SwiftReach
Last updated: May 12, 2026

Privacy Policy

SwiftReach ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication information through Clerk, our authentication provider.

Business Information: When you connect your WhatsApp Business account, we store (encrypted) your Meta API credentials including your API token, Phone Number ID, and Business Account ID solely to enable message sending on your behalf.

Contact Data: We store the contact lists you upload or import, including phone numbers and any associated fields (names, balances, custom data). This data is used exclusively to send your campaigns.

Campaign Data: We store records of campaigns you create, messages sent, delivery statuses, and message content for reporting and analytics purposes.

Usage Data: We automatically collect information about how you use the Service, including pages visited, features used, and actions taken, to improve the Service.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers or sensitive payment data on our servers. We receive subscription status and billing history from Stripe.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Send WhatsApp messages on your behalf using your connected WhatsApp Business account.
  • Process payments and manage subscriptions.
  • Send you service-related communications.
  • Provide customer support.
  • Monitor and analyze usage patterns to improve the Service.
  • Detect and prevent fraud or abuse.
  • Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your contact data or message content for advertising purposes.

3. Google API Services and User Data

SwiftReach's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access: When you use the Google Drive import feature (available on paid plans), SwiftReach requests access to your Google Drive with read-only scope (drive.readonly). This allows you to select and import files from your Drive.

What we do with Google data:

  • We access only the specific files you select through Google's file picker UI.
  • We read the file content solely to extract contact information for your campaign.
  • We do not store the raw file contents on our servers.
  • We do not use Google user data for advertising.
  • We do not allow humans to read your Google data unless required by law or with your explicit consent.
  • We do not transfer Google user data to third parties except as necessary to provide the Service.

OAuth tokens: We do not store your Google OAuth access tokens beyond the duration of the import session. Tokens are used once to download the selected file and are immediately discarded.

Revoking access: You can revoke SwiftReach's access to your Google account at any time at: myaccount.google.com/permissions

3b. Meta WhatsApp Business API and User Data

SwiftReach uses the Meta WhatsApp Business Cloud API to send messages on behalf of our users. This section explains how we handle WhatsApp-related data in compliance with Meta's Platform Terms.

What WhatsApp data we access and store:

  • Phone numbers of message recipients (stored as part of your contact lists and campaign records).
  • Message content you compose and send through our platform (stored for campaign history and analytics).
  • Message delivery statuses (sent, delivered, read, failed) received via Meta's webhook callbacks.
  • Inbound message text from contacts who reply to your campaigns (stored in your inbox).

How we use this data:

  • To send WhatsApp messages on your behalf.
  • To display delivery and read receipts in your campaign reports.
  • To power analytics and performance tracking.
  • We do not use WhatsApp message data for advertising or share it with third parties beyond what is necessary to provide the Service.

Data retention:

  • Contact phone numbers and campaign data are retained while your account is active and deleted within 90 days of account closure.
  • Message delivery status data follows the same retention schedule.
  • Inbound messages are retained until you delete them or close your account.

Meta Platform Terms compliance: Our use of the WhatsApp Business API and all data obtained through it complies with Meta's Platform Terms and WhatsApp Business Policy. We do not use Meta platform data in ways that violate these terms.

Data deletion: You can delete your contact data, campaign history, and all associated WhatsApp message data at any time by deleting your SwiftReach account. To request data deletion, email privacy@swiftreach.app or delete your account through Settings. We will process deletion requests within 30 days.

4. Information Sharing and Disclosure

We share your information only in these circumstances:

Service Providers: We share data with trusted third-party providers who assist in operating our Service:

  • Clerk (authentication)
  • Stripe (payment processing)
  • Neon/PostgreSQL (database hosting)
  • Vercel (application hosting)
  • Resend (transactional email)
  • Meta (WhatsApp message delivery)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements: We may disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of SwiftReach, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

We never sell your personal information.

5. Data Retention

  • Account data: retained while your account is active and for 90 days after deletion.
  • Campaign and contact data: retained while your account is active; deleted within 90 days of account termination.
  • Payment records: retained for 7 years for tax and accounting purposes.
  • Error logs: retained for 30 days.
  • Google Drive import data: raw file contents are not retained; extracted contact data follows the contact data retention policy above.

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • WhatsApp API tokens are encrypted at rest using AES-256 encryption.
  • All data transmission uses TLS/HTTPS encryption.
  • Database access is restricted and monitored.
  • We conduct regular security reviews.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data. You can delete your account at any time through the app settings.
  • Portability: Request an export of your data in a machine-readable format.
  • Objection: Object to certain processing of your personal data.

California Residents (CCPA): You have the right to know what personal information is collected, the right to delete, and the right to opt out of sale (we do not sell personal information).

EU/UK Residents (GDPR): We process your data based on contractual necessity and legitimate interests. You have the right to lodge a complaint with your supervisory authority.

To exercise any of these rights, contact us at privacy@swiftreach.app.

8. Cookies and Tracking

We use essential cookies required for the Service to function, including session cookies for authentication (managed by Clerk). We do not use advertising or tracking cookies. We do not use third-party analytics services that track you across other websites.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Data Transfers

SwiftReach is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

For EU/UK users: we rely on Standard Contractual Clauses for international data transfers where required.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 14 days before the change takes effect. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights:

For Google API data concerns specifically: