Privacy Policy

Effective July 24, 2025

1. Introduction

Swapped ApS and its affiliated entities (hereinafter referred to as “Swapped”, “we”, “us” or “our”) are dedicated to safeguarding and respecting your privacy.

This Privacy Policy governs our collection, use, disclosure, and retention of personal information from:

• Users of our services; and
  
  

• Visitors to our websites, mobile applications, emails, social media pages, and any other platforms or digital properties we control that link to this Policy (collectively, the “Services”).

We define “Personal Information” or “Personal Data” as any data that directly or indirectly identifies you, such as your name, address, email address, trading activity, device identifiers, and similar information.

Swapped processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and, where applicable, other data protection laws such as:

• The Danish Data Protection Act (Databeskyttelsesloven), which supplements the GDPR in Denmark

• The California Consumer Privacy Act (CCPA/CPRA);

• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA);

• Australia’s Privacy Act 1988 (Cth);

• Norway’s Personal Data Act implementing the GDPR under the EEA Agreement.

This Privacy Policy applies to both individual end users and representatives of merchant organizations who use the Services. Certain rights, obligations, and data practices described in this Policy may apply differently depending on whether you are acting as an individual consumer or on behalf of a business.

2. Our Relationship to You

Swapped provides services globally through a group of affiliated legal entities (collectively “Swapped,” “we,” “us,” or “our”). The Swapped entity responsible for delivering Services to you and processing your personal data depends on your location.

Each Swapped entity may act as a data controller or joint controller under applicable privacy and data protection laws and is responsible for handling your personal data in accordance with this Privacy Policy.

2.1 Operating Entities

The following Swapped entities are authorized to operate in their respective jurisdictions:

2.1.1. Swapped ApS (Denmark)
Serves as the primary contracting entity and provides services globally, except where another local Swapped entity is designated.

2.1.2. Swapped ApS NUF (Norway)
Provides services to Users located in Norway.

2.1.3. Swapped ApS (Australia)
Provides services to Users located in Australia.

2.1.4. Bitinvestor ApS (Canada)
Provides services to Users located in Canada.

2.1.5. Swappedcom Inc. (United States)
Provides services to Users located in the United States, and complies with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and similar state legislation.

For certain merchant-integrated services, such as Swapped Connect, Swapped may act as a data processor on behalf of the Merchant, and any personal information routed through the Connect service will be processed according to the Merchant’s instructions and in accordance with applicable data protection laws.

2.2 Entity Responsibility and Data Processing

The entity listed above for your jurisdiction is the data controller for the processing of your personal data in connection with the Services. That entity determines the purposes and legal basis for processing, and is your primary contact for any data protection requests, including access, correction, deletion, or objection.

Swapped entities may share personal data with each other to deliver the Services efficiently (e.g., infrastructure, support, fraud prevention), always in accordance with this Privacy Policy and applicable law. Any such data sharing occurs under appropriate safeguards, including data processing agreements or standard contractual clauses where required.

2.3 Limited Data Retention and No Wallet Custody

Swapped does not offer custody, wallet management, or currency exchange services. We do not hold digital assets, private wallet keys, or access credentials on behalf of Users or Merchants. Wallet addresses and transaction data are processed only during the technical window necessary to complete a payment, and are retained solely for compliance, fraud prevention, or operational reasons—never for custody or storage purposes.

3. Personal Data We Collect and How We Collect It

3.1 Definition of Personal Data

“Personal Data” refers to any information relating to an identified or identifiable natural person. This includes information that can identify you directly (such as your name or identification number) or indirectly (such as your IP address or wallet transaction history).

We collect Personal Data when you access or use our Services, including when you visit our website, interact with our platform, communicate with our support team, or complete a transaction. This section outlines the categories of data we collect and the ways in which we collect them.

3.2 Categories of Personal Data We Collect

3.2.1 Identity and Contact Information

We collect basic identity and contact information including:
(a) full name;
(b) residential address;
(c) email address;
(d) phone number;
(e) nationality;
(f) country of residence; and
(g) date of birth.

