Last updated: July 10, 2026
This privacy notice for Swytch BV ("Swytch," "we," "us," or "our") describes how and why we collect, store, use, and share ("process") your information when you use our services ("Services"), including when you:
- Visit https://getswytch.com or any of our websites that link to this notice;
- Use the Swytch distributed caching software, Swytch Cloud control plane, APIs, SDKs, CLI tools, or documentation;
- Create an account, purchase credits, or interact with us commercially; or
- Engage with us in other related ways, including sales, marketing, support, or events.
Questions or concerns? Reading this notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have any questions, please contact us at privacy@getswytch.com.
Summary of Key Points
What personal information do we process? When you visit, use, or interact with our Services, we may process personal information depending on how you interact with Swytch, the choices you make, and the features you use. See Section 1 to learn more.
Do we process sensitive personal information? We do not process sensitive personal information.
Do we receive information from third parties? We may receive limited information from authentication providers (such as GitHub or Google) if you choose to sign in with a third-party account. We do not purchase personal data from data brokers.
How do we process your information? We process your information to provide and improve our Services, communicate with you, ensure security, and comply with the law. See Section 2 to learn more.
With whom do we share personal information? We share information only with service providers who assist us in operating the Services, and only as described in this notice. See Section 4 to learn more.
How do we keep your information safe? We implement industry-standard organizational and technical security measures. However, no electronic transmission or storage technology is 100% secure. See Section 6 to learn more.
What are your rights? Depending on your location, applicable privacy law may grant you specific rights regarding your personal information. See Section 8 to learn more.
How do you exercise your rights? The easiest way to exercise your rights is to email us at privacy@getswytch.com. We will respond to any request in accordance with applicable data protection laws.
Table of Contents
- What Information Do We Collect?
- How Do We Process Your Information?
- What Legal Bases Do We Rely On?
- When and With Whom Do We Share Your Personal Information?
- How Long Do We Keep Your Information?
- How Do We Keep Your Information Safe?
- Do We Collect Information from Minors?
- What Are Your Privacy Rights?
- Swytch Cloud and Zero-Knowledge Architecture
- International Data Transfers
- Do California Residents Have Specific Privacy Rights?
- Do We Make Updates to This Notice?
- How Can You Contact Us About This Notice?
- How Can You Review, Update, or Delete Your Data?
1. What Information Do We Collect?
Personal information you provide to us
In short: We collect personal information that you voluntarily provide to us.
We collect personal information that you provide when you create an account, purchase credits, request support, or otherwise interact with us. This may include:
- Name
- Email address
- Billing address
- Company name and role
- Contact preferences
Payment Data. We collect data necessary to process payments, such as your payment instrument number and associated security code. All payment data is stored and processed by our payment processor, Stripe. You can review their privacy notice at https://stripe.com/en-nl/privacy. We do not store your full payment card details.
Sensitive Information. We do not process sensitive personal information.
All personal information you provide must be true, complete, and accurate. Please notify us of any changes to your personal information.
Information automatically collected
In short: We automatically collect certain technical information when you use our Services.
When you access or use our Services, we may automatically collect:
- Log and Usage Data. Server logs, access times, pages or endpoints viewed, IP address, and referring URL. For the Swytch Cloud control plane, this includes cluster coordination metadata such as node count, configuration events, and aggregate throughput metrics.
- Device and Browser Data. Browser type, operating system, device identifiers, and language preferences (for web-based interactions only).
- Telemetry Data. If you use the Swytch software with telemetry enabled, we may collect aggregated, non-personally-identifiable performance metrics such as cache hit rates, eviction counts, replication latency, and error rates. Telemetry can be disabled in your configuration.
What we CANNOT read from your cache. The Swytch data plane runs in your infrastructure. We cannot read the keys, values, or contents of your cached data: where cached data is handled or stored by the Cloud Service, it is encrypted with keys that only you control, and we have no ability to decrypt it. See Section 9 for details on our zero-knowledge architecture.
Cookies and similar technologies
We use strictly necessary cookies to operate the Site and the account dashboard — for example, session cookies for authentication and security. These do not require consent under EU law. We do not use third-party advertising or cross-site tracking cookies. If we introduce analytics cookies that are not strictly necessary, we will request your consent through a cookie banner before setting them.
