All Clothing Electronics Furniture Vehicles Sports Books & Media Kids   Gift Corner
Back to home

Privacy Policy

Last updated: March 2026

1. Introduction

Swappo ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website, mobile application (PWA), and associated services (collectively, the "Service").

This Privacy Policy complies with the United Arab Emirates Personal Data Protection Law (PDPL) and is informed by international data protection standards including GDPR principles.

2. Data Controller

Your data is controlled by Hannibal General Trading - L.L.C - S.P.C (Registry No. 6158841, Economic Licence No. CN-5592284), operating the Swappo platform (swappo.ae). We are registered with the Abu Dhabi Registration Authority (ADRA), Department of Economic Development, Abu Dhabi, UAE.

For any questions about your personal data, contact us at: ahmed.kridis@gmail.com or +971 503 017 675.

3. What Personal Data We Collect

3.1 Information You Provide Directly

  • Account Registration: Name, email address, password (stored as a cryptographic hash, never in plain text), optional phone number, profile photo
  • Location Data: GPS coordinates (latitude/longitude) to enable proximity-based search and item discovery — obtained via browser geolocation API
  • Photos & Uploads: Item photos, listing descriptions, and any content you upload to the platform
  • Chat & Messaging: All messages sent through the in-app chat system, including timestamps and metadata
  • Subscription Data: Subscription plan, billing history, swap quota usage, renewal dates, timestamps, payment method used
  • Ratings & Reviews: Star ratings and review text you leave for other users after exchanges
  • Payment Information: Payment method details (processed securely by Stripe; we do not store full credit card numbers)

3.2 Information Collected Automatically

  • Device Information: Device type (iOS, Android, browser), operating system, browser type and version, app version
  • Usage Data: Pages/features accessed, time spent on app, clicks, search queries, items viewed, listings created
  • IP Address & Network: IP address, Internet service provider, network type (WiFi, cellular)
  • Cookies & Local Storage: Session tokens, language preferences, PWA cache data, user preferences
  • Crash Reports: App crash logs, errors, and debugging information to improve stability
  • Analytics: User journey analytics, feature engagement, conversion funnels

3.3 Information from Third Parties

  • Payment Processors: Stripe provides transaction confirmation and fraud signals
  • AI Moderation Services: Google Vision or AWS Rekognition detect prohibited content in photos; we receive only the detection results (yes/no), not the processed images
  • Cloud Hosting: Supabase may log metadata about data access and API calls for security purposes

4. Purpose of Data Collection

4.1 Service Delivery

  • Create and manage your account
  • Facilitate swaps and exchanges between users
  • Process subscription payments and manage your plan
  • Enable in-app chat and messaging
  • Display items near you based on GPS location
  • Store and serve your uploaded photos and listings

4.2 Notifications & Communication

  • Send email notifications (new matches, messages, swaps completed, subscription renewals)
  • Send push notifications (if you grant permission) for important events
  • Send periodic newsletters or updates about Swappo features (you may opt out anytime)
  • Send account security alerts and password reset confirmations

4.3 Safety & Fraud Prevention

  • Detect and prevent fraud, scams, and unauthorized access
  • Scan photos for prohibited items (weapons, drugs, adult content, nudity) using AI
  • Identify duplicate or fake accounts
  • Monitor suspicious transactions or unusual activity patterns
  • Respond to user reports of abuse or violations

4.4 Analytics & Product Improvement

  • Analyze user behavior to understand how Swappo is used
  • Improve app performance, stability, and user experience
  • Identify popular categories, features, and user trends
  • A/B test new features and designs
  • Generate anonymized statistics for business reporting

4.5 Legal & Regulatory Compliance

  • Comply with UAE law and regulations (including e-commerce and taxation requirements)
  • Respond to legal requests, court orders, or government investigations
  • Enforce our Terms of Use and other agreements
  • Protect the rights, property, and safety of Swappo, users, and the public

5. Legal Basis for Processing

  • Contract: Processing necessary to provide the Service and manage your account (account management, swaps, subscriptions)
  • Consent: You consent to collection of GPS location data, push notifications, and analytics
  • Legal Obligation: Compliance with UAE laws, tax requirements, and law enforcement requests
  • Legitimate Interest: Fraud prevention, platform security, analytics, customer support, improving the Service

6. How We Share Your Data

6.1 Data Shared to Facilitate Exchanges

  • Other Users: Your identity (name, photo) is shared with other users ONLY after both parties accept a swap. Until then, you remain anonymous.
  • After Acceptance: Once both parties accept a swap, identities are automatically revealed. The other user can see your name, profile photo, and any information you choose to display.

