Privacy Policy
My Swiftly Inc. ("Swiftly", "we", "our", or "us") operates an artificial intelligence platform providing voice agents, chat agents, and video agents for businesses and agencies (the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Platform, visit our website at swiftly.ai, or interact with any of our services. By using Swiftly, you agree to the collection and use of information in accordance with this policy.
1. Who This Policy Covers
This policy applies to all direct account holders, agency operators using Swiftly under the Lift, Ascend, or Apex plans, subaccount users created and managed by agency operators, and end users who interact with AI agents deployed by Swiftly customers through any channel including voice, chat, and video.
2. Age Requirement
The Platform is restricted to users who are 18 years of age or older. By creating an account, you represent and warrant that you are at least 18 years old. Age is confirmed through an attestation checkbox at the time of registration. End users interacting with AI agents deployed by Swiftly customers are the sole compliance responsibility of the operator who deployed the agent.
3. Information We Collect
3.1 Information You Provide Directly
- Account registration information including name, email address, business name, and contact details.
- Payment information processed through Stripe. My Swiftly Inc. does not store full card numbers. All payment data is handled by Stripe in compliance with PCI-DSS standards.
- Content you create on the Platform including agent configurations, scripts, workflows, and knowledge base materials.
- Communications you send us through support channels, feedback forms, and email correspondence.
3.2 Information Collected Automatically
- Usage data including features accessed, session duration, and interaction logs.
- Device and browser information including IP address, browser type, operating system, and referring URLs.
- Call recordings, transcripts, and metadata from voice agent interactions processed through our telephony and voice synthesis providers.
- Chat conversation logs from agents deployed across SMS, WhatsApp, Facebook Messenger, Instagram Direct, and website chat channels.
- Video session data from SwiftStream video agent interactions including session recordings and interaction metadata.
- Cookies and similar tracking technologies as described in Section 9.
3.3 Information From Third-Party Integrations
The Platform relies on third-party providers including but not limited to providers of voice synthesis, video generation, telephony, payment processing, and language model inference. Swiftly may add, remove, or substitute providers at any time. A current Subprocessor List is maintained at swiftly.ai/subprocessors and is updated independently of this Privacy Policy. Each integration is governed by both this policy and the applicable third-party privacy policy.
3.4 Biometric Information
Some Platform features process biometric or biometric-derived data. These include voice clones created through our voice synthesis providers and avatar clones (visual replicas) created through our video generation providers. Voiceprints, facial geometry data, and other biometric identifiers derived from material you upload for cloning are treated as sensitive personal information and are subject to additional protections.
- Consent. Operators may only upload voice or likeness samples for cloning where the individual depicted has provided informed written consent. Operators are solely responsible for obtaining, documenting, and retaining that consent.
- Use limitation. Cloned voices and avatars are used solely to render output for the operator's deployed agents. Swiftly does not use biometric identifiers to train general-purpose models, sell or rent biometric data, or share biometric identifiers with third parties except subprocessors strictly necessary for synthesis.
- Retention. Biometric identifiers and the underlying training samples are retained for the active life of the clone. On clone deletion or account closure, biometric identifiers are deleted within 30 days, subject only to legal hold obligations.
- State-specific rights. Residents of Illinois (BIPA), Texas (CUBI), Washington (RCW 19.375), and other jurisdictions with biometric-specific statutes may exercise the rights granted under those statutes, including access, correction, and deletion. Submit requests to [email protected].
4. How We Use Your Information
4.1 General Use
- To provide, operate, and maintain the Swiftly Platform and all features within it.
- To process payments and manage subscriptions through Stripe.
- Swiftly may store, process, and analyze conversations, recordings, transcripts, and metadata to operate, maintain, secure, and improve the Platform.
- Users grant Swiftly a worldwide, royalty-free, non-exclusive license to use anonymized and aggregated data for product improvement.
- To send service-related communications including account confirmations, usage alerts, and product updates.
- To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
- To comply with applicable legal obligations and respond to valid legal process.
4.2 AI Model Training
Swiftly does not use customer content — including agent configurations, knowledge base files, call recordings, transcripts, chat logs, video session data, or biometric identifiers — to train any general-purpose foundation model owned by Swiftly or any third party. The third-party language model, voice synthesis, and video generation providers listed in our Subprocessor List are contractually prohibited from using customer content routed through their APIs to train their models.
Swiftly may use aggregated and de-identified usage signals (such as feature adoption rates, latency benchmarks, and error patterns stripped of any direct or indirect identifier) for product improvement and Platform optimization. Aggregated and de-identified data is not personal information under this policy.
5. Your Consent Obligations as an Operator
Users are solely responsible for obtaining all required consents from end-users prior to recording, transcription, or AI processing of any interaction. My Swiftly Inc. is not responsible for an operator's failure to obtain required consents. Operators deploying agents in regulated industries including healthcare, financial services, and debt collection are solely responsible for compliance with applicable industry-specific regulations including HIPAA, Reg BI, and applicable state laws.
6. How We Share Your Information
- With subprocessors listed at swiftly.ai/subprocessors who are contractually required to protect your data and use it only as authorized.
- With subaccount operators who have access to interaction data collected through agents they manage within their accounts. Operators are required by our Terms of Service to maintain privacy practices compliant with applicable law.
- In connection with a merger, acquisition, bankruptcy, or asset sale where your data may transfer to the acquiring entity with notice provided where practicable.
- Where required by applicable law, court order, or valid legal process. My Swiftly Inc. does not sell, rent, or trade personal information to third parties for their marketing purposes.
