Privacy Policy

1. Overview

SwordTechLabs (“we”, “us”, or “our”) is a software engineering consultancy incorporated in Delaware, USA. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit swordtechlabs.com or contact us about our services.

We serve clients in the United States, Canada, and the United Kingdom. Where applicable, we comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable US state privacy laws.

Our website is primarily an informational marketing site. We do not operate a SaaS product, user accounts, or an e-commerce store — the data we handle is limited to enquiry and communication data.

2. Data We Collect

2.1 Contact form submissions

When you submit our contact form we collect:

• Full name
• Email address
• Company name (optional)
• Project description and budget range (as provided)
• IP address and submission timestamp (for spam prevention)

2.2 Email correspondence

If you contact us directly at hello@swordtechlabs.com, we retain the contents of that correspondence to handle your enquiry.

2.3 Analytics data

We use privacy-respecting website analytics to understand how visitors use our site. This may include page views, referring URLs, browser type, and approximate location (country/region level). We do not use advertising trackers or cross-site tracking.

2.4 Data we do NOT collect

We do not collect payment card data, government ID numbers, health information, or any special category data through this website.

3. How We Use Your Data

We use personal data only for the following purposes:

• Responding to enquiries — to reply to contact form submissions and emails about potential engagements.
• Project scoping — to assess whether we are a good fit for your project before any engagement begins.
• Service improvement — aggregated, anonymised analytics to understand how our website performs.
• Legal compliance — to meet obligations under applicable law.

We do not use your data for marketing without your explicit consent, and we do not sell, rent, or trade personal data to any third party.

4. Legal Basis for Processing (UK / EU GDPR)

For contacts located in the United Kingdom or European Union, our legal bases for processing are:

• Legitimate interests (Article 6(1)(f)) — responding to your enquiry and assessing a potential business relationship is a legitimate interest that does not override your rights.
• Legal obligation (Article 6(1)(c)) — retaining certain records where required by law.
• Consent (Article 6(1)(a)) — for any optional communications you explicitly opt into.

5. Data Retention

• Enquiry data — retained for 24 months from last contact, then deleted unless an engagement begins.
• Client project data — retained for the duration of the engagement plus 7 years for legal and accounting purposes.
• Analytics data — aggregated data retained for up to 24 months; raw event data not retained beyond 90 days.

You may request earlier deletion at any time (see Section 7).

6. Third Parties

We share personal data with third parties only where necessary to operate our business:

• Email service providers — for delivering and receiving email (e.g. Google Workspace).
• Scheduling tools — if you book a discovery call via Calendly, their privacy policy applies to data processed through that service.
• Analytics providers — privacy-first analytics that do not share data with advertising networks.
• Legal and professional advisors — under confidentiality obligations where required.

We do not use Facebook Pixel, Google Ads, or any retargeting technology on this website.

7. Your Rights

Under UK GDPR, EU GDPR, and applicable US state laws, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data (subject to legal retention obligations).
• Restriction — ask us to limit how we use your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at hello@swordtechlabs.com. We will respond within 30 days. UK and EU residents also have the right to lodge a complaint with the relevant supervisory authority (ICO in the UK; your national DPA in the EU).

8. Cookies

Our website uses minimal cookies. For full details, see our Cookie Policy. Strictly necessary cookies are used without consent; analytics cookies are used only with your consent where required by law.

9. Security

We apply technical and organisational measures appropriate to the risk level of the data we handle. Our website is served over HTTPS. Contact form data is transmitted and stored encrypted. Access to personal data is limited to the individuals who need it to respond to your enquiry.

No transmission over the internet is 100% secure. If you become aware of a security concern relating to your data, contact us immediately at hello@swordtechlabs.com.

10. Contact Us

For any privacy-related questions, requests, or concerns:

We aim to respond to all privacy enquiries within 5 business days.