Cookie Policy
Effective July 31, 2025
1. Introduction
This Cookie Policy explains how Swapped ApS (“Swapped,” “we,” “us,” or “our”) uses cookies and similar technologies on our websites, applications, and digital platforms (collectively, the “Services”).
This Policy should be read alongside our Privacy Policy, which provides broader details about how we handle personal data. By using our Services, you consent to the use of cookies and similar technologies as described in this Policy. You can adjust your preferences at any time via our Cookie Settings available on our website.
2. What are Cookies and Similar Technologies
Cookies are small text files placed on your device (computer, smartphone, tablet, or other electronic device) when you access our Services. They enable functionality, remember preferences, improve performance, and help us understand how our Services are used.
2.1 Similar Technologies include:
a. Local Storage: Data stored within your browser for faster performance and reduced server requests.
b. Web Beacons: Pixel tags used for traffic measurement and campaign effectiveness.
c. Device Identifiers: Unique device/browser details used for security and analytics.
d. Session Replay and Fingerprinting: Records user interactions with our website for analysis and improvement purposes and collects information about your device and browser configuration to create a unique identifier.
3. Types of Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
3.1.1 These cookies are fundamental to the operation, integrity, and lawful delivery of our Services and are therefore categorized as strictly necessary. Without them, the Services cannot be provided in a secure, consistent, and functional manner. They include:
a. The PHPSESSID cookie, which is required to establish and maintain secure user sessions within our widgets, ensuring that information entered by a user persists across different parts of the platform without requiring re-authentication.
b. Payment security cookies, which are deployed to facilitate secure payment transactions, support fraud prevention measures, comply with applicable financial regulations, and ensure that transaction data is transmitted in accordance with Payment Card Industry Data Security Standards (PCI DSS).
c . Customer support cookies, which are necessary to deliver real-time customer support functionality by maintaining stateful communication sessions and ensuring continuity in interactions between the user and our support team.
d. Cookie consent preference cookies, which are used to store a user’s cookie choices and ensure compliance with the General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive (PECR), and other applicable data protection laws.
e. Cloudflare security cookies, which are used to verify that a user has successfully passed a security challenge (such as bot or DDoS protection). These cookies protect the Services from malicious traffic and ensure continued availability and reliability.
3.1.2 The legal basis for the use of these cookies under the GDPR and UK GDPR is Article 6(1)(f) (legitimate interest), as they are indispensable to the proper functioning, security, and provision of the Services. In certain cases, such as payment processing, Article 6(1)(b) (contractual necessity) may also apply, as these cookies are required to fulfill a user’s request to engage in a transaction.
3.3.1 The duration of these cookies is limited to what is strictly necessary for their intended purposes. Session cookies, such as PHPSESSID, persist up to one month, while persistent cookies, such as consent preference or certain security-related cookies, may remain active for up to one year unless deleted earlier by the user. Such retention periods are proportionate to the operational and legal requirements for which the cookies are set.
3.2 Analytics and Performance Cookies
Analytics and performance cookies enable us to measure, analyze, and continuously improve the way users interact with our Services. These technologies allow us to better understand traffic volumes, engagement patterns, device/browser configurations, and overall system performance. The data collected is aggregated and, where possible, anonymized or pseudonymized, so that it does not directly identify individual users. Such cookies are not strictly necessary for the operation of the Services, but they are essential to our ability to develop, optimize, and provide a high-quality user experience.
3.2.1 Google Analytics (GA4). We use Google Analytics 4, provided by Google LLC and its affiliates, to analyze traffic and usage trends. GA4 provides insights into user sessions, engagement, retention, and user flows across pages. Data collected may include anonymized IP addresses, device identifiers, browser information, referral sources, and interaction events such as clicks or scroll depth. Cookies associated with GA4, such as _ga and _gid, typically persist for up to one week unless cleared sooner by the user. The legal basis under the GDPR is user consent, with data transfers safeguarded through the EU-US Data Privacy Framework or Standard Contractual Clauses where applicable.
3.2.2 Ahrefs Analytics. We use Ahrefs Analytics, provided by Ahrefs Pte. Ltd., to evaluate our website’s search performance, backlink profile, and SEO-related metrics.This service operates through tracking scripts and may set identifiers such as cookies or local storage values. The data collected includes aggregated information on page visits, referral sources, keyword queries, and navigation paths. These insights help us improve discoverability and user flow. Ahrefs-related cookies or storage values typically persist for up to one year. Data processing is conducted in accordance with GDPR principles, with appropriate safeguards for international transfers.
3.2.3 Framer Analytics. Our platform incorporates built-in Framer Analytics to track in-page performance and interaction metrics. This service relies on tracking scripts and local storage values (rather than cookies alone) to capture information such as navigation paths, click rates, time spent on specific components, and engagement with dynamic features. These values may persist for the duration of a browsing session or up to one year. Data is used solely for internal performance measurement and design optimization.
Legal Basis. The deployment of analytics and performance cookies is based on the user’s explicit consent under Article 6(1)(a) GDPR and UK GDPR. In limited cases, where permitted by applicable law, processing may also rely on Article 6(1)(f) GDPR (legitimate interest) for purposes of service improvement. Users retain the right to withdraw consent at any time.
3.3 Functional and Preference Cookies
Functional and preference cookies enable us to provide a more tailored experience by remembering the individual choices and settings of each user. These cookies do not track browsing across unrelated websites, but instead ensure that users’ prior selections are preserved for future visits, thereby enhancing usability and convenience.
Examples include:
a. A custom Swapped cookie that records the user’s selected country and currency preference to ensure prices, market data, and features are displayed accurately in the correct format.
b. An Intercom widget cookie that preserves the user’s preferred language setting, chat history, and support state so that interactions with our customer support system remain seamless and consistent.
3.3.1 Duration. These cookies typically persist for up to one year unless deleted earlier by the user.
3.3.2 Legal Basis. The use of functional and preference cookies is based on consent under Article 6(1)(a) GDPR, as they are not strictly necessary but materially improve the quality of the Services.
3.4 Local Storage Variables
In addition to cookies, we utilize local storage technologies built into modern browsers. Unlike cookies, local storage data is not transmitted automatically with every network request; instead, it resides entirely on the user’s device and is accessed only when required by our Services. This reduces server load, increases responsiveness, and allows for more efficient personalization.
Local storage variables used by Swapped include:
a. Cached cryptocurrency and fiat exchange rates, enabling faster load times for market data without repeatedly querying Swapped.com’s APIs.
b. Cached market statistics, which improve widget rendering performance and user experience by locally storing relevant non-sensitive information.
c. Widget-specific variables, including confirmation of age restrictions, language selections, and the operational state of Intercom. These values ensure compliance with legal requirements (such as age-gating) and preserve continuity across user sessions.
3.4.1 Duration. Local storage values persist until actively deleted by the user or cleared as part of browser maintenance.
3.4.2 Legal Basis. The use of local storage is justified under Article 6(1)(f) GDPR (legitimate interest), as it optimizes service performance, reduces latency, and provides essential personalization without compromising user privacy.
3.5 Marketing and Advertising Cookies
Swapped ApS does not currently deploy third-party marketing or advertising cookies on its Services. We do not use cookies for behavioral profiling, cross-site tracking, targeted advertising, or the sale or sharing of personal information as defined under applicable laws.
3.5.1 Should we decide to introduce such technologies in the future, we will:
a. Provide clear and prominent notice to users in advance of their deployment.
b. Obtain explicit consent from users in accordance with Article 6(1)(a) GDPR, the UK GDPR, and the ePrivacy Directive, prior to setting any such cookies.
c. Update this Cookie Policy and the Cookie Settings interface to reflect the new categories, purposes, and options available.
d. For users located in the United States, including California residents, provide a clear and accessible mechanism to exercise their rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to opt out of the “sale” or “sharing” of personal information that may occur through the use of advertising or marketing cookies.
Until such a time, no marketing or advertising cookies are placed on users’ devices by Swapped.
4. Cookie Duration and Sources
Cookies differ in how long they remain active on a user’s device and in whether they originate from Swapped ApS or a third-party provider.
4.1 Session Cookies. These are temporary files that exist for the duration of the session. They are typically used for authentication (PHPSESSID) and maintaining temporary preferences during a single visit.
4.2 Persistent Cookies. These remain stored on a user’s device for a defined duration, which can range from hours to up to 9 months. They enable recognition of returning users, retention of consent preferences, and long-term analytics. Examples include Google Analytics (_ga) and our currency preference cookie.
4.3 First-Party Cookies. Set directly by Swapped ApS when you interact with our Services. We maintain full control over their scope, duration, and data processing purposes. Examples include consent preference cookies and custom localization cookies.
4.4 Third-Party Tracking Technologies: Set by external providers such as Google Analytics, Ahrefs, Intercom, and Framer Analytics. These may include cookies, local storage values, or tracking scripts. While we integrate these services to support security, analytics, or communication, the data collected is governed by the respective provider’s privacy policies.
4.5 Legal Basis: Article 6(1)(a) GDPR (consent for persistent and third-party cookies), Article 6(1)(f) GDPR (legitimate interest for essential cookies).
5. Legal Basis for Cookie Processing
Swapped ApS implements cookies in accordance with the applicable legal frameworks across different jurisdictions.
