Who is responsible for your data
The data controller is the operator of Swayless. For any question about this policy or to exercise your rights, contact us at the address listed in our legal notice.What we process
Your free-text account of the conflict, your answers to the follow-up questions, the AI summary and reports built from them, and — if you reply — your partner's qualifications and added context. We also process a sign-in email (for the buyer), payment references from Stripe, and a hashed IP address for rate-limiting. We ask you not to include third parties' identifying details (full name, address, phone).Sensitive data
Your account may reveal details about your relationships, sex life, health, or beliefs — special-category data under Article 9 GDPR. We process it only on the basis of your explicit consent, given before anything is stored, and solely to produce your analysis.Why we process it (legal basis)
Producing and revising your report: your explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR), collected before your account is saved. Payment and fraud prevention: performance of the contract and our legitimate interest. Privacy-first analytics: your consent via the cookie banner.Who else handles it (sub-processors)
We rely on: Supabase (encrypted database, EU region) to store data; Anthropic (Claude AI) to generate the analysis — Anthropic does not train on your content, and this call is processed in the United States under appropriate safeguards; PostHog (EU) for content-free analytics; Stripe for payment; and Vercel (compute in Frankfurt, EU). Each acts as our processor under a data-processing agreement.International transfers
Data is stored and computed in the EU. The only transfer outside the EU is the analysis call to Anthropic in the United States, carried out under the appropriate contractual safeguards (Standard Contractual Clauses).How long we keep it
A case and all its contents are automatically and permanently deleted at most 30 days after creation. You can delete a case yourself at any time from the report page, which removes your account, your partner's answers, and all reports immediately.Your rights
You can access, rectify, erase, restrict, or object to the processing of your data, and obtain a portable copy. From your report page you can download all of your data as a file (access and portability) and delete the case (erasure). For the other rights, contact us using the details in the legal notice.How it's protected
Every intimate field is encrypted at rest with AES-256-GCM; the database and backups hold ciphertext only. Your account stays separate from your partner's: neither of you ever sees the other's raw answers — only the shared synthesis.Complaints
If you believe your data is mishandled, you can lodge a complaint with your supervisory authority — in France, the CNIL (cnil.fr).