3.2.2 Verification and Regulatory Compliance Data

To meet legal, financial, or anti-fraud obligations, we may collect:
(a) government-issued identity documents (such as a passport, national ID card, or driver's license);
(b) proof of residency or address (such as utility bills or tenancy agreements);
(c) photographic images (e.g. for identity verification purposes);
(d) employment-related information or company name (where relevant);
(e) visa or residency permit status;
(f) tax identification number; and
(g) information from public sanctions, politically exposed persons (PEP), and watchlists.

3.2.3 Financial and Transactional Information

In connection with payment processing and settlement, we may collect:
(a) bank account details or payout information;
(b) cryptocurrency wallet addresses (provided for settlement purposes only);
(c) transaction amounts, payment methods, currencies, timestamps, and settlement status;
(d) declared source of funds or wealth (if legally required); and
(e) merchant affiliation or partner details.

3.2.4 Device and Technical Information

We collect electronic data from your interaction with our platform, including:
(a) internet protocol (IP) address;
(b) browser type and version;
(c) operating system and device specifications;
(d) session identifiers and device fingerprinting data;
(e) time of access and referral URLs; and
(f) preferred language settings.

3.2.5 Usage and Interaction Data

To understand how our platform is used and improve service delivery, we collect:
(a) login attempts and account activity logs;
(b) configuration preferences and settings selected on the platform;
(c) interaction records with our dashboard or APIs;
(d) messages exchanged with support, including chat and emails; and
(e) information submitted through user research surveys or customer feedback channels.

3.2.6 Data from Third-Party Sources

Where permitted by law, we may receive data about you from external sources, including:
(a) public databases and compliance screening services;
(b) identity verification vendors and fraud prevention agencies;
(c) blockchain analysis providers;
(d) payment service providers, merchant partners, or integration platforms;
(e) marketing or advertising networks (if you interacted with our ads or services through them); and
(f) regulatory authorities or legal institutions.

3.2.7 Blockchain and On-Chain Activity

Swapped may observe and analyze blockchain data for transactions associated with its services, which may include:
(a) wallet addresses used for sending or receiving assets;
(b) transaction identifiers (hashes), timestamps, and amounts;
(c) public digital signatures; and
(d) smart contract interactions related to Swapped-enabled payments.

Although blockchain data is public by design, we may associate it with your account when necessary to fulfill a transaction or comply with regulatory obligations.

3.3 How We Collect Personal Data

3.3.1 Direct Collection from You

We collect data directly from you when you:
(a) create or update a Swapped account;
(b) submit documents or information for verification;
(c) communicate with our support or compliance teams;
(d) respond to surveys or feedback forms; or
(e) initiate or complete a transaction through the platform.

3.3.2 Automatic Collection through Technology

We automatically collect data when you use our Services, including through:
(a) cookies and similar tracking technologies;
(b) device and browser logging systems; and
(c) performance or analytics scripts integrated into our website and platform.

Further detail is available in our [Cookie Policy].

3.3.3 Third-Party Collection

We may also receive Personal Data from trusted third-party sources, including:
(a) compliance and identity verification vendors;
(b) sanctions and risk database providers;
(c) partner financial institutions or PSPs involved in a transaction;
(d) advertising networks or analytics platforms (if permitted); and
(e) government or law enforcement authorities where required by law.

3.4 Aggregated and Anonymized Data

We may collect and process aggregated or anonymized data that is not linked to any individual. This may include statistical data, usage patterns, fraud metrics, and platform performance insights.

Such data is used for internal research, fraud detection, platform optimization, and business reporting. Because it does not identify you, it is not treated as Personal Data under this Policy.

3.5 Special Categories of Personal Data

Swapped does not actively collect sensitive Personal Data as defined under Article 9 of the GDPR, including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, or sexual orientation.

If any such data is submitted inadvertently (e.g. through ID documentation), we process it only as necessary for identity verification, and in accordance with applicable legal safeguards.

3.6 Accuracy of Personal Data

It is your responsibility to ensure that any Personal Data you provide to Swapped is accurate, complete, and up to date.

If you become aware that any information we hold about you is incorrect, or if your data changes, please contact us promptly at support@swapped.com to request an update or correction.

4. How We Use Your Personal Data

Swapped uses your personal data to operate, provide, secure, improve, and support our Services. We also process data to fulfill legal obligations, enforce our Terms of Use, and protect the integrity of our platform. This section describes the purposes for which we process your personal data, along with the applicable legal basis for each category of processing.