5.1 European Union (GDPR).
Consent (Art. 6(1)(a)): Required for all non-essential cookies, including analytics, functional, preference, and potential marketing cookies.
Legitimate Interest (Art. 6(1)(f)): Applies to essential cookies strictly necessary for the security and provision of our Services.
Contractual Necessity (Art. 6(1)(b)): Applies to cookies required to complete a contractual action, such as Stripe payment authentication.
5.2 United Kingdom (UK GDPR and PECR).
Swapped mirrors the EU framework under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Explicit consent is obtained for all non-essential cookies, while essential cookies are set under legitimate interest or contractual necessity.
5.3 United States (CCPA/CPRA).
We provide clear notice of cookie use and their categories.
Users have the right to opt out of the “sale” or “sharing” of personal information, though Swapped does not currently sell or share cookie-derived data.
Users may request deletion of personal information collected via cookies, subject to applicable exceptions.
5.4 Other Jurisdictions.
We apply privacy-protective practices consistent with local requirements, including Canada’s PIPEDA, and Australia’s Privacy Act, where applicable.
6. Your Cookie Choices and Rights
Users have full control over cookie usage through several mechanisms.
6.1 Cookie Preference Center
6.1.1 Access. Swapped provides a Cookie Preference Center, accessible at any time via the cookie banner displayed upon first visit and through the permanent “Cookie Settings” link available on our website.
6.1.2 Categories of Control. Within the Cookie Preference Center, users may grant or withdraw consent for non-essential categories of cookies, including Analytics and Performance, Functional and Preference, and Marketing cookies (if introduced in the future). Essential cookies cannot be disabled, as they are required for the operation of our Services.
6.1.3 Granularity of Choice. Users may review the purposes and providers of each category of cookies and select or deselect consent at a granular, category-by-category level.
6.1.4 Withdrawal of Consent. Users may withdraw consent at any time in accordance with Article 7 of the GDPR and UK GDPR. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.1.5 Storage of Preferences. Consent choices are stored in a persistent cookie. If this cookie is deleted (e.g., via browser settings), users will be prompted to reconfirm preferences on their next visit.
6.2 Browser Settings
6.2.1 General Controls. Most modern browsers allow users to manage cookies directly. Available options typically include:
Blocking all cookies.
Blocking third-party cookies only.
Deleting existing cookies.
Restricting cookies to specific websites.
Receiving alerts before cookies are placed.
6.2.2 Impact on Functionality. Users should note that disabling all cookies may impair essential functions of the Services, such as login sessions, payment authentication, or fraud prevention.
6.2.3 Browser-Specific Instructions. Detailed instructions can be found in the privacy or security settings of commonly used browsers, including Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.
6.2.4 Privacy Signals. Certain browsers and extensions allow users to enable “Do Not Track” (DNT) and “Global Privacy Control” (GPC) signals. Where legally required, including under the CCPA and CPRA, Swapped will treat such signals as valid opt-out requests for non-essential tracking or the sale/sharing of personal information.
6.3 Third-Party Opt-Outs.
Google Analytics: Google Analytics. Users may opt out of Google Analytics tracking by installing the official Google Analytics Opt-out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout.
Ahrefs/Framer Analytics: Users may block tracking through their browser settings (e.g., disabling cookies or clearing local storage) or use privacy tools that restrict third-party scripts. Users may also request opt-out directly through the respective provider’s support channels.
Intercom: Users may disable chat functionality or block its cookies directly in their browser.
6.4 Mobile Device Settings. Users may limit tracking at the operating system level, including app-specific privacy and ad-tracking controls.
6.5 Legal Basis: Users may exercise rights under Article 7 GDPR (withdrawal of consent) and equivalent provisions in UK GDPR and CCPA/CPRA.
7. International Data Transfers
Because Swapped ApS uses certain service providers that are headquartered or process data outside of the European Economic Area (EEA) and the United Kingdom, personal data collected via cookies and similar technologies may be transferred internationally. All such transfers are conducted in compliance with applicable data protection laws, including Chapter V of the GDPR and the UK GDPR.
7.1 Google Analytics
Data collected through Google Analytics (GA4) may be transferred to and processed by Google LLC in the United States. Google participates in the EU–US Data Privacy Framework, which has been recognized by the European Commission as providing an adequate level of protection. Where applicable, Standard Contractual Clauses (SCCs) are also implemented as an additional safeguard.
7.2 Ahrefs Analytics
Ahrefs Pte. Ltd., headquartered in Singapore, processes data collected through Ahrefs Analytics in accordance with the GDPR. For data originating in the EEA or UK, transfers to Singapore are secured by the use of SCCs and supplementary measures to ensure compliance with Schrems II requirements.
7.3 Customer Support and Transaction Security Providers
Certain third-party providers headquartered in the United States may process limited personal data through cookies associated with secure transactions and customer support functionality. These providers participate in the EU–US Data Privacy Framework and provide Standard Contractual Clauses (SCCs) as additional contractual safeguards.
7.4 Safeguards
Swapped ensures that all international transfers are subject to appropriate technical, contractual, and organizational protections, including:
7.4.1 Standard Contractual Clauses (SCCs).
Where no adequacy decision exists, we rely on the European Commission’s SCCs and the UK’s International Data Transfer Addendum as the primary legal mechanism for data transfers.
7.4.2 Adequacy Decisions and Data Privacy Frameworks.
Where available, transfers are conducted under adequacy decisions (e.g., EU–US Data Privacy Framework). This ensures that providers receiving data maintain a level of protection equivalent to that under EU and UK law.
7.4.3 Technical Safeguards.
Service providers are contractually required to implement encryption (in transit and at rest), pseudonymization, and secure transmission protocols (HTTPS/TLS) to mitigate risks of unauthorized access.
7.4.4 Organizational Measures.
Providers must apply strict access controls, role-based permissions, audit logging, and regular security assessments to ensure that only authorized personnel can access transferred data.
7.4.5 Data Minimization.
Only the minimum necessary personal data is transferred for the stated processing purpose (e.g., analytics, fraud prevention, or chat support).
7.4.6 Ongoing Compliance Monitoring.
We periodically review the adequacy of safeguards, monitor developments in data transfer law (including CJEU and EDPB guidance), and update contractual arrangements where required.
8. Data Retention
8.1 Cookie Retention Periods.
8.1.1 Essential Cookies
PHPSESSID (Session) – Maintains secure session state within widgets; deleted when the session ends.
__stripe_sid (Session) – Use for fraud prevention and session management; expires when browser session ends.
__stripe_mid (1 year) – Used for fraud prevention and secure payment authentication.
intercom-session-* (1 week) – Maintains Intercom chat session continuity.
intercom-id-* (9 months) – Associates a unique identifier with a browser to preserve Intercom communication history.
cf_clearance (2 hours) – Used by Cloudflare to distinguish legitimate users from automated bots and to protect the Services against distributed denial-of-service (DDoS) and other malicious attacks.
Consent preference cookies (up to 1 year) – Store user’s cookie consent choices to ensure compliance with GDPR/UK GDPR/ePrivacy Directive.
8.1.2 Analytics Cookies
_ga (1 week ) – Distinguishes unique users in Google Analytics.
_ga_* (1 week) – Stores session and campaign data for Google Analytics.
_gid (1 week ) – Distinguishes users on a per-day basis in Google Analytics.
_gat (1 minute) – Throttles request rate to limit Google Analytics data collection.
ahrefs-analytics (1 year) – Set only when analytics cookies are accepted. Tracks user sessions and page views for Ahrefs Analytics.
ah_session (Session) – Set only when analytics cookies are accepted. Maintains temporary session state in Ahrefs Analytics.
Framer Analytics tracking values (Session to 1 year) – Values created by Framer’s tracking scripts, stored in local storage or cookies, to record navigation paths, engagement, and component usage.
8.1.3 Functional and Preference Cookies
Country and currency preference cookie (1 year) – Stores selected country and currency to ensure localized display of market data.
Intercom language preference cookie (1 year) – Preserves user’s selected language for customer support chat.
8.1.4 Local Storage Values
Cached cryptocurrency and fiat exchange rates (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Cached market statistics (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Widget states (e.g., age restriction confirmation, Intercom chat status, language preference) – Persist until manually cleared by the user through browser/device settings.
8.2 Expiry and Deletion
8.2.1 Automatic Expiry. Cookies are automatically deleted after their defined lifespan. Session cookies expire once the browser is closed. Persistent cookies expire at the end of their retention period.
8.2.2 Manual Deletion. Users may delete cookies at any time through browser settings (Chrome, Firefox, Safari, Edge, etc.). Local storage values must be cleared separately via browser or device storage settings.
8.2.3 Refresh and Overwrite. Certain values (e.g., cached crypto rates, market statistics) are refreshed daily or overwritten by new data, minimizing long-term retention.
8.3 User Rights
8.3.1 GDPR/UK GDPR. Users may request deletion of cookie-derived personal data under the right to erasure (Article 17 GDPR/UK GDPR), subject to legal exceptions.
8.3.2 CCPA/CPRA. California residents may request deletion of personal information collected through cookies, subject to exemptions (e.g., for fraud prevention or legal compliance).
8.3.3 Withdrawal of Consent. Users may withdraw consent for non-essential cookies at any time via the Cookie Preference Center (see Section 6).
8.4 Periodic Review
Swapped reviews cookie retention schedules on at least an annual basis to ensure that retention remains proportionate, necessary, and in compliance with applicable law.
