Privacy Policy — SwiftsReader

            We built SwiftsReader for neurodivergent researchers. We collect only what we need to run the product, we never sell your data, and we never share it with advertisers.
        

1. Who We Are

SwiftsReader is operated by Ten Labs Pty Ltd (ABN: 15 696 155 192), a company incorporated in Australia. References to "we", "us", or "our" in this policy refer to Ten Labs Pty Ltd.

If you have any questions about this policy, contact us at [email protected].

2. Information We Collect

Information you provide directly

Account information — your name and email address when you sign up via Clerk.
Uploaded documents — PDFs or text you upload to read. These are processed to extract text and are stored in your personal library.
Payment information — handled entirely by Stripe. We never see or store your full card details.

Information collected automatically

Usage data — pages visited, features used, session duration, and reading speed settings.
Device information — browser type, operating system, and screen size for rendering purposes.
Log data — IP address, timestamps, and error logs for security and debugging.

3. How We Use Your Information

To provide, maintain, and improve the SwiftsReader service
To process payments and manage your subscription
To send transactional emails (e.g. receipts, password resets) via Resend
To generate AI summaries of your uploaded documents using the Anthropic API
To respond to your support requests
To detect and prevent fraud or abuse

We do not use your data to train AI models. We do not sell your data to third parties. We do not serve advertising.

4. Third-Party Services

We use the following sub-processors to deliver our service:

Clerk — authentication and user management (USA)
Stripe — payment processing (USA)
Anthropic — AI summary generation (USA). Document text is sent to Anthropic's API for processing. Anthropic's privacy policy applies to this processing.
Google Cloud — text-to-speech audio generation (USA)
Vercel — hosting and infrastructure (USA/global)
Prisma / Neon — database storage (USA)
Resend — transactional email (USA)
LinkedIn — analytics and advertising insights via the LinkedIn Insight Tag, only loaded with your consent (USA). LinkedIn Privacy Policy.

Each of these providers processes data under their own privacy policies and, where applicable, under data processing agreements with us.

5. Data Storage and Security

Your data is stored on servers located primarily in the United States. We implement industry-standard security measures including encryption in transit (TLS) and at rest. Access to your data is restricted to authorised personnel only.

No method of transmission over the internet is 100% secure. While we do our best to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your account data and uploaded documents for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data ("right to be forgotten")
Export your data in a portable format
Object to or restrict certain types of processing
Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. EU / EEA Users — GDPR

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data.

Legal basis for processing

Contract performance — processing necessary to provide the service you signed up for (e.g. storing your library, generating summaries)
Legitimate interests — analytics, fraud prevention, and service improvement, where these do not override your rights
Legal obligation — where we are required to process data by law
Consent — for any processing not covered above, which you may withdraw at any time

International transfers

Our sub-processors (Clerk, Stripe, Anthropic, Vercel, Google Cloud, Prisma/Neon, Resend) are based in the United States. Transfers of personal data from the EEA to the US are made under the EU Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms as applicable.

Your GDPR rights

In addition to the rights listed above, EU/EEA users have the right to lodge a complaint with their local supervisory authority if they believe their data is being processed unlawfully.

9. California Users — CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights over your personal information.

Rights under the CCPA

Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected about you
Right to delete — you may request deletion of your personal information, subject to certain exceptions
Right to opt out of sale — we do not sell your personal information to third parties
Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email us at [email protected] with the subject line "CCPA Request". We will respond within 45 days.

Categories of personal information collected

Identifiers (name, email address, IP address)
Commercial information (subscription tier, payment history)
Internet or network activity (usage data, log data)
Professional or education-related information (document content you upload)

10. Cookies

We use strictly necessary cookies for authentication and session management. We also offer optional analytics cookies (LinkedIn Insight Tag) to understand how visitors find SwiftsReader and to improve our advertising. Analytics cookies are only loaded after you explicitly accept via our cookie consent banner. You may decline or change your preference at any time by clearing your browser's local storage for swiftsreader.com.

11. Children

SwiftsReader is intended for users aged 16 and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with their information, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email if we make material changes. The effective date at the top of this page will always reflect the most recent version.

13. Contact

For any privacy-related questions or requests:

Entity: Ten Labs Pty Ltd

Email: