Sign in Get started free

Legal

Privacy Policy

Last updated: April 2026

Lateral Vision Pty Ltd (ABN 71 624 831 223) trading as Swyvl ("Swyvl", "we", "us", "our") operates the Swyvl platform at swyvl.io, hub.swyvl.io, and docs.swyvl.io. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information.

We are committed to complying with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). Where we process personal data of individuals in the European Economic Area (EEA) or the United Kingdom, we also comply with the General Data Protection Regulation (GDPR).

By using Swyvl, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the platform.

1. Information we collect

Account information

When you create a Swyvl account, we collect:

  • Full name
  • Email address
  • Password (hashed — we never store plaintext passwords)
  • Organisation name and data region preference
  • Profile photo (if provided)

If you sign up via Google SSO, we receive your name, email address, and profile photo from Google. We do not receive or store your Google password.

Spatial and project data

When you use Swyvl, you may upload spatial files (point clouds, imagery, 3D models, PDFs, and other file types). These files are stored in your selected data region. We also store metadata you provide, including site names, collection descriptions, and client details associated with share links.

Usage and activity data

We log activity events within the platform for security and audit purposes, including:

  • Actions performed (e.g. file uploads, share link creation, login events)
  • Timestamps
  • IP addresses
  • Approximate geolocation derived from IP address (city and country level only)
  • Browser user agent

Payment information

Payments are processed by Stripe. We do not store credit card numbers or bank account details on our servers. Stripe handles all payment data in accordance with PCI-DSS requirements. We retain your Stripe customer ID and subscription status.

Support interactions

If you contact us through our in-app support system, we collect the content of your messages, any attached files, and associated metadata.

2. How we use your information

We use personal information to:

  • Provide, maintain, and improve the Swyvl platform
  • Authenticate your identity and secure your account
  • Process file uploads, generate thumbnails, and extract metadata
  • Send transactional emails (e.g. verification, share notifications, delivery confirmations)
  • Provide customer support
  • Maintain audit logs for security and compliance
  • Process payments and manage subscriptions
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your spatial data to train AI models. AI processing (file classification) operates on filenames and metadata only, not on the content of your files.

3. Data storage and regions

Swyvl stores your files in the data region you select at account creation. Available regions are:

  • Australia (Sydney)
  • US East (Virginia)
  • US West (Oregon)
  • United Kingdom (London)
  • Europe (Frankfurt)
  • Canada (Toronto)
  • Japan (Tokyo)
  • Singapore

Files are stored in Wasabi (S3-compatible object storage) in the selected region. Account data, metadata, and activity logs are stored in Supabase (PostgreSQL). Our application infrastructure runs on Google Cloud Platform.

Your data region is set at account creation and cannot be changed. This ensures your spatial data remains in your chosen jurisdiction.

4. Data sharing and disclosure

We do not sell your personal information. We share data only in the following circumstances:

Service providers

We use trusted third-party services to operate the platform:

ProviderPurposeData shared
SupabaseDatabase, authenticationAccount data, metadata
WasabiFile storageUploaded files
Google CloudApplication hostingTransient request data
StripePayment processingBilling details
ResendEmail deliveryEmail addresses, email content
AnthropicAI file classificationFilenames and metadata only

Share links

When you create a share link, the files and metadata you include become accessible to anyone with the link (or invited recipients, depending on your sharing settings). You control what is shared and with whom.

Legal requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5. Cookies and tracking

Swyvl uses a small number of tools to keep the platform working and understand how visitors find us:

  • Authentication session cookies on the application (hub.swyvl.io) — strictly necessary to keep you signed in.
  • Cloudflare Web Analytics on the application (hub.swyvl.io and share.swyvl.io) — anonymous, cookieless page-view and performance metrics. No cross-site tracking, no identifiers stored on your device.
  • Google Analytics 4 on the marketing site (swyvl.io and docs.swyvl.io) — anonymous traffic and source measurement. Loaded only after you accept via the consent banner; if you decline or do not respond, no GA cookies or scripts are loaded.

We do not use advertising or marketing cookies, social media tracking scripts, or cross-site tracking of any kind.

6. Data retention

We retain your data as follows:

  • Account data: retained while your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law.
  • Uploaded files: retained while your account is active. Deleted files are permanently removed from storage within 30 days of deletion.
  • Activity logs: retained for up to 2 years for security and compliance purposes.
  • Payment records: retained as required by Australian tax law (generally 7 years).
  • Support conversations: retained for 2 years after resolution.

7. Your rights

All users

Regardless of your location, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your uploaded files at any time
  • Withdraw consent where processing is based on consent

Australian users (APPs)

Under the Australian Privacy Principles, you have the right to access and correct your personal information. If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

EEA and UK users (GDPR)

If you are in the EEA or UK, you have additional rights under the GDPR:

  • Right to erasure: request deletion of your personal data
  • Right to restriction: request we limit processing of your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to lodge a complaint: with your local data protection authority

Our lawful bases for processing under GDPR are: contractual necessity (to provide the service), legitimate interests (security, fraud prevention, platform improvement), and consent (where applicable).

8. Security

We take reasonable steps to protect your information, including:

  • Encryption in transit (TLS/HTTPS) for all connections
  • Encryption at rest for stored data
  • Row-level security (RLS) on all database tables
  • Pre-signed URLs with expiry for file access
  • Hashed passwords (bcrypt via Supabase Auth)
  • Audit logging with IP and geolocation tracking
  • Secrets managed via Google Secret Manager

No system is perfectly secure. If you become aware of a security vulnerability, please contact us at security@swyvl.io.

9. Children's privacy

Swyvl is not directed at children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. International data transfers

Your account data may be processed in countries outside your own (including Australia and the United States) through our service providers. Where data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including standard contractual clauses or reliance on adequacy decisions where available.

Your spatial files remain in the data region you selected at account creation.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top reflects the most recent revision.

12. Contact us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

  • Email: privacy@swyvl.io
  • Company: Lateral Vision Pty Ltd (ABN 71 624 831 223)
  • Location: Australia

For complaints regarding our handling of your personal information, you may also contact the Office of the Australian Information Commissioner.