9. Children’s Privacy
9.1 Age Restriction. Swapped’s Services are intended exclusively for individuals aged 18 years and older. We do not knowingly permit minors to register, engage in transactions, or otherwise access Services that require the processing of personal data.
9.2 Cookie Usage and Minors. We do not knowingly use cookies or similar technologies to collect personal information from children under the age of 18. If we become aware that a minor has interacted with our Services in a manner that results in the collection of personal data, we will promptly delete such data and disable associated cookies.
9.3 Age-Gating Mechanism. Certain widgets and features of our Services include an age restriction confirmation, stored as a local storage variable (see Section 3.4). This mechanism is designed to prevent underage individuals from accessing content or functionality that is restricted under applicable laws (e.g., financial services regulations).
10. Security
Swapped ApS maintains a combination of technical, organizational, and contractual measures to protect cookie-related data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include end-to-end encryption of sensitive transactions, mandatory HTTPS transmission for all cookies, and restrictive cookie attributes (Secure, HttpOnly, and SameSite) applied where appropriate. In addition, we employ layered access controls, enforce role-based permissions, and conduct continuous monitoring of systems that process or store cookie-derived data. Security is further reinforced through periodic penetration testing, vulnerability assessments, and incident response planning. These safeguards are aligned with international standards for information security management and PCI DSS for payment card industry compliance. We review and update our measures regularly to address evolving threats and regulatory expectations.
Access to cookie-derived data is strictly limited to authorized personnel who are bound by confidentiality obligations and who undergo periodic data protection and security training.
11. Your Rights Under Data Protection Laws
Depending on where you are located, you may have certain rights relating to data collected through cookies.
For residents of the European Union and the United Kingdom, rights include access, rectification, erasure, restriction of processing, portability, objection to processing, and the ability to withdraw consent at any time. We will respond to valid requests within the timelines established by GDPR and UK GDPR, typically within 30 days.
For residents of the United States, including California, rights under the CCPA/CPRA include the right to know what categories of personal information have been collected, the right to request deletion (subject to legal obligations), the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising privacy rights.
For residents of other jurisdictions, such as Canada, Singapore, or Australia, we recognize and respect privacy rights established under local legislation.
We may require reasonable verification of your identity before fulfilling rights requests to protect the integrity of personal data. Requests can be submitted to support@swapped.com or Data Protection Officer: GDPR@swapped.com
If you are not satisfied with the way we handle your request, you also have the right to lodge a complaint with your local data protection authority (see Section 13).
12. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, law, or our business practices. Updates will be effective as of the “Effective Date” at the top of this document. Where changes are material, we will notify users through banners on our Services, platform messages, or direct communication such as email. Where legally required, we will also request renewed consent before applying new categories of cookies. We maintain internal version control to ensure prior versions of this Policy remain available for regulatory or audit purposes.
We encourage users to review this Cookie Policy periodically to remain informed about our use of cookies and similar technologies.
13. Complaints and Supervisory Authorities
If you have concerns about how we use cookies or process cookie-derived data, we encourage you to contact us first.
In the EU/EEA, our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet), which can be reached via
Address: Carl Jacobsens Vej 35, 2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
In the UK, complaints may be raised with the Information Commissioner’s Office (ICO), which can be reached at
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Phone: +44 (0)303 123 1113
Email: https://ico.org.uk
In Australia, complaints may be raised with the Office of the Australian Information Commissioner (OAIC), available at
Address: GPO Box 5218, Sydney NSW 2001, Australia
Phone: 1300 363 992
Website: https://www.oaic.gov.au
In the United States, users may direct complaints to the Federal Trade Commission (FTC) at
Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580, USA
Phone: ++1 202 326 2222
Email: https://www.ftc.gov
or, where applicable, to their state privacy regulator (for example, the California Privacy Protection Agency under the CCPA/CPRA).
In other jurisdictions, you may contact your local data protection authority. We cooperate fully with competent supervisory authorities and will comply with their directions in relation to complaints.
14. Contact Information
If you have questions about this Cookie Policy or how we use cookies and similar technologies, you may contact us at:
Swapped ApS
Rosbjergvej 22A
8220 Brabrand, Denmark
Email: support@swapped.com
Data Protection Officer: GDPR@swapped.com
We aim to respond to inquiries in a timely manner and within the response periods required by applicable law.
15. Glossary
Cookie
A small text file stored on your device by a website or application. Cookies are used to enable functionality, remember preferences, improve performance, and provide analytics or security functions.
Local Storage
A browser-based storage mechanism that persists until cleared by the user. Unlike cookies, local storage data is not automatically transmitted with each network request.
Session Cookie
A cookie that exists only during a single browsing session and is automatically deleted once the browser is closed.
Persistent Cookie
A cookie that remains on your device until its defined expiry date or until manually deleted by the user.
First-Party Cookie
A cookie set directly by the website or service you are visiting (e.g., Swapped’s consent preferences).
Third-Party Cookie
A cookie set by a domain other than the one you are visiting (e.g., Google Analytics, Stripe, Intercom).
Personal Data
Any information relating to an identified or identifiable natural person, as defined by the GDPR and equivalent legislation.
Consent
A freely given, specific, informed, and unambiguous indication of a user’s wishes, signifying agreement to the processing of their personal data.
Pseudonymization
The processing of personal data in such a manner that it can no longer be attributed to a specific individual without additional information kept separately.
Data Controller
The entity that determines the purposes and means of processing personal data (Swapped ApS acts as the Data Controller for cookie-related processing).
Data Processor
An entity that processes personal data on behalf of a Data Controller, such as third-party service providers (e.g., Google, Stripe, Intercom).
Effective July 31, 2025
1. Introduction
This Cookie Policy explains how Swapped ApS (“Swapped,” “we,” “us,” or “our”) uses cookies and similar technologies on our websites, applications, and digital platforms (collectively, the “Services”).
This Policy should be read alongside our Privacy Policy, which provides broader details about how we handle personal data. By using our Services, you consent to the use of cookies and similar technologies as described in this Policy. You can adjust your preferences at any time via our Cookie Settings available on our website.
2. What are Cookies and Similar Technologies
Cookies are small text files placed on your device (computer, smartphone, tablet, or other electronic device) when you access our Services. They enable functionality, remember preferences, improve performance, and help us understand how our Services are used.
2.1 Similar Technologies include:
a. Local Storage: Data stored within your browser for faster performance and reduced server requests.
b. Web Beacons: Pixel tags used for traffic measurement and campaign effectiveness.
c. Device Identifiers: Unique device/browser details used for security and analytics.
d. Session Replay and Fingerprinting: Records user interactions with our website for analysis and improvement purposes and collects information about your device and browser configuration to create a unique identifier.
3. Types of Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
3.1.1 These cookies are fundamental to the operation, integrity, and lawful delivery of our Services and are therefore categorized as strictly necessary. Without them, the Services cannot be provided in a secure, consistent, and functional manner. They include:
a. The PHPSESSID cookie, which is required to establish and maintain secure user sessions within our widgets, ensuring that information entered by a user persists across different parts of the platform without requiring re-authentication.
b. Payment security cookies, which are deployed to facilitate secure payment transactions, support fraud prevention measures, comply with applicable financial regulations, and ensure that transaction data is transmitted in accordance with Payment Card Industry Data Security Standards (PCI DSS).
c . Customer support cookies, which are necessary to deliver real-time customer support functionality by maintaining stateful communication sessions and ensuring continuity in interactions between the user and our support team.
d. Cookie consent preference cookies, which are used to store a user’s cookie choices and ensure compliance with the General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive (PECR), and other applicable data protection laws.
e. Cloudflare security cookies, which are used to verify that a user has successfully passed a security challenge (such as bot or DDoS protection). These cookies protect the Services from malicious traffic and ensure continued availability and reliability.
3.1.2 The legal basis for the use of these cookies under the GDPR and UK GDPR is Article 6(1)(f) (legitimate interest), as they are indispensable to the proper functioning, security, and provision of the Services. In certain cases, such as payment processing, Article 6(1)(b) (contractual necessity) may also apply, as these cookies are required to fulfill a user’s request to engage in a transaction.
3.3.1 The duration of these cookies is limited to what is strictly necessary for their intended purposes. Session cookies, such as PHPSESSID, persist up to one month, while persistent cookies, such as consent preference or certain security-related cookies, may remain active for up to one year unless deleted earlier by the user. Such retention periods are proportionate to the operational and legal requirements for which the cookies are set.
3.2 Analytics and Performance Cookies
Analytics and performance cookies enable us to measure, analyze, and continuously improve the way users interact with our Services. These technologies allow us to better understand traffic volumes, engagement patterns, device/browser configurations, and overall system performance. The data collected is aggregated and, where possible, anonymized or pseudonymized, so that it does not directly identify individual users. Such cookies are not strictly necessary for the operation of the Services, but they are essential to our ability to develop, optimize, and provide a high-quality user experience.
3.2.1 Google Analytics (GA4). We use Google Analytics 4, provided by Google LLC and its affiliates, to analyze traffic and usage trends. GA4 provides insights into user sessions, engagement, retention, and user flows across pages. Data collected may include anonymized IP addresses, device identifiers, browser information, referral sources, and interaction events such as clicks or scroll depth. Cookies associated with GA4, such as _ga and _gid, typically persist for up to one week unless cleared sooner by the user. The legal basis under the GDPR is user consent, with data transfers safeguarded through the EU-US Data Privacy Framework or Standard Contractual Clauses where applicable.