4.1 Data Processing Necessary to Perform Our Contract with You

4.1.1 To create and manage your Swapped account

We use your personal data to register and maintain your user or merchant account, configure access credentials, and provide platform functionality.
Relevant categories:
(a) Identity and contact data;
(b) Account and login credentials;
(c) Transactional information.

4.1.2 To process and settle transactions

We process wallet addresses, banking or payment data, and transaction information to route funds between parties, record settlement events, and issue transaction confirmations.
Relevant categories:
(a) Financial data;
(b) Wallet addresses;
(c) Transaction metadata.

4.1.3 To provide technical and customer support

We use your data to respond to inquiries, resolve technical issues, and provide service-related updates via email, chat, or dashboard notifications.
Relevant categories:
(a) Identity and contact data;
(b) Communication data;
(c) Device and usage information.

4.2 Data Processing Necessary to Comply with Legal Obligations

4.2.1 To verify user identity and conduct due diligence

We collect and verify identification documents and proof of residency to fulfill regulatory obligations under Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Know Your Customer (KYC) frameworks.
Relevant categories:
(a) Government-issued ID;
(b) Proof of address;
(c) Sanctions screening data.

4.2.2 To meet tax, audit, and financial reporting obligations

We retain and analyze relevant user data to comply with local and international financial reporting, recordkeeping, and audit requirements.
Relevant categories:
(a) Financial data;
(b) Transaction history;
(c) User identifiers.

4.2.3 To cooperate with law enforcement and regulators

We may access, preserve, and disclose personal data if required by law, court order, or regulatory mandate, including for investigations related to fraud, financial crime, tax reporting, or market abuse.
Relevant categories:
(a) Identity and contact information;
(b) Wallet addresses and blockchain data;
(c) Communications and support records.

4.3 Data Processing Based on Our Legitimate Interests

4.3.1 To secure our platform and prevent abuse

We analyze transactional patterns and usage behavior to detect, prevent, and respond to unauthorized access, fraud, market manipulation, or Terms of Use violations.
Relevant categories:
(a) Transaction and wallet data;
(b) Device and session identifiers;
(c) User activity logs.

4.3.2 To improve our Services and user experience

We assess aggregated user behavior to optimize platform design, increase operational efficiency, and develop new features or services.
Relevant categories:
(a) Platform usage analytics;
(b) Survey feedback;
(c) Performance diagnostics.

4.3.3 To conduct internal reporting and business operations

We process data for administrative tasks, recordkeeping, financial planning, service evaluation, and performance measurement across entities.
Relevant categories:
(a) Transaction history;
(b) Financial data;
(c) Aggregated metrics.

4.3.4 To communicate important service updates

We may send non-promotional messages regarding changes to our terms, policies, system availability, or legal notices. These communications are mandatory and do not require additional consent.
Relevant categories:
(a) Identity and contact data;
(b) Communications;
(c) Transaction metadata.

4.4 Data Processing with Your Consent

Swapped may process your personal data for the following purposes only if you have provided explicit consent:

4.4.1 To send marketing communications

We may use your contact information to send you promotional content about Swapped services or features. You may withdraw your consent at any time by following the opt-out instructions in the communication.
Relevant categories:
(a) Identity and contact data;
(b) Product usage information;
(c) Survey and engagement data.

4.4.2 To participate in surveys or user research

If you choose to participate in surveys or interviews, we may process your feedback to assess customer satisfaction, usability, or market expectations.
Relevant categories:
(a) Communication data;
(b) Usage data;
(c) Research input.

4.5 Additional Notes on Data Sharing for Legal and Security Purposes

Where necessary and permitted by law, Swapped may preserve and disclose your personal data to third parties in the following situations:

4.5.1 In response to legal proceedings or investigations

This may include regulatory audits, subpoenas, criminal inquiries, or civil litigation involving users or third parties.

4.5.2 To protect the integrity and security of our Services

We may use or disclose data to address fraud, misuse, abuse of the platform, or other threats that could compromise Swapped’s users, infrastructure, or reputation.

4.5.3 To defend our legal rights

We may rely on stored data for dispute resolution, account reviews, customer claims, or protection against legal liability.

All such uses are carried out in accordance with applicable legal safeguards and principles of proportionality.

4.6 Data Use Based on Your Consent

Swapped may process your personal data based on your explicit consent in limited circumstances. When we do so, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of prior processing carried out based on consent before its withdrawal.

