Data Controller: Swify.io
Contact: [email protected]
Customer Account Data
- Name
- Email address
- Billing information
- Communication history
Technical Data
- IP address
- Access logs
- Device information
Service-Related Data
- Server identifiers
- Usage statistics (non-intrusive)
Data Stored on Dedicated Servers
Swify.io does not access or monitor data hosted by customers unless explicitly instructed by the client or required by law.
We process personal data for the following purposes:
- Service provisioning and account management
- Technical support and communication
- Security monitoring and abuse prevention
- Legal, tax, and compliance obligations
Lawful bases under GDPR include:
- Contract performance (service provisioning, billing, support)
- Legitimate interest (security, fraud prevention)
- Legal obligation (tax and regulatory requirements)
- Account and billing data: retained for 7 years after contract termination (legal requirement)
- Technical logs: retained for 12 months
- Support tickets and communication: retained for 3 years
Swify.io uses minimal cookies strictly necessary for the functioning and security of our services.
Types of cookies used:
- Essential cookies – required for login, account access, and core functionality
- Security cookies – used by Cloudflare for anti-bot protection, DDoS mitigation, and network security
We do not use tracking, marketing, or advertising cookies.
The DPA forms part of the service contract between Swify.io (Processor) and the Customer (Controller) for personal data processed via dedicated servers.
- Subject: processing of personal data stored or transmitted through servers provided by Swify.io
- Duration: valid for the entire duration of the service contract between Swify.io and the customer
- Customer account data (name, email, billing)
- Data stored by the customer on servers (content not known to Swify.io)
Swify.io agrees to:
- Process personal data solely under documented instructions from the customer
- Implement industry-standard technical and organizational security measures
- Ensure staff confidentiality and access control
- Notify the customer of data breaches without undue delay (within a maximum of 48 hours after confirmation)
- Assist the customer in handling GDPR data subject requests, where applicable
- Delete or return personal data upon contract termination, in accordance with agreed procedures
Swify.io may use the following sub-processors:
- Cloudflare – DDoS protection, DNS, and security services
- Datacenter providers in the Netherlands, Switzerland, and Bulgaria
Swify.io maintains an internal Record of Processing Activities as required by GDPR.
Customer Account
- Data: name, email, billing information
- Purpose: provide services, manage billing and contracts
- Retention: 7 years
- Legal basis: contract and legal obligation
- Location: Portugal
Technical Logs
- Data: IPs, access logs
- Purpose: security, troubleshooting, service integrity
- Retention: 12 months
- Legal basis: legitimate interest
- Location: Netherlands / Switzerland / Bulgaria
Service Data
- Data: server identifiers, operational metadata
- Purpose: service operation and infrastructure management
- Retention: duration of the contract
- Legal basis: contract
- Location: Netherlands / Switzerland / Bulgaria
Support
- Data: support tickets, email communications
- Purpose: support operations and service quality
- Retention: 3 years
- Legal basis: contract
- Location: Portugal
Swify.io implements technical and organizational measures to protect personal data.
- Physical security at datacenters (24/7 surveillance, controlled access)
- Network segmentation and isolation
- Firewalls and intrusion prevention systems
- DDoS protection through Cloudflare
- Encrypted administration channels (SSH, VPN)
- Role-based access control
- Multi-factor authentication for administrative systems
- Logging and monitoring of access events
- Encryption in transit (TLS)
- Customer-controlled encryption at rest where applicable
- Secure backup processes if funded or requested by the customer
- Staff under confidentiality agreements and regular security training
Swify.io maintains an incident response and breach notification process.
- Automated monitoring tools
- Log analysis and anomaly detection
- Alerts from datacenter providers or Cloudflare
- Low – minor service issue
- Medium – suspected security anomaly
- High – confirmed security incident or data breach
- Isolate affected systems
- Investigate scope, root cause, and impact
- Notify the affected customer(s) without undue delay (maximum 48 hours after confirmation)
- Provide details, recommended mitigation steps, and follow-up actions
If required by law, Swify.io will notify the Portuguese Data Protection Authority (CNPD) of relevant incidents.
Post-incident, we perform a review to improve controls and prevent recurrence.
Personal data may be processed in datacenters located in:
- Netherlands
- Switzerland
- Bulgaria
All locations follow strict data protection standards, and where applicable, transfers comply with GDPR safeguards.
You have the following rights regarding your personal data:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise these rights, contact us at: [email protected]
If you have questions about our GDPR compliance, data protection practices, or wish to request a signed DPA, you can contact:
Email: [email protected]