7. Data Retention
Account data is retained for the duration of the active account relationship. Upon account closure, personal data is deleted within 30 days. Interaction logs, call recordings, and conversation data are retained for 12 months by default and may be configured for shorter retention through account settings. Certain data may be retained longer where required by applicable law or for fraud prevention purposes. Biometric identifiers are governed by the specific retention rule in Section 3.4.
8. Your Privacy Rights
8.1 California Residents — CCPA / CPRA
California residents have the right to know what personal information is collected about them, request deletion of their personal information, opt out of the sale or sharing of personal information (My Swiftly Inc. does not sell personal information), correct inaccurate personal information, and not be discriminated against for exercising these rights. A "Do Not Sell or Share My Personal Information" link is available in the website footer.
Sensitive Personal Information. Under the California Privacy Rights Act (CPRA), the following categories we may collect are treated as sensitive personal information: account credentials, precise geolocation (where provided), contents of communications routed through the Platform, and biometric identifiers used for voice or avatar cloning. California residents may exercise the right to limit use and disclosure of sensitive personal information by emailing [email protected]. Swiftly does not use sensitive personal information for purposes outside those permitted by Cal. Civ. Code § 1798.121(d).
To submit a CCPA/CPRA request, contact [email protected].
8.2 EEA and UK Residents — GDPR
EEA and UK residents have rights under GDPR Articles 13 and 14 including the right of access, rectification, erasure, restriction of processing, data portability, and the right to object to processing based on legitimate interests. A Data Processing Agreement (DPA) is available for download at swiftly.ai/dpa for B2B and agency users requiring it for their own compliance. Data Subject Access Requests (DSARs) may be submitted at swiftly.ai/dsar or by emailing [email protected].
8.3 Automated Decision-Making
AI agents deployed on the Platform generate output based on operator configurations and underlying language, voice, and video models. Where an operator deploys an agent in a manner that produces a decision having legal or similarly significant effects on an individual, the operator is the controller of that decision and is responsible for any rights granted under GDPR Article 22 or comparable law. Swiftly does not make automated decisions about users that produce legal or similarly significant effects on the basis of personal information collected through the Platform.
8.4 International Data Transfers
Personal data collected through the Platform may be processed in the United States and in other jurisdictions where our subprocessors operate. Where we transfer personal data of EEA, UK, or Swiss data subjects outside those regions, we rely on the European Commission's Standard Contractual Clauses (Module 2 or Module 3 as applicable), the UK International Data Transfer Addendum, and the Swiss Federal Data Protection and Information Commissioner's transfer mechanism. Where we transfer personal data of California residents, we apply CCPA-compliant contractual safeguards consistent with Cal. Civ. Code § 1798.140(ag). Copies of the executed transfer mechanisms applicable to your data may be requested by emailing [email protected].
9. Cookies
The Platform uses cookies and similar tracking technologies for session management, analytics, and user preference storage. A cookie consent banner is presented to all visitors upon their first visit. Users may manage and update cookie preferences through the consent banner at any time. Strictly necessary cookies required for Platform operation are exempt from consent requirements under applicable law.
10. Data Security
My Swiftly Inc. implements industry-standard security measures including TLS encryption for all data in transit, encryption of sensitive data at rest, role-based access controls limiting internal access to personal data, and regular security assessments. No method of internet transmission is 100% secure. My Swiftly Inc. cannot guarantee absolute security but maintains a commitment to protecting user data against unauthorized access, disclosure, alteration, or destruction.
10.1 Breach Notification
In the event of a confirmed personal data breach affecting your account, Swiftly will notify the email address on file without undue delay and, where the breach is reasonably likely to result in a risk to the rights and freedoms of natural persons, no later than 72 hours after we become aware of the breach. Notice will describe the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach. Operators acting as controllers for end-user data remain responsible for any onward notification obligation owed to their own end-users under applicable law.
11. HIPAA and Regulated Industries
Swiftly is not a HIPAA Business Associate. The Platform is not designed or offered for the creation, receipt, maintenance, or transmission of Protected Health Information (PHI) on behalf of a Covered Entity, and Swiftly will not execute a Business Associate Agreement. Operators are prohibited from configuring agents to elicit, store, or transmit PHI through the Platform. Operators in regulated industries — including healthcare, financial services subject to GLBA or Reg BI, debt collection subject to FDCPA, and consumer credit subject to FCRA — are solely responsible for verifying that their use of the Platform is compliant with applicable industry-specific regulation, and assume all risk and liability arising from such use.
12. Children's Privacy
The Platform is not directed at or intended for use by individuals under the age of 18. My Swiftly Inc. does not knowingly collect personal information from anyone under 18. If we become aware that personal data has been collected from a user under 18 without verifiable parental consent, we will delete that information promptly and terminate the associated account.
13. Changes to This Policy
My Swiftly Inc. reserves the right to update this Privacy Policy at any time. Material changes will be communicated by email to the address on file and by posting an updated policy at swiftly.ai/privacy with a revised effective date. Continued use of the Platform following the effective date of any material change constitutes acceptance of the updated policy.
14. Contact Us
For privacy questions, DSAR requests, or to exercise your rights under CCPA/CPRA, GDPR, BIPA, or any other applicable privacy law:
My Swiftly Inc.
Email: [email protected]
DSAR Portal: swiftly.ai/dsar
DPA Download: swiftly.ai/dpa
Subprocessor List: swiftly.ai/subprocessors