SWAPPO PRIVACY POLICY

Last updated: 04/01/2026

1. Data Controller

The entity responsible for your data is:

• Name: Lorenzo Concina & Michelangelo Concina
• Contact Email: support@swappoapp.it
• Location: Trento, Italy

2. Data We Collect

Based on the features of the Swappo app, we collect the following personal data:

• Identity Data: Name, surname, username (UserModel).
• Contact Data: Email address, phone number.
• Profile Data: Profile picture, biography/description, language preferences, and your "Favorites" list.
• Transaction and Economic Data: Token balance (tokenBalance), transaction history (TransactionModel), and orders.
• Content Data: Photos and descriptions of items uploaded for exchange (ProductModel), reviews, ratings, and chat messages.
• Technical Data: Firebase Cloud Messaging (FCM) token for push notifications (fcmToken), device type, and access timestamps (createdAt, updatedAt).
• Usage Data: Information on how you use the app, including users you have blocked (blockedUsers).

3. How We Use Your Data

We process your data for the following purposes:

• Service Delivery: To create your account, manage your inventory, and facilitate exchanges and communication between users.
• Communication: To send order updates and push notifications regarding your account activity.
• Security and Moderation: To verify accounts, manage blocked users, prevent fraud, and investigate reports of misconduct.
• Improvement: To analyze usage trends in order to improve the app experience.

4. Legal Basis for Processing (GDPR)

• Performance of a Contract: Most of our processing is necessary to provide the Swappo service to you as described in our Terms of Service.
• Consent: You explicitly consent to the processing of optional data (e.g., when you choose to upload a profile picture). You can withdraw this consent at any time.
• Legitimate Interest: We process data to maintain app security, prevent abuse, and to access user-generated content (like chats) for moderation purposes.
• Legal Obligation: We may need to process certain data to comply with legal or tax obligations.

5. Chat Messages

To ensure transparency, we want you to be aware of how we handle chat messages:

• No End-to-End Encryption: Messages sent via the app's chat feature are not end-to-end encrypted.
• Access by Authorized Personnel: Authorized developers or support staff may need to access chat content for specific and limited purposes, such as:
  • Investigating technical issues (e.g., a message not being delivered).
  • Responding to user reports of misconduct, harassment, or other violations of our Terms of Service.
  • Complying with lawful requests from law enforcement authorities.

We access this data only when necessary and on a need-to-know basis to ensure the safety and integrity of the Swappo community.

6. Data Sharing and International Transfers

We do not sell your personal data. However, we use trusted third-party service providers to operate the app. Your data may be shared with:

• Google Firebase: Used for authentication, database hosting (Firestore), cloud storage (for images), and push notifications. Google is based in the United States.
• Google Analytics: Used to analyze app performance and usage trends. Google is based in the United States.

Transfers of personal data to Google in the United States are safeguarded by Google's certification under the EU-U.S. Data Privacy Framework, which ensures an adequate level of protection for your personal data.

7. Your Rights Under the GDPR

As a user, you have the right to exercise the rights provided by the GDPR at any time, free of charge. To ensure the security of your data, we may ask you to verify your identity before acting on your request. We will provide a response within one month of your request.

Specifically, you have the following rights:

• Right of Access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): You can correct inaccurate or incomplete data, partly through your profile settings or by contacting us.
• Right to Erasure (Art. 17, "Right to be Forgotten"): You can request the deletion of your account and associated personal data, using the feature in the app settings or by contacting us.
• Right to Restriction of Processing (Art. 18): You can ask us to temporarily suspend the processing of your data in certain circumstances.
• Right to Data Portability (Art. 20): You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21): You can object at any time to the processing of your data that is based on our legitimate interest. In such cases, we will no longer process the data unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms.

You can exercise these rights, or ask any privacy-related questions, by contacting us at the email address listed in the "Contacts" section.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The competent authority in Italy is the Garante per la protezione dei dati personali.

9. Data Retention and Account Deletion

We retain your personal data only as long as your account is active or for the time necessary to fulfill the purposes for which it was collected and to comply with our legal obligations.

When you delete your account:

• Deletion and Anonymization: Data that directly identifies your profile (such as name, email, profile picture, bio) and your active item listings are permanently deleted from our systems.
• Chat Messages: To preserve the integrity of conversations for other users, the content of the messages you have sent will remain visible in their chats. However, we will anonymize these messages by removing your name and profile picture, which will be replaced with a generic label (e.g., "Deleted User").

10. Contact Us

For any privacy-related inquiries or to exercise your rights, please contact us at: support@swappoapp.it