Information from third parties
If you authenticate using a third-party provider (such as GitHub or Google), we may receive your name, email address, and profile identifier from that provider, subject to your privacy settings with them. We do not receive your password from third-party providers.
2. How Do We Process Your Information?
In short: We process your information to provide, improve, and secure our Services, to communicate with you, and to comply with the law.
We process your personal information for the following purposes:
- Account management. To create and maintain your account, authenticate your identity, and manage your credit balance and purchases.
- Service delivery. To provide you with the Services, including Swytch Cloud coordination, license validation, and access to documentation and tools.
- Billing and payments. To process payments, manage invoices, and handle refunds or disputes.
- Support. To respond to your inquiries and provide technical support.
- Communications. To send administrative notices, security alerts, product updates, and (with your consent) marketing communications.
- Security and fraud prevention. To monitor for suspicious activity, prevent abuse, and protect the integrity of our Services.
- Improvement and analytics. To analyze usage patterns and telemetry data (in aggregate) to improve performance, reliability, and user experience.
- Legal compliance. To comply with applicable laws, regulations, legal processes, or government requests.
- Vital interests. To protect your vital interests or those of a third party, such as in situations involving potential threats to safety.
3. What Legal Bases Do We Rely On to Process Your Personal Information?
In short: We only process your personal information when we have a valid legal basis to do so.
If you are in the EU or UK
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the legal bases for processing your personal information. We rely on the following:
- Contract performance. Processing necessary to fulfill our contractual obligations to you, including providing the Services, managing your account, and processing payments.
- Legitimate interests. Processing necessary for our legitimate business interests, provided those interests do not override your fundamental rights. This includes analyzing usage to improve our Services, ensuring security, and conducting business operations.
- Legal obligations. Processing necessary to comply with applicable laws and regulations.
- Consent. Where we rely on your consent (for example, for marketing communications), you may withdraw consent at any time by contacting us or using the unsubscribe mechanism provided.
- Vital interests. Processing necessary to protect someone's vital interests.
If you are in Canada
We may process your information with your express or implied consent, which you can withdraw at any time. In limited cases, we may process your information without consent where permitted by applicable law, such as for fraud prevention or legal compliance.
4. When and With Whom Do We Share Your Personal Information?
In short: We share information only with specific categories of service providers and only as necessary.
We may share your data with third-party vendors, service providers, and contractors ("third parties") who perform services on our behalf. We maintain contracts with these parties that require them to protect your data and use it only as instructed.
Categories of third parties:
- Cloud infrastructure providers (for hosting the Swytch Cloud control plane across EU regions)
- Payment processors (Stripe)
- Customer support tools
- Email and communication platforms
- Analytics and monitoring services (aggregated, non-personal data only)
- Accounting and invoicing tools
We also may share your information in these situations:
- Business transfers. In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
- Legal requirements. Where required by law, court order, or governmental authority.
- Protection of rights. Where necessary to enforce our Terms, protect our rights or safety, or protect the rights or safety of others.
We do not sell your personal information. We have not sold personal information in the past and will not do so in the future.
5. How Long Do We Keep Your Information?
In short: We keep your information for as long as necessary to fulfill the purposes described in this notice, unless a longer retention period is required by law.
We retain your personal information for as long as your account is active or as needed to provide the Services. When you close your account, we will delete or anonymize your personal information within a reasonable period, except where we are required to retain it for legal, tax, or audit purposes. In particular, Dutch tax law requires us to retain invoices and related billing records for seven (7) years.
Telemetry and usage data is retained in aggregate form and is not associated with your personal identity after anonymization.
6. How Do We Keep Your Information Safe?
In short: We implement industry-standard security measures to protect your data.
We have implemented appropriate technical and organizational security measures, including:
- Encryption in transit (TLS/mTLS) and at rest
- Access controls and authentication for internal systems
- Regular security assessments
- Infrastructure isolation and monitoring
However, no electronic transmission over the internet or storage technology can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You should access the Services only within a secure environment.
7. Do We Collect Information from Minors?
In short: We do not knowingly collect data from or market to anyone under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that we have collected personal information from a user under 18, we will take reasonable measures to promptly delete such data. If you become aware of any such data, please contact us at privacy@getswytch.com.