3.2.2 Ahrefs Analytics. We use Ahrefs Analytics, provided by Ahrefs Pte. Ltd., to evaluate our website’s search performance, backlink profile, and SEO-related metrics.This service operates through tracking scripts and may set identifiers such as cookies or local storage values. The data collected includes aggregated information on page visits, referral sources, keyword queries, and navigation paths. These insights help us improve discoverability and user flow. Ahrefs-related cookies or storage values typically persist for up to one year. Data processing is conducted in accordance with GDPR principles, with appropriate safeguards for international transfers.
3.2.3 Framer Analytics. Our platform incorporates built-in Framer Analytics to track in-page performance and interaction metrics. This service relies on tracking scripts and local storage values (rather than cookies alone) to capture information such as navigation paths, click rates, time spent on specific components, and engagement with dynamic features. These values may persist for the duration of a browsing session or up to one year. Data is used solely for internal performance measurement and design optimization.
Legal Basis. The deployment of analytics and performance cookies is based on the user’s explicit consent under Article 6(1)(a) GDPR and UK GDPR. In limited cases, where permitted by applicable law, processing may also rely on Article 6(1)(f) GDPR (legitimate interest) for purposes of service improvement. Users retain the right to withdraw consent at any time.
3.3 Functional and Preference Cookies
Functional and preference cookies enable us to provide a more tailored experience by remembering the individual choices and settings of each user. These cookies do not track browsing across unrelated websites, but instead ensure that users’ prior selections are preserved for future visits, thereby enhancing usability and convenience.
Examples include:
a. A custom Swapped cookie that records the user’s selected country and currency preference to ensure prices, market data, and features are displayed accurately in the correct format.
b. An Intercom widget cookie that preserves the user’s preferred language setting, chat history, and support state so that interactions with our customer support system remain seamless and consistent.
3.3.1 Duration. These cookies typically persist for up to one year unless deleted earlier by the user.
3.3.2 Legal Basis. The use of functional and preference cookies is based on consent under Article 6(1)(a) GDPR, as they are not strictly necessary but materially improve the quality of the Services.
3.4 Local Storage Variables
In addition to cookies, we utilize local storage technologies built into modern browsers. Unlike cookies, local storage data is not transmitted automatically with every network request; instead, it resides entirely on the user’s device and is accessed only when required by our Services. This reduces server load, increases responsiveness, and allows for more efficient personalization.
Local storage variables used by Swapped include:
a. Cached cryptocurrency and fiat exchange rates, enabling faster load times for market data without repeatedly querying Swapped.com’s APIs.
b. Cached market statistics, which improve widget rendering performance and user experience by locally storing relevant non-sensitive information.
c. Widget-specific variables, including confirmation of age restrictions, language selections, and the operational state of Intercom. These values ensure compliance with legal requirements (such as age-gating) and preserve continuity across user sessions.
3.4.1 Duration. Local storage values persist until actively deleted by the user or cleared as part of browser maintenance.
3.4.2 Legal Basis. The use of local storage is justified under Article 6(1)(f) GDPR (legitimate interest), as it optimizes service performance, reduces latency, and provides essential personalization without compromising user privacy.
3.5 Marketing and Advertising Cookies
Swapped ApS does not currently deploy third-party marketing or advertising cookies on its Services. We do not use cookies for behavioral profiling, cross-site tracking, targeted advertising, or the sale or sharing of personal information as defined under applicable laws.
3.5.1 Should we decide to introduce such technologies in the future, we will:
a. Provide clear and prominent notice to users in advance of their deployment.
b. Obtain explicit consent from users in accordance with Article 6(1)(a) GDPR, the UK GDPR, and the ePrivacy Directive, prior to setting any such cookies.
c. Update this Cookie Policy and the Cookie Settings interface to reflect the new categories, purposes, and options available.
d. For users located in the United States, including California residents, provide a clear and accessible mechanism to exercise their rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to opt out of the “sale” or “sharing” of personal information that may occur through the use of advertising or marketing cookies.
Until such a time, no marketing or advertising cookies are placed on users’ devices by Swapped.
4. Cookie Duration and Sources
Cookies differ in how long they remain active on a user’s device and in whether they originate from Swapped ApS or a third-party provider.
4.1 Session Cookies. These are temporary files that exist for the duration of the session. They are typically used for authentication (PHPSESSID) and maintaining temporary preferences during a single visit.
4.2 Persistent Cookies. These remain stored on a user’s device for a defined duration, which can range from hours to up to 9 months. They enable recognition of returning users, retention of consent preferences, and long-term analytics. Examples include Google Analytics (_ga) and our currency preference cookie.
4.3 First-Party Cookies. Set directly by Swapped ApS when you interact with our Services. We maintain full control over their scope, duration, and data processing purposes. Examples include consent preference cookies and custom localization cookies.
4.4 Third-Party Tracking Technologies: Set by external providers such as Google Analytics, Ahrefs, Intercom, and Framer Analytics. These may include cookies, local storage values, or tracking scripts. While we integrate these services to support security, analytics, or communication, the data collected is governed by the respective provider’s privacy policies.
4.5 Legal Basis: Article 6(1)(a) GDPR (consent for persistent and third-party cookies), Article 6(1)(f) GDPR (legitimate interest for essential cookies).
5. Legal Basis for Cookie Processing
Swapped ApS implements cookies in accordance with the applicable legal frameworks across different jurisdictions.
5.1 European Union (GDPR).
Consent (Art. 6(1)(a)): Required for all non-essential cookies, including analytics, functional, preference, and potential marketing cookies.
Legitimate Interest (Art. 6(1)(f)): Applies to essential cookies strictly necessary for the security and provision of our Services.
Contractual Necessity (Art. 6(1)(b)): Applies to cookies required to complete a contractual action, such as Stripe payment authentication.
5.2 United Kingdom (UK GDPR and PECR).
Swapped mirrors the EU framework under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Explicit consent is obtained for all non-essential cookies, while essential cookies are set under legitimate interest or contractual necessity.
5.3 United States (CCPA/CPRA).
We provide clear notice of cookie use and their categories.
Users have the right to opt out of the “sale” or “sharing” of personal information, though Swapped does not currently sell or share cookie-derived data.
Users may request deletion of personal information collected via cookies, subject to applicable exceptions.
5.4 Other Jurisdictions.
We apply privacy-protective practices consistent with local requirements, including Canada’s PIPEDA, and Australia’s Privacy Act, where applicable.
6. Your Cookie Choices and Rights
Users have full control over cookie usage through several mechanisms.
6.1 Cookie Preference Center
6.1.1 Access. Swapped provides a Cookie Preference Center, accessible at any time via the cookie banner displayed upon first visit and through the permanent “Cookie Settings” link available on our website.
6.1.2 Categories of Control. Within the Cookie Preference Center, users may grant or withdraw consent for non-essential categories of cookies, including Analytics and Performance, Functional and Preference, and Marketing cookies (if introduced in the future). Essential cookies cannot be disabled, as they are required for the operation of our Services.
6.1.3 Granularity of Choice. Users may review the purposes and providers of each category of cookies and select or deselect consent at a granular, category-by-category level.
6.1.4 Withdrawal of Consent. Users may withdraw consent at any time in accordance with Article 7 of the GDPR and UK GDPR. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.1.5 Storage of Preferences. Consent choices are stored in a persistent cookie. If this cookie is deleted (e.g., via browser settings), users will be prompted to reconfirm preferences on their next visit.
6.2 Browser Settings
6.2.1 General Controls. Most modern browsers allow users to manage cookies directly. Available options typically include:
Blocking all cookies.
Blocking third-party cookies only.
Deleting existing cookies.
Restricting cookies to specific websites.
Receiving alerts before cookies are placed.
6.2.2 Impact on Functionality. Users should note that disabling all cookies may impair essential functions of the Services, such as login sessions, payment authentication, or fraud prevention.
6.2.3 Browser-Specific Instructions. Detailed instructions can be found in the privacy or security settings of commonly used browsers, including Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.
6.2.4 Privacy Signals. Certain browsers and extensions allow users to enable “Do Not Track” (DNT) and “Global Privacy Control” (GPC) signals. Where legally required, including under the CCPA and CPRA, Swapped will treat such signals as valid opt-out requests for non-essential tracking or the sale/sharing of personal information.
6.3 Third-Party Opt-Outs.
Google Analytics: Google Analytics. Users may opt out of Google Analytics tracking by installing the official Google Analytics Opt-out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout.
Ahrefs/Framer Analytics: Users may block tracking through their browser settings (e.g., disabling cookies or clearing local storage) or use privacy tools that restrict third-party scripts. Users may also request opt-out directly through the respective provider’s support channels.
Intercom: Users may disable chat functionality or block its cookies directly in their browser.
6.4 Mobile Device Settings. Users may limit tracking at the operating system level, including app-specific privacy and ad-tracking controls.
6.5 Legal Basis: Users may exercise rights under Article 7 GDPR (withdrawal of consent) and equivalent provisions in UK GDPR and CCPA/CPRA.
