Legal

Privacy Policy

Last updated: April 10, 2026  ·  Effective immediately  ·  Questions? privacy@smartswap.site

SmartSwap is built on a simple principle: your health data belongs to you. We collect the minimum necessary to run the service, we never sell it to anyone, and you can permanently delete everything at any time.

1. Who we are

SmartSwap ("we", "us", "our") operates the website and web application at smartswap.site. We are a health and wellness education platform providing breathwork tools, meditation sessions, gut health tracking, mood logging, and science-based health content.

For privacy matters: privacy@smartswap.site

2. What data we collect

Account data. When you register, we collect your name, email address, and a securely hashed password. We never store your password in plain text — it is run through bcrypt before touching our database.

Health and practice data. When you use the app, we store the data you actively enter: breathing sessions, meditation sessions, mood logs (mood, stress, energy, focus scores and optional notes), gut health daily check-ins, breath hold records, and any session notes you choose to write. This data is stored exclusively to provide you with progress tracking, streaks, and personalised insights within the app.

Subscription and payment data. If you subscribe, payments are processed entirely by Stripe. We store your subscription plan, status, and renewal date. We never see, handle, or store your card number — Stripe is PCI-DSS Level 1 certified and manages all payment data under their own privacy policy.

Technical data. We log your last login date and your chosen timezone. We do not run advertising trackers, analytics pixels, heatmapping scripts, or session recording tools.

3. What we do not collect

We do not sell, rent, trade, or share your personal data with third parties for marketing or advertising purposes, ever.

4. How we use your data

5. Legal basis for processing (GDPR)

If you are in the European Economic Area, our legal bases are:

6. Data storage and security

Your data is stored on servers with EU-adequate protection. We apply industry-standard security measures including HTTPS encryption for all data in transit, bcrypt password hashing at cost factor 12, CSRF tokens on all forms, prepared SQL statements to prevent injection attacks, and HTTP-only SameSite session cookies.

No system is perfectly secure. If we ever become aware of a breach affecting your personal data, we will notify you within 72 hours.

7. Cookies

We use a single session cookie to keep you logged in. It is HTTP-only (inaccessible to JavaScript), SameSite=Lax, and expires after 30 days or when you log out. We do not use advertising cookies, third-party tracking cookies, or persistent identifiers beyond this one session token.

8. Third-party services

Stripe — payment processing. Card data goes directly to Stripe's servers under their PCI-DSS Level 1 environment and never passes through ours. See stripe.com/privacy.

Google Fonts — typography. Loading fonts from Google means your IP address is sent to Google's servers when the page loads. See policies.google.com/privacy. If you prefer, you can use the service with fonts blocked — it remains fully functional.

No other third parties receive your personal data.

9. Your rights

Depending on where you are located, you may have the following rights:

Email privacy@smartswap.site to exercise any right. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Data retention

We retain your account and health data for as long as your account is active. If you delete your account, all personal data is permanently and irreversibly deleted within 14 days. The only exception is billing records (invoice amounts, dates, plan history) which we are required to retain for up to 7 years under applicable tax law — but this contains no health data.

11. Children

SmartSwap is not directed at anyone under 16. If you believe a child under 16 has registered an account, please contact privacy@smartswap.site and we will delete the account promptly.

12. Changes to this policy

If we make material changes to this policy, we will notify registered users by email at least 14 days before the changes take effect, and update the date at the top of this page. Continued use after the effective date constitutes acceptance. If you do not agree with a material change, you may delete your account before it takes effect.

13. Medical disclaimer

SmartSwap provides health and wellness education only. Nothing on this platform constitutes medical advice, diagnosis, or treatment. The breathing techniques, meditation practices, and health information are for general educational purposes. Always consult a qualified healthcare provider before making changes to your health routine, particularly if you have a pre-existing medical condition, are pregnant, or are taking medication.