4.6.1 Marketing Communications Beyond Core Services

We may use your personal data to send you targeted marketing messages about Swapped’s new features, product extensions, merchant tools, or events. These messages may be delivered by email, SMS, or other electronic means, but only if you have explicitly consented to receive them.

You may opt out of receiving such communications at any time by using the unsubscribe link provided in each message or by contacting support@swapped.com. 

Relevant categories:
(a) Identity and contact data;
(b) Product usage data;
(c) Marketing partner information;
(d) Survey or feedback responses.

4.6.2 Device-Based Permissions and Settings

When using Swapped’s platform via web or mobile interface, you may choose to grant us access to certain device-level permissions, such as access to your file uploads, camera, or microphone, strictly for the purpose of completing identity verification.

We do not use these permissions for any other purposes. Access is granted only when explicitly authorized by you, and the data collected is used solely for verification and regulatory compliance.

Relevant categories:
(a) Device and browser data;
(b) Uploaded identification documents or photos;
(c) Metadata associated with those uploads.

4.7 Data Use to Protect Vital Interests

Swapped may, in rare and exceptional circumstances, process or disclose your personal data where it is necessary to protect your or another person’s vital interests, as defined under applicable law.

This may include responding to a credible threat to life, serious bodily harm, fraud, or abuse that requires urgent intervention, or to comply with lawful law enforcement requests in an emergency context.

Such processing will only occur:

• Where legally permitted;

• In accordance with principles of proportionality and necessity; and

• With appropriate safeguards.

Relevant categories:
(a) Identity and contact data;
(b) Wallet and transaction data;
(c) Communications history;
(d) Regulatory or law enforcement disclosures.

5. How and Why We Share Your Personal Data

5.1 Sharing Within the Swapped Group

We may share your personal data with other entities within the Swapped group of companies—including Swapped ApS, Bitinvestor ApS, Swapped ApS NUF, Swappedcom Inc., and Swapped ApS (Australia) to the extent necessary to:
(a) deliver our Services;
(b) respond to user support or legal requests;
(c) facilitate regulatory compliance and monitoring; or
(d) operate our platform securely and efficiently.

Each Swapped entity receiving such data will process it only in accordance with this Privacy Policy and applicable data protection laws.

5.2 Sharing with Legal, Regulatory, and Governmental Bodies

We may disclose your personal data to regulators, tax authorities, law enforcement, courts, or other governmental bodies when required to:
(a) comply with applicable laws, regulations, or legal obligations;
(b) respond to lawful requests, subpoenas, search warrants, or court orders;
(c) fulfill industry-wide reporting obligations (e.g., VASP coordination);
(d) detect, prevent, or address illegal activity including fraud, terrorism financing, or market abuse; or
(e) protect the safety, rights, or property of Swapped, its users, or the public.

Disclosures are made only where permitted or required by law and under proper legal safeguards.

5.3 Sharing with Third-Party Service Providers

We engage trusted third-party vendors to assist in the operation of our Services. These service providers are contractually required to process personal data only in accordance with our instructions and for specified purposes. We may share your data with:
(a) IT infrastructure and hosting providers;
(b) KYC/AML vendors, including ID document verification services;
(c) analytics providers for platform diagnostics and performance tracking;
(d) fraud monitoring, sanctions screening, and risk modeling providers;
(e) payment service providers and settlement processors;
(f) customer support tools, CRM systems, and ticketing platforms; and
(g) communications platforms for chat, email, or SMS delivery.

Swapped ensures that all such third parties are bound by appropriate confidentiality, data protection, and data processing agreements as required by law.

5.4 Business Transfers and Corporate Events

If Swapped, or any part of our assets, is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale, your personal data may be transferred to another entity as part of the transaction. Where legally required, we will notify you before such a transfer and ensure that the receiving party commits to equivalent privacy safeguards.

Where possible, data will be anonymized or pseudonymized before such transfers.

5.5 Sharing Based on Your Consent or Instructions

We may share your personal data with third parties when you have explicitly authorized us to do so. This includes integrations, merchant partnerships, or linked services you have initiated or approved through your use of our platform.