7. International Data Transfers
Because Swapped ApS uses certain service providers that are headquartered or process data outside of the European Economic Area (EEA) and the United Kingdom, personal data collected via cookies and similar technologies may be transferred internationally. All such transfers are conducted in compliance with applicable data protection laws, including Chapter V of the GDPR and the UK GDPR.
7.1 Google Analytics
Data collected through Google Analytics (GA4) may be transferred to and processed by Google LLC in the United States. Google participates in the EU–US Data Privacy Framework, which has been recognized by the European Commission as providing an adequate level of protection. Where applicable, Standard Contractual Clauses (SCCs) are also implemented as an additional safeguard.
7.2 Ahrefs Analytics
Ahrefs Pte. Ltd., headquartered in Singapore, processes data collected through Ahrefs Analytics in accordance with the GDPR. For data originating in the EEA or UK, transfers to Singapore are secured by the use of SCCs and supplementary measures to ensure compliance with Schrems II requirements.
7.3 Customer Support and Transaction Security Providers
Certain third-party providers headquartered in the United States may process limited personal data through cookies associated with secure transactions and customer support functionality. These providers participate in the EU–US Data Privacy Framework and provide Standard Contractual Clauses (SCCs) as additional contractual safeguards.
7.4 Safeguards
Swapped ensures that all international transfers are subject to appropriate technical, contractual, and organizational protections, including:
7.4.1 Standard Contractual Clauses (SCCs).
Where no adequacy decision exists, we rely on the European Commission’s SCCs and the UK’s International Data Transfer Addendum as the primary legal mechanism for data transfers.
7.4.2 Adequacy Decisions and Data Privacy Frameworks.
Where available, transfers are conducted under adequacy decisions (e.g., EU–US Data Privacy Framework). This ensures that providers receiving data maintain a level of protection equivalent to that under EU and UK law.
7.4.3 Technical Safeguards.
Service providers are contractually required to implement encryption (in transit and at rest), pseudonymization, and secure transmission protocols (HTTPS/TLS) to mitigate risks of unauthorized access.
7.4.4 Organizational Measures.
Providers must apply strict access controls, role-based permissions, audit logging, and regular security assessments to ensure that only authorized personnel can access transferred data.
7.4.5 Data Minimization.
Only the minimum necessary personal data is transferred for the stated processing purpose (e.g., analytics, fraud prevention, or chat support).
7.4.6 Ongoing Compliance Monitoring.
We periodically review the adequacy of safeguards, monitor developments in data transfer law (including CJEU and EDPB guidance), and update contractual arrangements where required.
8. Data Retention
8.1 Cookie Retention Periods.
8.1.1 Essential Cookies
PHPSESSID (Session) – Maintains secure session state within widgets; deleted when the session ends.
__stripe_sid (Session) – Use for fraud prevention and session management; expires when browser session ends.
__stripe_mid (1 year) – Used for fraud prevention and secure payment authentication.
intercom-session-* (1 week) – Maintains Intercom chat session continuity.
intercom-id-* (9 months) – Associates a unique identifier with a browser to preserve Intercom communication history.
cf_clearance (2 hours) – Used by Cloudflare to distinguish legitimate users from automated bots and to protect the Services against distributed denial-of-service (DDoS) and other malicious attacks.
Consent preference cookies (up to 1 year) – Store user’s cookie consent choices to ensure compliance with GDPR/UK GDPR/ePrivacy Directive.
8.1.2 Analytics Cookies
_ga (1 week ) – Distinguishes unique users in Google Analytics.
_ga_* (1 week) – Stores session and campaign data for Google Analytics.
_gid (1 week ) – Distinguishes users on a per-day basis in Google Analytics.
_gat (1 minute) – Throttles request rate to limit Google Analytics data collection.
ahrefs-analytics (1 year) – Set only when analytics cookies are accepted. Tracks user sessions and page views for Ahrefs Analytics.
ah_session (Session) – Set only when analytics cookies are accepted. Maintains temporary session state in Ahrefs Analytics.
Framer Analytics tracking values (Session to 1 year) – Values created by Framer’s tracking scripts, stored in local storage or cookies, to record navigation paths, engagement, and component usage.
8.1.3 Functional and Preference Cookies
Country and currency preference cookie (1 year) – Stores selected country and currency to ensure localized display of market data.
Intercom language preference cookie (1 year) – Preserves user’s selected language for customer support chat.
8.1.4 Local Storage Values
Cached cryptocurrency and fiat exchange rates (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Cached market statistics (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Widget states (e.g., age restriction confirmation, Intercom chat status, language preference) – Persist until manually cleared by the user through browser/device settings.
8.2 Expiry and Deletion
8.2.1 Automatic Expiry. Cookies are automatically deleted after their defined lifespan. Session cookies expire once the browser is closed. Persistent cookies expire at the end of their retention period.
8.2.2 Manual Deletion. Users may delete cookies at any time through browser settings (Chrome, Firefox, Safari, Edge, etc.). Local storage values must be cleared separately via browser or device storage settings.
8.2.3 Refresh and Overwrite. Certain values (e.g., cached crypto rates, market statistics) are refreshed daily or overwritten by new data, minimizing long-term retention.
8.3 User Rights
8.3.1 GDPR/UK GDPR. Users may request deletion of cookie-derived personal data under the right to erasure (Article 17 GDPR/UK GDPR), subject to legal exceptions.
8.3.2 CCPA/CPRA. California residents may request deletion of personal information collected through cookies, subject to exemptions (e.g., for fraud prevention or legal compliance).
8.3.3 Withdrawal of Consent. Users may withdraw consent for non-essential cookies at any time via the Cookie Preference Center (see Section 6).
8.4 Periodic Review
Swapped reviews cookie retention schedules on at least an annual basis to ensure that retention remains proportionate, necessary, and in compliance with applicable law.
9. Children’s Privacy
9.1 Age Restriction. Swapped’s Services are intended exclusively for individuals aged 18 years and older. We do not knowingly permit minors to register, engage in transactions, or otherwise access Services that require the processing of personal data.
9.2 Cookie Usage and Minors. We do not knowingly use cookies or similar technologies to collect personal information from children under the age of 18. If we become aware that a minor has interacted with our Services in a manner that results in the collection of personal data, we will promptly delete such data and disable associated cookies.
9.3 Age-Gating Mechanism. Certain widgets and features of our Services include an age restriction confirmation, stored as a local storage variable (see Section 3.4). This mechanism is designed to prevent underage individuals from accessing content or functionality that is restricted under applicable laws (e.g., financial services regulations).
10. Security
Swapped ApS maintains a combination of technical, organizational, and contractual measures to protect cookie-related data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include end-to-end encryption of sensitive transactions, mandatory HTTPS transmission for all cookies, and restrictive cookie attributes (Secure, HttpOnly, and SameSite) applied where appropriate. In addition, we employ layered access controls, enforce role-based permissions, and conduct continuous monitoring of systems that process or store cookie-derived data. Security is further reinforced through periodic penetration testing, vulnerability assessments, and incident response planning. These safeguards are aligned with international standards for information security management and PCI DSS for payment card industry compliance. We review and update our measures regularly to address evolving threats and regulatory expectations.
Access to cookie-derived data is strictly limited to authorized personnel who are bound by confidentiality obligations and who undergo periodic data protection and security training.
11. Your Rights Under Data Protection Laws
Depending on where you are located, you may have certain rights relating to data collected through cookies.
For residents of the European Union and the United Kingdom, rights include access, rectification, erasure, restriction of processing, portability, objection to processing, and the ability to withdraw consent at any time. We will respond to valid requests within the timelines established by GDPR and UK GDPR, typically within 30 days.
For residents of the United States, including California, rights under the CCPA/CPRA include the right to know what categories of personal information have been collected, the right to request deletion (subject to legal obligations), the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising privacy rights.
For residents of other jurisdictions, such as Canada, Singapore, or Australia, we recognize and respect privacy rights established under local legislation.
We may require reasonable verification of your identity before fulfilling rights requests to protect the integrity of personal data. Requests can be submitted to support@swapped.com or Data Protection Officer: GDPR@swapped.com
If you are not satisfied with the way we handle your request, you also have the right to lodge a complaint with your local data protection authority (see Section 13).
12. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, law, or our business practices. Updates will be effective as of the “Effective Date” at the top of this document. Where changes are material, we will notify users through banners on our Services, platform messages, or direct communication such as email. Where legally required, we will also request renewed consent before applying new categories of cookies. We maintain internal version control to ensure prior versions of this Policy remain available for regulatory or audit purposes.
We encourage users to review this Cookie Policy periodically to remain informed about our use of cookies and similar technologies.
13. Complaints and Supervisory Authorities
If you have concerns about how we use cookies or process cookie-derived data, we encourage you to contact us first.
In the EU/EEA, our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet), which can be reached via
Address: Carl Jacobsens Vej 35, 2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
In the UK, complaints may be raised with the Information Commissioner’s Office (ICO), which can be reached at
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Phone: +44 (0)303 123 1113
Email: https://ico.org.uk
In Australia, complaints may be raised with the Office of the Australian Information Commissioner (OAIC), available at
Address: GPO Box 5218, Sydney NSW 2001, Australia
Phone: 1300 363 992
Website: https://www.oaic.gov.au
In the United States, users may direct complaints to the Federal Trade Commission (FTC) at
Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580, USA
Phone: ++1 202 326 2222
Email: https://www.ftc.gov
or, where applicable, to their state privacy regulator (for example, the California Privacy Protection Agency under the CCPA/CPRA).