8. What Are Your Privacy Rights?
In short: Depending on your location, you may have specific rights regarding your personal information.
If you are in the EEA, UK, or Switzerland
Under the GDPR and related laws, you have the right to:
- Access your personal data and obtain a copy
- Rectify inaccurate or incomplete personal data
- Erase your personal data (the "right to be forgotten")
- Restrict the processing of your personal data
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interests
- Withdraw consent at any time, where processing is based on consent
To exercise these rights, contact us at privacy@getswytch.com. We will respond within the timeframes required by applicable law (generally 30 days under the GDPR).
If you believe we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection supervisory authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl). A directory of EU data protection authorities is available at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Account information
You may review or update your account information at any time by logging into your account settings or by contacting us. Upon your request to terminate your account, we will deactivate or delete your account and information from our active systems. We may retain certain information as required by law or for legitimate business purposes.
9. Swytch Cloud and Zero-Knowledge Architecture
In short: Swytch Cloud is designed so we never see your data.
Swytch Cloud is a zero-knowledge control plane. It coordinates your Swytch cluster's behavior — helping nodes optimize their configuration, resolve consistency decisions, and improve throughput — without the ability to read the contents of your cache.
What this means for your privacy:
- Your cached data (keys, values, application data) is encrypted with keys that only you hold. Swytch Cloud cannot decrypt or read it — including any encrypted data handled or stored by the Cloud Service on your behalf.
- The control plane receives only coordination metadata: node identifiers, cluster topology information, heartbeats, configuration parameters, and aggregate performance metrics.
- Communication between your cluster and the control plane is encrypted using mutual TLS (mTLS) with a two-CA trust model.
- Enterprise customers who self-host the control plane retain full control over all coordination data.
This architecture is a core design principle, not a feature that can be toggled. Your data stays yours.
10. International Data Transfers
Swytch BV is based in the Netherlands. The Swytch Cloud control plane is hosted across multiple EU regions.
If you access the Services from outside the EU, your interactions with the Site (such as account information and support requests) may involve transferring data to the EU. We rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, where required.
For enterprise customers with specific data residency requirements, we can accommodate data processing within designated EU regions under a separate agreement.
11. Do California Residents Have Specific Privacy Rights?
In short: Yes, California residents have specific rights under the CCPA/CPRA.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.
Your rights include:
- The right to know what personal information we collect, use, and disclose
- The right to request deletion of your personal information
- The right to correct inaccurate personal information
- The right to opt out of the sale or sharing of personal information (we do not sell or share personal information)
- The right to non-discrimination for exercising your privacy rights
Categories of personal information we collect:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, IP address, account name | Yes |
| Customer Records | Name, contact information, payment information | Yes |
| Commercial information | Transaction history, credit purchases, usage details | Yes |
| Internet activity | Log data, usage metrics, pages visited | Yes |
| Geolocation data | Approximate location derived from IP address | Yes |
| Professional information | Company name, job title | Yes, if provided |
| Sensitive personal information | — | No |
We retain collected personal information for as long as the user has an active account with us, plus any retention period required by law.
We do not sell or share personal information as defined under the CCPA/CPRA. We have not done so in the preceding twelve (12) months.
To exercise your rights, contact us at privacy@getswytch.com. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf, provided they submit valid proof of authorization.
12. Do We Make Updates to This Notice?
In short: Yes, we update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by the "Last updated" date at the top. If we make material changes, we will notify you by prominently posting a notice on our Site or by sending you a direct notification. We encourage you to review this notice periodically.
13. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may contact us at:
Swytch BV Jacob Cabeliaustraat 8 Utrecht, 3554VG Netherlands KvK: 42061454 VAT: NL869530355B01
Email: privacy@getswytch.com
For data protection inquiries within the EU, you may also contact our data protection point of contact at the same address.
14. How Can You Review, Update, or Delete the Data We Collect from You?
You have the right to request access to, correction of, or deletion of your personal information. To make such a request, please contact us at privacy@getswytch.com or through your account settings.
We will respond to your request in accordance with applicable data protection laws.
Sub-Processors
We maintain a list of sub-processors who process personal data on our behalf. This list is available upon request. If you are an enterprise customer operating under a Data Processing Agreement, we will notify you of any changes to our sub-processor list in accordance with that agreement.