For example:
(a) if you conduct a transaction with a Swapped-integrated merchant, we may receive and share transaction data related to that merchant;
(b) if you authorize us to process payments via a third-party provider (e.g., a wallet, PSP, or bank), we may share necessary payment information with that institution.

We do not permit such third parties to use your data for unrelated purposes, and we encourage you to review their respective privacy policies.

6. How We Protect and Store Your Personal Data

6.1 Security Measures

Swapped maintains appropriate technical and organizational safeguards designed to protect your personal data against unauthorized access, use, alteration, disclosure, or destruction. These measures include:
(a) data encryption in transit and at rest;
(b) secure network infrastructure and access controls;
(c) transaction monitoring systems to detect anomalous behavior;
(d) multi-factor authentication (where applicable); and
(e) internal data protection policies and staff training.

Despite these measures, no method of electronic transmission or storage is entirely secure. We cannot guarantee absolute security, but we make reasonable efforts to protect your data in accordance with applicable laws and industry standards.

6.2 Data Breach Notification

In the event of a data breach involving your personal data that is likely to result in a high risk to your rights or freedoms, we will notify you without undue delay, in accordance with applicable legal requirements. Notifications may be delivered by email, dashboard message, or any other legally permissible method.

6.3 Retention of Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes set out in this Policy, including:
(a) providing you with Services;
(b) complying with legal obligations (e.g., anti-money laundering laws, tax reporting, contractual obligations); and
(c) resolving disputes and enforcing our agreements.

Retention periods vary by data type and applicable law. When data is no longer required, it is securely deleted, anonymized, or archived in accordance with our internal policies.

6.4 Your Role in Protecting Personal Data

You are responsible for maintaining the confidentiality of your account credentials, ensuring secure access to your devices, and promptly notifying Swapped of any unauthorized access to your account or suspicious activity. If you believe your account has been compromised, please contact us immediately at support@swapped.com. 

6.5 Security and Storage of Personal Information

At Swapped, we have implemented comprehensive technical and organizational measures (TOMs) to ensure the security, confidentiality, and integrity of your personal data. These safeguards include access controls, encryption, monitoring systems, and internal policies. We continuously review and update these measures to remain aligned with legal, regulatory, and technical developments.

When we share personal data with third parties—whether to provide you with services or to fulfill a legal obligation—we require that those parties apply security standards no less protective than those we implement ourselves.

We store your personal data securely in data centers located within the European Union. Data is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal and regulatory obligations. In most cases, this means storing your information for up to five (5) years following the closure of your account.

When your data is no longer needed, we ensure its secure deletion, anonymization, or archival in accordance with our internal policies and applicable law.

7. How Long We Retain Your Personal Data

7.1 Variable Retention Periods

Swapped retains your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including:
(a) providing the Services;
(b) meeting legal, regulatory, accounting, and tax obligations; and
(c) resolving disputes and enforcing our rights.

The duration for which we retain personal data varies depending on:
(i) the nature, scope, and sensitivity of the data;
(ii) the purpose for which it was collected;
(iii) any legal or contractual requirements for retention; and
(iv) the potential risk of harm from unauthorized use or disclosure.

7.2 Legal and Regulatory Obligations

Where required by law (for example, anti-money laundering or financial conduct laws), we may retain certain categories of personal data for a fixed minimum period, even after your account has been closed or you have requested deletion.

For example, under applicable AML regulations, we may be required to retain personal identification and transactional data for a minimum of five (5) to seven (7) years after the termination of the business relationship.

7.3 Account Closure and Deletion Requests

When you close your Swapped account, or when we receive a valid deletion request, we will delete or anonymize your personal data unless:
(a) we are legally required or permitted to retain it;
(b) it is necessary to defend or establish legal claims; or
(c) we are obligated to maintain business records or fulfill contractual obligations.

We securely destroy or anonymize data once it is no longer needed for the purposes outlined above.

In accordance with applicable anti-money laundering and financial conduct regulations, we are legally required to retain certain categories of personal data—including identification and transaction records—for a minimum of five (5) years following your most recent transaction.

As such, even if you submit a deletion request under GDPR, we may not be able to fulfill it until the mandatory retention period has expired. We do not retain your data beyond what is legally required, and we securely delete or anonymize it once those obligations no longer apply.

8. Children’s Personal Information

8.1 The Swapped Services are not directed to, or intended for, individuals under the age of 18. We do not knowingly collect, use, or retain personal data from anyone under this age threshold.