In other jurisdictions, you may contact your local data protection authority. We cooperate fully with competent supervisory authorities and will comply with their directions in relation to complaints.
14. Contact Information
If you have questions about this Cookie Policy or how we use cookies and similar technologies, you may contact us at:
Swapped ApS
Rosbjergvej 22A
8220 Brabrand, Denmark
Email: support@swapped.com
Data Protection Officer: GDPR@swapped.com
We aim to respond to inquiries in a timely manner and within the response periods required by applicable law.
15. Glossary
Cookie
A small text file stored on your device by a website or application. Cookies are used to enable functionality, remember preferences, improve performance, and provide analytics or security functions.
Local Storage
A browser-based storage mechanism that persists until cleared by the user. Unlike cookies, local storage data is not automatically transmitted with each network request.
Session Cookie
A cookie that exists only during a single browsing session and is automatically deleted once the browser is closed.
Persistent Cookie
A cookie that remains on your device until its defined expiry date or until manually deleted by the user.
First-Party Cookie
A cookie set directly by the website or service you are visiting (e.g., Swapped’s consent preferences).
Third-Party Cookie
A cookie set by a domain other than the one you are visiting (e.g., Google Analytics, Stripe, Intercom).
Personal Data
Any information relating to an identified or identifiable natural person, as defined by the GDPR and equivalent legislation.
Consent
A freely given, specific, informed, and unambiguous indication of a user’s wishes, signifying agreement to the processing of their personal data.
Pseudonymization
The processing of personal data in such a manner that it can no longer be attributed to a specific individual without additional information kept separately.
Data Controller
The entity that determines the purposes and means of processing personal data (Swapped ApS acts as the Data Controller for cookie-related processing).
Data Processor
An entity that processes personal data on behalf of a Data Controller, such as third-party service providers (e.g., Google, Stripe, Intercom).
Effective July 31, 2025
1. Introduction
This Cookie Policy explains how Swapped ApS (“Swapped,” “we,” “us,” or “our”) uses cookies and similar technologies on our websites, applications, and digital platforms (collectively, the “Services”).
This Policy should be read alongside our Privacy Policy, which provides broader details about how we handle personal data. By using our Services, you consent to the use of cookies and similar technologies as described in this Policy. You can adjust your preferences at any time via our Cookie Settings available on our website.
2. What are Cookies and Similar Technologies
Cookies are small text files placed on your device (computer, smartphone, tablet, or other electronic device) when you access our Services. They enable functionality, remember preferences, improve performance, and help us understand how our Services are used.
2.1 Similar Technologies include:
a. Local Storage: Data stored within your browser for faster performance and reduced server requests.
b. Web Beacons: Pixel tags used for traffic measurement and campaign effectiveness.
c. Device Identifiers: Unique device/browser details used for security and analytics.
d. Session Replay and Fingerprinting: Records user interactions with our website for analysis and improvement purposes and collects information about your device and browser configuration to create a unique identifier.
3. Types of Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
3.1.1 These cookies are fundamental to the operation, integrity, and lawful delivery of our Services and are therefore categorized as strictly necessary. Without them, the Services cannot be provided in a secure, consistent, and functional manner. They include:
a. The PHPSESSID cookie, which is required to establish and maintain secure user sessions within our widgets, ensuring that information entered by a user persists across different parts of the platform without requiring re-authentication.
b. Payment security cookies, which are deployed to facilitate secure payment transactions, support fraud prevention measures, comply with applicable financial regulations, and ensure that transaction data is transmitted in accordance with Payment Card Industry Data Security Standards (PCI DSS).
c . Customer support cookies, which are necessary to deliver real-time customer support functionality by maintaining stateful communication sessions and ensuring continuity in interactions between the user and our support team.
d. Cookie consent preference cookies, which are used to store a user’s cookie choices and ensure compliance with the General Data Protection Regulation (GDPR), the UK GDPR, the ePrivacy Directive (PECR), and other applicable data protection laws.
e. Cloudflare security cookies, which are used to verify that a user has successfully passed a security challenge (such as bot or DDoS protection). These cookies protect the Services from malicious traffic and ensure continued availability and reliability.
3.1.2 The legal basis for the use of these cookies under the GDPR and UK GDPR is Article 6(1)(f) (legitimate interest), as they are indispensable to the proper functioning, security, and provision of the Services. In certain cases, such as payment processing, Article 6(1)(b) (contractual necessity) may also apply, as these cookies are required to fulfill a user’s request to engage in a transaction.
3.3.1 The duration of these cookies is limited to what is strictly necessary for their intended purposes. Session cookies, such as PHPSESSID, persist up to one month, while persistent cookies, such as consent preference or certain security-related cookies, may remain active for up to one year unless deleted earlier by the user. Such retention periods are proportionate to the operational and legal requirements for which the cookies are set.
3.2 Analytics and Performance Cookies
Analytics and performance cookies enable us to measure, analyze, and continuously improve the way users interact with our Services. These technologies allow us to better understand traffic volumes, engagement patterns, device/browser configurations, and overall system performance. The data collected is aggregated and, where possible, anonymized or pseudonymized, so that it does not directly identify individual users. Such cookies are not strictly necessary for the operation of the Services, but they are essential to our ability to develop, optimize, and provide a high-quality user experience.
3.2.1 Google Analytics (GA4). We use Google Analytics 4, provided by Google LLC and its affiliates, to analyze traffic and usage trends. GA4 provides insights into user sessions, engagement, retention, and user flows across pages. Data collected may include anonymized IP addresses, device identifiers, browser information, referral sources, and interaction events such as clicks or scroll depth. Cookies associated with GA4, such as _ga and _gid, typically persist for up to one week unless cleared sooner by the user. The legal basis under the GDPR is user consent, with data transfers safeguarded through the EU-US Data Privacy Framework or Standard Contractual Clauses where applicable.
3.2.2 Ahrefs Analytics. We use Ahrefs Analytics, provided by Ahrefs Pte. Ltd., to evaluate our website’s search performance, backlink profile, and SEO-related metrics.This service operates through tracking scripts and may set identifiers such as cookies or local storage values. The data collected includes aggregated information on page visits, referral sources, keyword queries, and navigation paths. These insights help us improve discoverability and user flow. Ahrefs-related cookies or storage values typically persist for up to one year. Data processing is conducted in accordance with GDPR principles, with appropriate safeguards for international transfers.
3.2.3 Framer Analytics. Our platform incorporates built-in Framer Analytics to track in-page performance and interaction metrics. This service relies on tracking scripts and local storage values (rather than cookies alone) to capture information such as navigation paths, click rates, time spent on specific components, and engagement with dynamic features. These values may persist for the duration of a browsing session or up to one year. Data is used solely for internal performance measurement and design optimization.
Legal Basis. The deployment of analytics and performance cookies is based on the user’s explicit consent under Article 6(1)(a) GDPR and UK GDPR. In limited cases, where permitted by applicable law, processing may also rely on Article 6(1)(f) GDPR (legitimate interest) for purposes of service improvement. Users retain the right to withdraw consent at any time.
3.3 Functional and Preference Cookies
Functional and preference cookies enable us to provide a more tailored experience by remembering the individual choices and settings of each user. These cookies do not track browsing across unrelated websites, but instead ensure that users’ prior selections are preserved for future visits, thereby enhancing usability and convenience.
Examples include:
a. A custom Swapped cookie that records the user’s selected country and currency preference to ensure prices, market data, and features are displayed accurately in the correct format.
b. An Intercom widget cookie that preserves the user’s preferred language setting, chat history, and support state so that interactions with our customer support system remain seamless and consistent.
3.3.1 Duration. These cookies typically persist for up to one year unless deleted earlier by the user.
3.3.2 Legal Basis. The use of functional and preference cookies is based on consent under Article 6(1)(a) GDPR, as they are not strictly necessary but materially improve the quality of the Services.
3.4 Local Storage Variables
In addition to cookies, we utilize local storage technologies built into modern browsers. Unlike cookies, local storage data is not transmitted automatically with every network request; instead, it resides entirely on the user’s device and is accessed only when required by our Services. This reduces server load, increases responsiveness, and allows for more efficient personalization.
Local storage variables used by Swapped include:
a. Cached cryptocurrency and fiat exchange rates, enabling faster load times for market data without repeatedly querying Swapped.com’s APIs.
b. Cached market statistics, which improve widget rendering performance and user experience by locally storing relevant non-sensitive information.
c. Widget-specific variables, including confirmation of age restrictions, language selections, and the operational state of Intercom. These values ensure compliance with legal requirements (such as age-gating) and preserve continuity across user sessions.
3.4.1 Duration. Local storage values persist until actively deleted by the user or cleared as part of browser maintenance.
3.4.2 Legal Basis. The use of local storage is justified under Article 6(1)(f) GDPR (legitimate interest), as it optimizes service performance, reduces latency, and provides essential personalization without compromising user privacy.
3.5 Marketing and Advertising Cookies
Swapped ApS does not currently deploy third-party marketing or advertising cookies on its Services. We do not use cookies for behavioral profiling, cross-site tracking, targeted advertising, or the sale or sharing of personal information as defined under applicable laws.
