do their job. A current list is published at /sub-processors. Every sub-processor is bound by a data processing agreement with confidentiality, security, and sub-processing restrictions at least as strict as ours with you.

We may also share information (i) to comply with legal process; (ii) to protect the rights, property, or safety of SwarmEngines, our customers, or others; or (iii) in connection with a merger, acquisition, or sale of assets, in which case we will provide notice and the acquiring entity will be bound by this Privacy Policy.

5 · AI and customer data

We do not use your data to train AI models.

Not our own models, and not the third-party models we use (Anthropic Claude via AWS Bedrock, Amazon Nova Sonic). Customer content stays inside your tenant boundary and is used only to serve you.

Our agents run on AWS Bedrock AgentCore with Firecracker MicroVM isolation — each skill execution is a fresh, single-tenant virtual machine. When the execution completes, the VM is destroyed.

The 30-day input/output log retention described above is used only for debugging, error recovery, and billing. It is not made available to model trainers, including Anthropic or Amazon.

6 · Data retention

  • Agent inputs/outputs: 30 days, then auto-deleted.
  • Integration credentials: held until you disconnect. On disconnect, deleted within 24 hours and the associated refresh token is revoked at the provider.
  • Account information: retained while your account is active. After account closure, retained for 30 days then deleted, except records required by law (tax, anti-fraud).
  • Billing records: 7 years, required by US tax law.
  • Usage telemetry: aggregated and anonymized after 13 months.
  • Support communications: 3 years.

7 · Your rights

Depending on where you live, you may have rights under GDPR (EU/UK), CCPA/CPRA (California), or similar laws:

  • Access — a copy of the personal information we hold about you.
  • Correction — update inaccurate information.
  • Deletion — request erasure, subject to legal retention obligations.
  • Portability — receive your data in a machine-readable format.
  • Opt-out — of marketing communications (transactional emails are exempted).
  • Non-discrimination — we will not treat you differently for exercising these rights.

To exercise any right, email privacy@swarmengines.com. We respond within 30 days. We may need to verify your identity before fulfilling a request.

8 · Security

We follow industry-standard practices: encryption at rest (AWS KMS), encryption in transit (TLS 1.2+), MicroVM tenant isolation, principle-of-least-privilege IAM, continuous audit logging. See our Security Overview for details.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay (within 72 hours of confirmation) and describe the scope, mitigation steps, and actions you should take.

9 · Cookies and tracking

We use a small number of cookies strictly necessary to operate the Services:

  • Session cookies for authentication (NextAuth session cookie, HttpOnly, SameSite=Lax).
  • CSRF protection tokens.
  • Brief preference cookies (e.g., wizard draft state).

We use privacy-respecting analytics (page views, aggregate usage) that do not set persistent cross-site identifiers. We do not use advertising trackers on authenticated (dashboard) pages. On marketing pages we may use a Meta Pixel with appropriate consent banner once deployed.

10 · International transfers

SwarmEngines is headquartered in the United States. Our infrastructure primarily runs in AWS us-west-2 (Oregon). If you are located outside the US, your information will be transferred to and processed in the United States. For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses as described in the Data Processing Addendum.

11 · Children

The Services are intended for businesses and individuals over 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a child under 18, we will delete it.

12 · Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on file) and by posting a notice at the top of this page at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.

13 · Contact us

Questions, requests, or complaints:

EU/UK residents: you also have the right to lodge a complaint with your local data protection authority.

Draft — lawyer review recommended before material use.

This document is drafted from best-practice templates for AI SaaS platforms. It's production-ready for early-stage go-live but should be reviewed by counsel before handling regulated-industry customers (healthcare, financial services, EU-heavy deployments) or before SOC 2 audit.

Privacy PolicyTerms of ServiceData Processing AddendumAcceptable Use PolicyAI Usage PolicySub-processorsService Level AgreementSecurity Overview