8.2 If we become aware that a user submitting personal information is under 18 years of age, we will take steps to close the account, terminate access to the Services, and delete the personal data as soon as reasonably possible, unless legally required to retain it.

8.3 If you believe that a minor under the age of 18 is using our Services, or has submitted personal data to us, please contact us at support@swapped.com so that we may take appropriate action.

9. Cross-Border Transfers of Personal Data

9.1 Swapped ApS, headquartered in Denmark, operates internationally through affiliated legal entities, including in Norway, Australia, Canada, and the United States. In the course of providing our Services, your personal data may be transferred to, accessed from, or processed in jurisdictions outside of your country of residence, including outside the European Economic Area (EEA).

9.2 These cross-border transfers may involve countries whose data protection laws are not considered to offer the same level of protection as those in your home jurisdiction. Nonetheless, Swapped ensures that such transfers comply with applicable data protection laws and that your personal data is protected in accordance with this Policy.

9.3 Where required by law, we rely on one or more of the following legal mechanisms to transfer personal data:
(a) adequacy decisions from the European Commission or other relevant authorities;
(b) the use of Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner;
(c) your explicit consent;
(d) necessity for the performance of a contract with you or implementation of pre-contractual measures;
(e) the establishment, exercise, or defence of legal claims; or
(f) other legally permissible grounds under applicable data protection laws.

9.4 You may contact us at security@swapped.com to request further details about the safeguards we apply to international data transfers or to obtain a copy of the relevant Standard Contractual Clauses, where applicable.

10. Cookies

10.1 Swapped uses cookies and similar tracking technologies on its websites, applications, and digital platforms to enhance functionality, analyze usage patterns, and improve user experience.

10.2 A cookie is a small text file stored on your device that enables us to recognize your browser and collect certain types of information. This includes information about your preferences, session duration, browser type, device type, pages visited, and interactions with the Services. These files are typically stored on your device’s hard drive or memory.

10.3 Cookies help us assign a unique identification to your browser or device, support core platform functionality, collect aggregated data on user behavior and system performance, and evaluate the effectiveness of our Services and communications.

10.4 Some cookies are placed by third-party service providers, including analytics and advertising providers, which may use the data in accordance with their own policies. These third-party cookies assist us in measuring traffic and usage patterns and in understanding how users interact with the Services.

10.5 You can manage, disable, or delete cookies at any time through your browser settings. Most modern web browsers allow users to control cookie preferences, including viewing cookies, deleting them, blocking specific cookies, or blocking all cookies from being set. More information on how to manage cookies in your browser can be found at www.aboutcookies.org and www.allaboutcookies.org.

10.6 You may also opt out of Google Analytics tracking across all websites by installing the opt-out browser add-on available at tools.google.com/dlpage/gaoptout.

10.7 For more detailed information about the types of cookies used on Swapped’s platforms, their purpose, duration, and how to manage your cookie preferences, please refer to our separate Cookie Policy, which forms an integral part of this Privacy Policy.

11. Third-Party Applications and Websites

11.1 For your convenience and to enhance your experience, Swapped may provide links to external websites, applications, content, or services operated by third parties. These may include third-party identity verification providers, blockchain analytics tools, merchant websites, or financial institutions involved in the transaction process.

11.2 These third-party sites and services operate independently and may have their own privacy policies and practices. Swapped does not control and is not responsible for the content, accuracy, security, or privacy practices of any third-party website, application, or service.

11.3 Your use of any third-party service is governed solely by the terms and privacy policy of that provider. We strongly encourage you to review the privacy notices and terms of use applicable to any external services or websites you visit through our platform.

11.4 The inclusion of any third-party link or functionality on our platform does not imply endorsement or affiliation unless expressly stated.

12. Your Privacy Rights and Choices

12.1 Depending on your location and applicable data protection laws, you may have certain rights concerning the personal data we collect about you. These rights may include the right to request access to your personal information or confirmation that we are processing it; the right to request correction of inaccurate or incomplete information; the right to request deletion of your personal information, subject to certain exceptions; and the right to withdraw consent where processing is based on consent.

12.2 In some jurisdictions, you may also have the right to receive your personal information in a structured, commonly used, and machine-readable format and request that such data be transmitted to another controller where technically feasible. This right applies only to personal data you have provided directly to Swapped.