3.5.1 Should we decide to introduce such technologies in the future, we will:
a. Provide clear and prominent notice to users in advance of their deployment.
b. Obtain explicit consent from users in accordance with Article 6(1)(a) GDPR, the UK GDPR, and the ePrivacy Directive, prior to setting any such cookies.
c. Update this Cookie Policy and the Cookie Settings interface to reflect the new categories, purposes, and options available.
d. For users located in the United States, including California residents, provide a clear and accessible mechanism to exercise their rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to opt out of the “sale” or “sharing” of personal information that may occur through the use of advertising or marketing cookies.
Until such a time, no marketing or advertising cookies are placed on users’ devices by Swapped.
4. Cookie Duration and Sources
Cookies differ in how long they remain active on a user’s device and in whether they originate from Swapped ApS or a third-party provider.
4.1 Session Cookies. These are temporary files that exist for the duration of the session. They are typically used for authentication (PHPSESSID) and maintaining temporary preferences during a single visit.
4.2 Persistent Cookies. These remain stored on a user’s device for a defined duration, which can range from hours to up to 9 months. They enable recognition of returning users, retention of consent preferences, and long-term analytics. Examples include Google Analytics (_ga) and our currency preference cookie.
4.3 First-Party Cookies. Set directly by Swapped ApS when you interact with our Services. We maintain full control over their scope, duration, and data processing purposes. Examples include consent preference cookies and custom localization cookies.
4.4 Third-Party Tracking Technologies: Set by external providers such as Google Analytics, Ahrefs, Intercom, and Framer Analytics. These may include cookies, local storage values, or tracking scripts. While we integrate these services to support security, analytics, or communication, the data collected is governed by the respective provider’s privacy policies.
4.5 Legal Basis: Article 6(1)(a) GDPR (consent for persistent and third-party cookies), Article 6(1)(f) GDPR (legitimate interest for essential cookies).
5. Legal Basis for Cookie Processing
Swapped ApS implements cookies in accordance with the applicable legal frameworks across different jurisdictions.
5.1 European Union (GDPR).
Consent (Art. 6(1)(a)): Required for all non-essential cookies, including analytics, functional, preference, and potential marketing cookies.
Legitimate Interest (Art. 6(1)(f)): Applies to essential cookies strictly necessary for the security and provision of our Services.
Contractual Necessity (Art. 6(1)(b)): Applies to cookies required to complete a contractual action, such as Stripe payment authentication.
5.2 United Kingdom (UK GDPR and PECR).
Swapped mirrors the EU framework under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR). Explicit consent is obtained for all non-essential cookies, while essential cookies are set under legitimate interest or contractual necessity.
5.3 United States (CCPA/CPRA).
We provide clear notice of cookie use and their categories.
Users have the right to opt out of the “sale” or “sharing” of personal information, though Swapped does not currently sell or share cookie-derived data.
Users may request deletion of personal information collected via cookies, subject to applicable exceptions.
5.4 Other Jurisdictions.
We apply privacy-protective practices consistent with local requirements, including Canada’s PIPEDA, and Australia’s Privacy Act, where applicable.
6. Your Cookie Choices and Rights
Users have full control over cookie usage through several mechanisms.
6.1 Cookie Preference Center
6.1.1 Access. Swapped provides a Cookie Preference Center, accessible at any time via the cookie banner displayed upon first visit and through the permanent “Cookie Settings” link available on our website.
6.1.2 Categories of Control. Within the Cookie Preference Center, users may grant or withdraw consent for non-essential categories of cookies, including Analytics and Performance, Functional and Preference, and Marketing cookies (if introduced in the future). Essential cookies cannot be disabled, as they are required for the operation of our Services.
6.1.3 Granularity of Choice. Users may review the purposes and providers of each category of cookies and select or deselect consent at a granular, category-by-category level.
6.1.4 Withdrawal of Consent. Users may withdraw consent at any time in accordance with Article 7 of the GDPR and UK GDPR. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
6.1.5 Storage of Preferences. Consent choices are stored in a persistent cookie. If this cookie is deleted (e.g., via browser settings), users will be prompted to reconfirm preferences on their next visit.
6.2 Browser Settings
6.2.1 General Controls. Most modern browsers allow users to manage cookies directly. Available options typically include:
Blocking all cookies.
Blocking third-party cookies only.
Deleting existing cookies.
Restricting cookies to specific websites.
Receiving alerts before cookies are placed.
6.2.2 Impact on Functionality. Users should note that disabling all cookies may impair essential functions of the Services, such as login sessions, payment authentication, or fraud prevention.
6.2.3 Browser-Specific Instructions. Detailed instructions can be found in the privacy or security settings of commonly used browsers, including Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Edge.
6.2.4 Privacy Signals. Certain browsers and extensions allow users to enable “Do Not Track” (DNT) and “Global Privacy Control” (GPC) signals. Where legally required, including under the CCPA and CPRA, Swapped will treat such signals as valid opt-out requests for non-essential tracking or the sale/sharing of personal information.
6.3 Third-Party Opt-Outs.
Google Analytics: Google Analytics. Users may opt out of Google Analytics tracking by installing the official Google Analytics Opt-out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout.
Ahrefs/Framer Analytics: Users may block tracking through their browser settings (e.g., disabling cookies or clearing local storage) or use privacy tools that restrict third-party scripts. Users may also request opt-out directly through the respective provider’s support channels.
Intercom: Users may disable chat functionality or block its cookies directly in their browser.
6.4 Mobile Device Settings. Users may limit tracking at the operating system level, including app-specific privacy and ad-tracking controls.
6.5 Legal Basis: Users may exercise rights under Article 7 GDPR (withdrawal of consent) and equivalent provisions in UK GDPR and CCPA/CPRA.
7. International Data Transfers
Because Swapped ApS uses certain service providers that are headquartered or process data outside of the European Economic Area (EEA) and the United Kingdom, personal data collected via cookies and similar technologies may be transferred internationally. All such transfers are conducted in compliance with applicable data protection laws, including Chapter V of the GDPR and the UK GDPR.
7.1 Google Analytics
Data collected through Google Analytics (GA4) may be transferred to and processed by Google LLC in the United States. Google participates in the EU–US Data Privacy Framework, which has been recognized by the European Commission as providing an adequate level of protection. Where applicable, Standard Contractual Clauses (SCCs) are also implemented as an additional safeguard.
7.2 Ahrefs Analytics
Ahrefs Pte. Ltd., headquartered in Singapore, processes data collected through Ahrefs Analytics in accordance with the GDPR. For data originating in the EEA or UK, transfers to Singapore are secured by the use of SCCs and supplementary measures to ensure compliance with Schrems II requirements.
7.3 Customer Support and Transaction Security Providers
Certain third-party providers headquartered in the United States may process limited personal data through cookies associated with secure transactions and customer support functionality. These providers participate in the EU–US Data Privacy Framework and provide Standard Contractual Clauses (SCCs) as additional contractual safeguards.
7.4 Safeguards
Swapped ensures that all international transfers are subject to appropriate technical, contractual, and organizational protections, including:
7.4.1 Standard Contractual Clauses (SCCs).
Where no adequacy decision exists, we rely on the European Commission’s SCCs and the UK’s International Data Transfer Addendum as the primary legal mechanism for data transfers.
7.4.2 Adequacy Decisions and Data Privacy Frameworks.
Where available, transfers are conducted under adequacy decisions (e.g., EU–US Data Privacy Framework). This ensures that providers receiving data maintain a level of protection equivalent to that under EU and UK law.
7.4.3 Technical Safeguards.
Service providers are contractually required to implement encryption (in transit and at rest), pseudonymization, and secure transmission protocols (HTTPS/TLS) to mitigate risks of unauthorized access.
7.4.4 Organizational Measures.
Providers must apply strict access controls, role-based permissions, audit logging, and regular security assessments to ensure that only authorized personnel can access transferred data.
7.4.5 Data Minimization.
Only the minimum necessary personal data is transferred for the stated processing purpose (e.g., analytics, fraud prevention, or chat support).
7.4.6 Ongoing Compliance Monitoring.
We periodically review the adequacy of safeguards, monitor developments in data transfer law (including CJEU and EDPB guidance), and update contractual arrangements where required.
8. Data Retention
8.1 Cookie Retention Periods.
8.1.1 Essential Cookies
PHPSESSID (Session) – Maintains secure session state within widgets; deleted when the session ends.
__stripe_sid (Session) – Use for fraud prevention and session management; expires when browser session ends.
__stripe_mid (1 year) – Used for fraud prevention and secure payment authentication.
intercom-session-* (1 week) – Maintains Intercom chat session continuity.
intercom-id-* (9 months) – Associates a unique identifier with a browser to preserve Intercom communication history.
cf_clearance (2 hours) – Used by Cloudflare to distinguish legitimate users from automated bots and to protect the Services against distributed denial-of-service (DDoS) and other malicious attacks.
Consent preference cookies (up to 1 year) – Store user’s cookie consent choices to ensure compliance with GDPR/UK GDPR/ePrivacy Directive.
8.1.2 Analytics Cookies
_ga (1 week ) – Distinguishes unique users in Google Analytics.
_ga_* (1 week) – Stores session and campaign data for Google Analytics.
_gid (1 week ) – Distinguishes users on a per-day basis in Google Analytics.
_gat (1 minute) – Throttles request rate to limit Google Analytics data collection.
ahrefs-analytics (1 year) – Set only when analytics cookies are accepted. Tracks user sessions and page views for Ahrefs Analytics.
ah_session (Session) – Set only when analytics cookies are accepted. Maintains temporary session state in Ahrefs Analytics.
