Your data, handled with care.

Privacy Policy

This Privacy Policy explains how Swapster Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Swapster Platform ("the Platform"). It applies to all users of the Platform and is written in plain English — because privacy policy shouldn't require a law degree.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy was last updated on 05 June 2026.

Note: This policy is a working draft and is subject to formal legal review prior to the Platform's public launch.

1. What Data We Collect

We only collect data that is necessary to operate the Platform and provide you with a safe, functioning service.

Data you provide directly:

• Your name and email address (when you register)
• A profile photo (optional, if you choose to upload one)
• Your general location (town or city — used to show nearby listings)
• Listing content, including item descriptions and photos
• Messages sent through the Platform's messaging system
• Any reports or feedback you submit

Data collected automatically:

• IP address and device type (for security and fraud prevention)
• Pages visited and actions taken on the Platform (for improving the service)
• Cookies (see our Cookie section below)

2. How We Use Your Data

We use the data we collect to:

• Create and manage your account
• Display your listings to other members
• Facilitate communication between members about swaps
• Send you essential account notifications (e.g. password resets, security alerts)
• Send you platform updates or newsletters — only if you opt in
• Investigate reports, resolve disputes, and enforce our Terms & Conditions
• Improve the Platform through anonymised usage analysis
• Comply with legal obligations

We will never sell your personal data to third parties. We will never use your data for advertising on behalf of third parties.

3. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

• Contract: Processing necessary to provide you with the service you've signed up for
• Legitimate interests: Keeping the Platform secure, preventing fraud, and improving the service
• Consent: For optional communications such as newsletters — which you can withdraw at any time
• Legal obligation: Where we are required to retain or share data by law

4. Sharing Your Data

We do not sell or share your personal data with third parties for commercial purposes. We may share data in the following limited circumstances:

• Service providers: Trusted third parties who help us operate the Platform (e.g. hosting providers, email delivery services) — under strict data processing agreements
• Legal compliance: Where we are required to disclose data by law, court order, or to cooperate with law enforcement
• Safety: Where we believe disclosure is necessary to protect the safety of any person

Any third-party service providers we use are required to handle your data securely and in accordance with UK GDPR.

5. How Long We Keep Your Data

We retain your personal data only for as long as is necessary for the purposes described in this policy, or as required by law.

• Account data is retained for as long as your account is active
• If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal reasons
• Messages and listings may be retained for a limited period after deletion for fraud prevention and safety purposes

6. Cookies

We use cookies to keep you logged in, remember your preferences, and — with your consent — understand how the Platform is used. We do not use advertising or profiling cookies.

Types of cookies we use:

• Essential cookies: Required for the Platform to function (e.g. login sessions, CSRF protection). These cannot be disabled.
• Analytics cookies: Set by Google Analytics to help us understand how visitors use the Platform. IP addresses are anonymised. These are only set if you accept cookies and can be declined via the cookie banner.

For full details of every cookie we set, see our Cookie Policy.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you
• Right to rectification: Ask us to correct inaccurate data
• Right to erasure: Ask us to delete your data (subject to legal obligations)
• Right to restriction: Ask us to limit how we use your data
• Right to data portability: Request your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse — including encryption in transit and at rest, access controls, and regular security reviews.

No method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect your account has been compromised.

9. Contact & Data Controller

The data controller for Swapster is:

If you have any questions, concerns, or requests relating to your privacy, please don't hesitate to get in touch.