12.3 You may have the right to object to, or request that we restrict, certain processing of your personal information, although we may retain the right to process your data if legally required or otherwise permitted by law.

12.4 You have the right to lodge a complaint with a data protection authority in the country in which you reside or where you believe your rights have been infringed.

12.5 Where required by law, Swapped enables users to opt out of targeted advertising. You may do so by managing your preferences in our cookie settings, accessible via the homepage of our websites.

12.6 You may exercise your rights by contacting Swapped at the contact details provided in Section 15. To help protect your privacy and security, we may take reasonable steps to verify your identity before fulfilling your request. This may include asking for identifying information, confirming ownership of your account, or requesting a signed declaration.

12.7 If you choose to appoint an authorized agent to submit a request on your behalf, we require written and signed permission from you, which the agent must submit along with their request. Swapped reserves the right to deny requests from agents who do not provide proof of authorization or who fail to adequately verify their identity.

12.8 Swapped does not currently respond to browser-based “Do Not Track” signals due to lack of standardization in how these signals are sent and interpreted.

12.9 You may manage your marketing communication preferences by contacting us at support@swapped.com.  While Swapped only sends promotional emails during the early stages of your account onboarding, you may request to opt out of such communications at any time.

Please note that even if you unsubscribe from marketing communications, we may still send you essential service-related messages as necessary to operate your account and deliver the Services.

12.10 Request Handling, Response Timeframes, and Identity Verification

To exercise any of your data protection rights, you may contact us at support@swapped.com.  If available, you may also manage some of your preferences directly through your account profile page. We will respond to all valid requests within one month, as required under applicable data protection laws. In some cases—such as when your request is complex or you have made multiple requests—we may extend this period by an additional two months, and we will notify you accordingly.

We may request identification documents or other verification methods to confirm your identity before fulfilling any data-related requests. If you decline to provide adequate proof of identity, we may be unable to process your request beyond restricting the processing of your data until your identity can be confirmed.

Please note that we reserve the right to charge a reasonable administrative fee for requests involving excessive or repetitive copies of your personal information. If we are unable to fulfill your request due to overriding legal obligations or legitimate interests, we will notify you of the reasons for our decision.

12.11 Automated Decision-Making and Profiling

At Swapped, we may use automated decision-making and profiling as part of our efforts to detect and mitigate risks related to fraud, money laundering, or misuse of our services. This processing involves analyzing personal, transactional, and behavioral data—such as identification documents, usage patterns, and interaction history.

Such automated processing is necessary for us to provide secure and compliant services in accordance with legal and regulatory obligations.

If you believe that this automated processing may negatively affect you, or if you would like more information about the logic involved and the consequences of such processing, you may contact us at support@swapped.com. Where required by law, you may also request human intervention, express your point of view, or contest the decision.

13. How to Contact Us or Submit a Complaint

13.1 If you have any questions, concerns, or complaints regarding this Privacy Policy or the way Swapped processes your personal data, you may contact us at support@swapped.com. 

If applicable, you may also reach our Data Protection Officer (DPO) at GDPR@swapped.com. The DPO is responsible for ensuring compliance with applicable data protection laws and overseeing our privacy practices.

Swapped ApS is a company incorporated in Denmark under registry code 42865397.

Our registered address is Rosbjergvej 22A, 8220 Brabrand, Denmark.

13.2 If you require this Privacy Policy in an alternative format due to a disability or accessibility need, please contact us and we will provide it in a suitable format.

13.3 You may also submit data protection inquiries or rights requests using the contact details provided on the relevant Swapped website or platform.

13.4 If you are located in the EU, and particularly if your relationship with Swapped is governed under GDPR, you may lodge a complaint with The Danish Data Protection Agency (Datatilsynet), which acts as our lead supervisory authority in the EEA.

