Privacy Policy
Last updated: March 13, 2026
1. Introduction
Swer ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website, dashboard, browser extension, and related services (collectively, "the Service").
2. Information We Collect
2.1 Information You Provide
- Account information: email address, username, display name, and profile details
- Profile content: links, images, FAQs, testimonials, and other content you add to your profile page
- Payment information: processed securely by Stripe — we do not store your full card details
- Communications: messages you send to us via email or support channels
2.2 Information Collected Automatically
- Analytics data: page views, link clicks, referrer sources, device type, country, and browser information for your profile page visitors
- Usage data: feature usage patterns within the dashboard to improve the Service
- Session data: authentication tokens and session identifiers
2.3 Information from Third-Party Integrations
When you connect social media accounts (e.g. Twitter, Instagram, TikTok, Reddit), we receive:
- Your public profile information and username on that platform
- Follower/subscriber counts and publicly available metrics
- OAuth access tokens (stored securely, used only for syncing)
We only request the minimum permissions necessary for the features you use.
2.4 Browser Extension
The Swer browser extension ("Copilot") enhances your workflow on supported platforms. Below is a detailed breakdown of how it handles data.
2.4.1 Data stored locally in your browser
The extension stores the following in your browser's local storage (chrome.storage.local). This data remains on your device and is only accessible to the Swer extension:
- Authentication token (to keep you logged in)
- Display preferences (light/dark theme, auto-expand notes)
- Focus mode state (on/off)
- Cached copies of your templates, vault items, and quick deetz (for faster loading)
- Emoji bar configuration cache
2.4.2 Data synced to your Swer account
When you use extension features, the following data is saved to your Swer account on our servers:
- Message templates (title, content, tags)
- File links (title, URL, tags)
- Quick deetz (key-value info snippets)
- Fan tags and colour-coded labels (associated with platform usernames)
- Fan notes (free-text notes associated with platform usernames)
- Tag presets (your custom tag categories and colours)
- Emoji bar configuration (your chosen emoji set and order)
- Organiser tasks (to-do items, status, categories)
2.4.3 Data read from third-party websites
On supported platforms (currently OnlyFans), the extension reads limited information from the page to power its features:
- Usernames from chat lists and headers — used to associate your fan tags and notes with specific users. These usernames are stored on our servers as part of your fan CRM data.
- Page structure (DOM elements) — used to inject interface elements such as tag badges, emoji bar, timer, and notes panel. No page content is collected or stored.
Focus mode: The extension includes an optional Focus mode that applies a CSS blur filter to images on any website. This feature operates entirely within your browser — it modifies how images are displayed locally and does not collect, transmit, or store any data from the pages you visit.
2.4.4 Third-party requests
The extension makes a request to cdn.jsdelivr.net to load an open-source emoji picker component. This is a static resource fetch — no personal data is sent to this service. Standard HTTP request metadata (IP address, user agent) may be logged by the CDN provider as part of normal web traffic.
2.4.5 Permissions and why we need them
The extension requests the following browser permissions:
- Host access to OnlyFans — to inject fan CRM features (tags, notes, timer, emoji bar) into the OnlyFans interface
- Host access to app.swer.me — to sync data with your Swer account
- Host access to cdn.jsdelivr.net — to load the emoji picker component
- All URLs (content script) — required for Focus mode, which blurs images on any website. This script only applies CSS filters and does not read or collect any page data.
- Storage — to save preferences and cached data locally in your browser
- Context menus — to add right-click options for saving content to your vault or organiser
- Active tab — to interact with the currently active tab for content script features
- Side panel — to display the Copilot sidebar alongside web pages
- Notifications — to alert you when events occur (e.g. timer completion)
- Scripting — to inject content scripts that power OnlyFans-specific features
The extension does not collect browsing history, keystrokes, form data, or any data from pages you visit beyond what is described above.
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service | Contract performance |
| Processing payments and subscriptions | Contract performance |
| Sending account-related emails (verification, password reset) | Contract performance |
| Analytics and usage insights for your profile | Contract performance |
| Improving the Service and developing new features | Legitimate interest |
| Sending optional digest emails and milestone notifications | Consent (opt-out available) |
4. Analytics
Swer provides first-party analytics for your profile pages. This means:
- We do not use third-party tracking scripts (no Google Analytics, no Facebook Pixel)
- Visitor data is collected directly by our servers
- We do not sell or share visitor analytics data with any third party
- IP addresses are used for country-level geolocation only and are not stored long-term
The browser extension fetches an open-source UI component (emoji picker) from a public CDN (cdn.jsdelivr.net). This is not a tracking script — it is a static resource download with no user data transmitted.
5. Data Sharing
We do not sell your personal information. We share data only in the following circumstances:
- Service providers: Stripe (payments), email delivery services — only as necessary to provide the Service
- CDN provider: The browser extension loads a static UI component from jsdelivr.net. No personal data is shared, though standard HTTP request metadata (IP address, user agent) is transmitted as part of normal web requests.
- Public profile: Information you add to your profile page is publicly accessible by design
- Connections marketplace: If you opt in to the creator directory, your selected profile information is visible to other creators
- Legal requirements: When required by law, regulation, or legal process
6. Data Storage and Security
- Your data is stored on secure servers with encrypted connections (HTTPS/TLS)
- Passwords are hashed using industry-standard algorithms
- Sessions are managed with secure, HTTP-only cookies
- We implement access controls and regular security practices to protect your data
- Data stored locally by the browser extension (via
chrome.storage.local) is protected by Chrome's extension sandboxing and is only accessible to the Swer extension
7. Data Retention
We retain your data for as long as your account is active. When you delete your account:
- Your profile, content, analytics, and all associated data are permanently deleted
- Uploaded files are removed from our servers
- This process is irreversible
- Data cached locally by the browser extension (preferences, cached content) will persist in your browser until you uninstall the extension or manually clear extension data. This locally cached data cannot be used without an active Swer account.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and all associated data
- Export your data in a portable format
- Object to certain processing of your data
- Withdraw consent for optional communications at any time
You can exercise most of these rights directly from your account settings. For additional requests, contact us at [email protected].
9. Cookies
We use only essential cookies required for the Service to function:
- Session cookie: Keeps you logged in (HTTP-only, secure)
- CSRF token: Protects against cross-site request forgery
We do not use advertising cookies, tracking cookies, or any third-party cookies.
10. Children's Privacy
The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from someone under 18, we will delete it promptly.
11. International Data Transfers
Your data may be processed in countries other than your own. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
If you have any questions about this Privacy Policy or your data, please contact us at [email protected].