Framer Analytics tracking values (Session to 1 year) – Values created by Framer’s tracking scripts, stored in local storage or cookies, to record navigation paths, engagement, and component usage.
8.1.3 Functional and Preference Cookies
Country and currency preference cookie (1 year) – Stores selected country and currency to ensure localized display of market data.
Intercom language preference cookie (1 year) – Preserves user’s selected language for customer support chat.
8.1.4 Local Storage Values
Cached cryptocurrency and fiat exchange rates (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Cached market statistics (cached in the browser for up to 60 seconds and refreshed automatically on website reload).
Widget states (e.g., age restriction confirmation, Intercom chat status, language preference) – Persist until manually cleared by the user through browser/device settings.
8.2 Expiry and Deletion
8.2.1 Automatic Expiry. Cookies are automatically deleted after their defined lifespan. Session cookies expire once the browser is closed. Persistent cookies expire at the end of their retention period.
8.2.2 Manual Deletion. Users may delete cookies at any time through browser settings (Chrome, Firefox, Safari, Edge, etc.). Local storage values must be cleared separately via browser or device storage settings.
8.2.3 Refresh and Overwrite. Certain values (e.g., cached crypto rates, market statistics) are refreshed daily or overwritten by new data, minimizing long-term retention.
8.3 User Rights
8.3.1 GDPR/UK GDPR. Users may request deletion of cookie-derived personal data under the right to erasure (Article 17 GDPR/UK GDPR), subject to legal exceptions.
8.3.2 CCPA/CPRA. California residents may request deletion of personal information collected through cookies, subject to exemptions (e.g., for fraud prevention or legal compliance).
8.3.3 Withdrawal of Consent. Users may withdraw consent for non-essential cookies at any time via the Cookie Preference Center (see Section 6).
8.4 Periodic Review
Swapped reviews cookie retention schedules on at least an annual basis to ensure that retention remains proportionate, necessary, and in compliance with applicable law.
9. Children’s Privacy
9.1 Age Restriction. Swapped’s Services are intended exclusively for individuals aged 18 years and older. We do not knowingly permit minors to register, engage in transactions, or otherwise access Services that require the processing of personal data.
9.2 Cookie Usage and Minors. We do not knowingly use cookies or similar technologies to collect personal information from children under the age of 18. If we become aware that a minor has interacted with our Services in a manner that results in the collection of personal data, we will promptly delete such data and disable associated cookies.
9.3 Age-Gating Mechanism. Certain widgets and features of our Services include an age restriction confirmation, stored as a local storage variable (see Section 3.4). This mechanism is designed to prevent underage individuals from accessing content or functionality that is restricted under applicable laws (e.g., financial services regulations).
10. Security
Swapped ApS maintains a combination of technical, organizational, and contractual measures to protect cookie-related data against accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include end-to-end encryption of sensitive transactions, mandatory HTTPS transmission for all cookies, and restrictive cookie attributes (Secure, HttpOnly, and SameSite) applied where appropriate. In addition, we employ layered access controls, enforce role-based permissions, and conduct continuous monitoring of systems that process or store cookie-derived data. Security is further reinforced through periodic penetration testing, vulnerability assessments, and incident response planning. These safeguards are aligned with international standards for information security management and PCI DSS for payment card industry compliance. We review and update our measures regularly to address evolving threats and regulatory expectations.
Access to cookie-derived data is strictly limited to authorized personnel who are bound by confidentiality obligations and who undergo periodic data protection and security training.
11. Your Rights Under Data Protection Laws
Depending on where you are located, you may have certain rights relating to data collected through cookies.
For residents of the European Union and the United Kingdom, rights include access, rectification, erasure, restriction of processing, portability, objection to processing, and the ability to withdraw consent at any time. We will respond to valid requests within the timelines established by GDPR and UK GDPR, typically within 30 days.
For residents of the United States, including California, rights under the CCPA/CPRA include the right to know what categories of personal information have been collected, the right to request deletion (subject to legal obligations), the right to opt out of the sale or sharing of personal information, and the right not to be discriminated against for exercising privacy rights.
For residents of other jurisdictions, such as Canada, Singapore, or Australia, we recognize and respect privacy rights established under local legislation.
We may require reasonable verification of your identity before fulfilling rights requests to protect the integrity of personal data. Requests can be submitted to support@swapped.com or Data Protection Officer: GDPR@swapped.com
If you are not satisfied with the way we handle your request, you also have the right to lodge a complaint with your local data protection authority (see Section 13).
12. Updates to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in technology, law, or our business practices. Updates will be effective as of the “Effective Date” at the top of this document. Where changes are material, we will notify users through banners on our Services, platform messages, or direct communication such as email. Where legally required, we will also request renewed consent before applying new categories of cookies. We maintain internal version control to ensure prior versions of this Policy remain available for regulatory or audit purposes.
We encourage users to review this Cookie Policy periodically to remain informed about our use of cookies and similar technologies.
13. Complaints and Supervisory Authorities
If you have concerns about how we use cookies or process cookie-derived data, we encourage you to contact us first.
In the EU/EEA, our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet), which can be reached via
Address: Carl Jacobsens Vej 35, 2500 Valby, Denmark
Phone: +45 33 19 32 00
Email: dt@datatilsynet.dk
In the UK, complaints may be raised with the Information Commissioner’s Office (ICO), which can be reached at
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
Phone: +44 (0)303 123 1113
Email: https://ico.org.uk
In Australia, complaints may be raised with the Office of the Australian Information Commissioner (OAIC), available at
Address: GPO Box 5218, Sydney NSW 2001, Australia
Phone: 1300 363 992
Website: https://www.oaic.gov.au
In the United States, users may direct complaints to the Federal Trade Commission (FTC) at
Address: 600 Pennsylvania Avenue, NW, Washington, DC 20580, USA
Phone: ++1 202 326 2222
Email: https://www.ftc.gov
or, where applicable, to their state privacy regulator (for example, the California Privacy Protection Agency under the CCPA/CPRA).
In other jurisdictions, you may contact your local data protection authority. We cooperate fully with competent supervisory authorities and will comply with their directions in relation to complaints.
14. Contact Information
If you have questions about this Cookie Policy or how we use cookies and similar technologies, you may contact us at:
Swapped ApS
Rosbjergvej 22A
8220 Brabrand, Denmark
Email: support@swapped.com
Data Protection Officer: GDPR@swapped.com
We aim to respond to inquiries in a timely manner and within the response periods required by applicable law.
15. Glossary
Cookie
A small text file stored on your device by a website or application. Cookies are used to enable functionality, remember preferences, improve performance, and provide analytics or security functions.
Local Storage
A browser-based storage mechanism that persists until cleared by the user. Unlike cookies, local storage data is not automatically transmitted with each network request.
Session Cookie
A cookie that exists only during a single browsing session and is automatically deleted once the browser is closed.
Persistent Cookie
A cookie that remains on your device until its defined expiry date or until manually deleted by the user.
First-Party Cookie
A cookie set directly by the website or service you are visiting (e.g., Swapped’s consent preferences).
Third-Party Cookie
A cookie set by a domain other than the one you are visiting (e.g., Google Analytics, Stripe, Intercom).
Personal Data
Any information relating to an identified or identifiable natural person, as defined by the GDPR and equivalent legislation.
Consent
A freely given, specific, informed, and unambiguous indication of a user’s wishes, signifying agreement to the processing of their personal data.
Pseudonymization
The processing of personal data in such a manner that it can no longer be attributed to a specific individual without additional information kept separately.
Data Controller
The entity that determines the purposes and means of processing personal data (Swapped ApS acts as the Data Controller for cookie-related processing).
Data Processor
An entity that processes personal data on behalf of a Data Controller, such as third-party service providers (e.g., Google, Stripe, Intercom).
Legal
Company
Swapped ApS
Registration no: 42865397
Rosbjergvej 22A, 8220 Brabrand, Denmark
Join our community
Copyright 2025 Swapped ApS. All rights reserved.
Swapped ApS is registered with the Danish Financial Supervisory Authority.
Swapped ApS is registered with Fintrac Canada as a Money Service Business.
Swapped ApS NUF is registered with the Financial Supervisory Authority of Norway.
Swapped ApS is registered with FinCEN as a Money Service Business.
Legal
Company
Swapped ApS
Registration no: 42865397
Rosbjergvej 22A, 8220 Brabrand, Denmark
Join our community
Copyright 2025 Swapped ApS. All rights reserved.
Swapped ApS is registered with the Danish Financial Supervisory Authority.
Swapped ApS is registered with Fintrac Canada as a Money Service Business.
Swapped ApS NUF is registered with the Financial Supervisory Authority of Norway.
Swapped ApS is registered with FinCEN as a Money Service Business.
Legal
Join our community
Company
Swapped ApS
Registration no: 42865397
Rosbjergvej 22A, 8220 Brabrand, Denmark
Copyright 2025 Swapped ApS. All rights reserved.
Swapped ApS is registered with the Danish Financial Supervisory Authority.
Swapped ApS is registered with Fintrac Canada as a Money Service Business.
Swapped ApS NUF is registered with the Financial Supervisory Authority of Norway.
Swapped ApS is registered with FinCEN as a Money Service Business.