• Denmark (Main Establishment in the EEA)
  The Danish Data Protection Agency (Datatilsynet)
  Carl Jacobsens Vej 35, 2500 Valby, Denmark
  Tel: +45 33 19 32 00
  Email: dt@datatilsynet.dk
  Website: https://www.datatilsynet.dk/english
  
  

• Norway
  The Norwegian Data Protection Authority (Datatilsynet)
  P.O. Box 458 Sentrum, 0105 Oslo, Norway
  Tel: +47 22 39 69 00
  Website: https://www.datatilsynet.no
  
  

• Australia
  Office of the Australian Information Commissioner (OAIC)
  GPO Box 5288, Sydney NSW 2001, Australia
  Tel: 1300 363 992
  Website: https://www.oaic.gov.au
  
  

• Canada
  Office of the Privacy Commissioner of Canada
  30 Victoria Street, Gatineau, Quebec K1A 1H3
  Tel: 1-800-282-1376
  Website: https://www.priv.gc.ca
  
  

• United States
  For U.S. residents, including those in California, you may have rights under applicable state privacy laws. Please contact support@swapped.com  for assistance or refer to your state’s Attorney General office for more information.

14. Privacy Notice for U.S. Residents

This section applies exclusively to individuals residing in the United States and supplements the terms of this Privacy Policy. It is intended to comply with relevant U.S. state privacy laws, including but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “California Privacy Law”). For purposes of this section, the terms “personal information” and “sensitive personal information” are used as defined under applicable U.S. privacy laws.

14.1 Personal Information We Collect and Disclose

Swapped collects and processes categories of personal information consistent with those described in Section 3 of this Policy. This includes identifying information, transactional and commercial data, device and browser data, geolocation data, internet activity, and—in specific cases—biometric data for identity verification purposes. Swapped may disclose this personal information to affiliated entities, service providers, payment processors, regulatory authorities, and other third parties, where required or permitted by law, for the purposes of fulfilling services, complying with legal obligations, preventing fraud, and supporting operational functions.

14.2 Sensitive Personal Information

Swapped may collect sensitive personal information, including government-issued identification numbers such as Social Security numbers, passport and driver’s license details, account login credentials in combination with required security codes, and biometric data (such as facial images or recordings used solely for identity verification purposes). This sensitive data is collected for lawful business purposes, including fraud prevention, legal compliance, identity verification, secure access, and transaction processing. Swapped does not use or disclose sensitive personal information for any purpose not expressly permitted under California Privacy Law and does not sell or share such data for cross-context behavioral advertising.

14.3 Your Rights Under U.S. Privacy Law

Depending on your U.S. state of residence, you may have specific rights in relation to your personal information. These may include the right to request access to the personal information Swapped holds about you; the right to request correction or deletion of your personal information; the right to request restriction or limitation of how your sensitive personal information is used or disclosed; the right to object to or restrict certain processing activities; the right to opt out of any sale or sharing of personal information where applicable; and the right to appeal a denial of any privacy-related request. You may also have the right to receive your data in a structured, machine-readable format, where technically feasible.

Requests to exercise these rights may be submitted by contacting Swapped at support@swapped.com. Swapped will verify the identity of the requestor using appropriate methods under applicable law. Verification may require provision of information previously provided by you or submission of a signed declaration. If you authorize an agent to act on your behalf, Swapped may require written authorization signed by you and direct confirmation from you. Requests submitted by unauthorized individuals will not be processed.

14.4 Do Not Sell or Share My Personal Information

Swapped does not sell or share your personal information as those terms are defined under California Privacy Law. Swapped does not engage in cross-context behavioral advertising or disclose your data for purposes unrelated to the delivery of our Services or legal compliance.

14.5 Non-Discrimination

Swapped will not discriminate against any individual for exercising rights under U.S. state privacy laws. This means Swapped will not deny services, charge different prices, offer different rates, or provide a different level or quality of services solely because a user has exercised their privacy rights.

California Shine the Light Disclosure

Under California Civil Code Section 1798.83, California residents may request information regarding the disclosure of their personal information to third parties for those parties’ direct marketing purposes. Swapped does not disclose personal information to third parties or affiliates for their own direct marketing purposes without your consent. If you would like to submit a request in connection with this law, please contact us using the details provided in Section 13 (“How to Contact Us”).

15. Changes to This Privacy Policy

We reserve the right to revise, modify, update, or supplement this Privacy Policy at any time. If we make material changes to how we collect or process your personal data, we will notify you by posting a prominent notice on our website or within your user dashboard.

Where required by law or if we believe the changes may significantly affect your rights, we will request your explicit acknowledgment or consent before continuing our relationship with you.

The current version of this Privacy Policy was last amended on July 2025.