6.2 Service Providers & Vendors

  • Payment Processing: Stripe (payment processor) — receives subscription and transaction data, email, and payment method details. Stripe does not receive item information. Stripe's privacy policy applies.
  • Cloud Hosting: Supabase (database and authentication) — stores all user account data, chat messages, and listings in the cloud. Supabase infrastructure is hosted on global cloud providers (AWS/Google Cloud). Data is encrypted in transit and at rest.
  • Content Moderation: Google Vision or AWS Rekognition (AI image detection) — receives photos you upload for analysis to detect weapons, drugs, nudity, and prohibited content. These services do not store your photos; they only return detection results (safe/unsafe).
  • Delivery Partners (Optional): If you opt in to Swappo delivery services (future feature), we may share name, phone, and address with logistics partners (e.g., Aramex, SMSA) to arrange delivery
  • Email Service: Transactional emails are sent via a third-party email provider (e.g., SendGrid, AWS SES)
  • Analytics: Non-personally-identifiable analytics (page views, user journeys) may be sent to Google Analytics or Mixpanel to understand usage patterns

6.3 Data NOT Shared

  • Swappo does NOT sell your personal data to advertisers, data brokers, or third parties for marketing
  • Swappo does NOT share your data with social media platforms (Facebook, Instagram, TikTok) unless you explicitly authorize integration
  • Swappo does NOT share credit card details with anyone (Stripe is PCI compliant and encrypted)
  • Swappo does NOT share chat messages with third parties, except as required by law

6.4 Legal Requirements

  • We may disclose your personal data if required by law, court order, or government request (law enforcement, tax authorities, etc.)
  • We will notify you of legal requests unless prohibited by law

7. Data Retention

7.1 Active Account Data

  • Account information (name, email, phone, password) is retained while your account is active
  • Listings and photos are retained as long as you keep them on the platform
  • Chat messages are retained until either party deletes the conversation or account is deleted
  • Subscription and billing history are maintained for the duration of your account
  • Ratings and reviews are retained for 5 years (legal requirement for business records)

7.2 After Account Deletion

  • When you request to delete your account, your personal data is deleted within 30 days
  • Account name, email, and authentication data are permanently removed
  • Photos and uploaded content are permanently deleted from servers
  • Chat messages are deleted (except where legally required to retain)
  • Device tokens and session cookies are invalidated immediately

7.3 Legal Retention Requirements

  • Transaction records (subscription payments, payment confirmations) are retained for 5 years to comply with UAE tax law and financial reporting requirements
  • IP addresses and device logs are retained for up to 90 days for security and fraud investigation
  • User reports and dispute records may be retained for up to 2 years for evidence purposes

8. Location Data (GPS)

  • Collection: Location is obtained via browser/app geolocation API (you grant permission in your device settings)
  • Storage: Your GPS coordinates are NOT permanently stored in our database. Only the location search radius is saved (e.g., "show items within 5 km")
  • Usage: Location is used in real-time to search for nearby items and calculate distance at time of search
  • Revocation: You can revoke location permission anytime in your device settings
  • Accuracy: We use OpenStreetMap Nominatim for reverse geocoding to understand general area (e.g., "Downtown Dubai") but do not pinpoint your exact home address

9. Cookies & Local Storage

See our separate Cookie Policy for detailed information on cookies used by Swappo.

9.1 Essential Cookies

  • Session authentication tokens
  • Language preference (English/Arabic/Français/اردو)
  • PWA offline mode cache

9.2 Functional Cookies

  • Search preferences (radius, category filters)
  • Last viewed items or listings
  • User interface preferences (dark mode, font size)

9.3 Analytics Cookies

  • Google Analytics tracking (if enabled) to measure page views, user journey, feature usage

You may disable non-essential cookies by using our cookie consent banner or your browser settings. However, disabling essential cookies will prevent the app from functioning.

10. Your Privacy Rights

10.1 Right to Access

  • You can request a copy of all personal data we hold about you
  • Request: Email support@swappo.ae with subject "Data Access Request" or use in-app Privacy Center
  • Response time: 14 days

10.2 Right to Rectification

  • You can correct or update your personal data (name, email, phone)
  • Edit via: Settings → Profile → Edit Information
  • Changes take effect immediately

10.3 Right to Erasure (Right to be Forgotten)

  • You can request deletion of your account and all personal data
  • Request: Settings → Account → Delete Account (triggers 30-day deletion window)
  • After 30 days, all data is permanently deleted (except legal records retained for 5 years)

10.4 Right to Data Portability

  • You can request your data in a machine-readable format (CSV, JSON) for transfer to another service
  • Request: Email support@swappo.ae with subject "Data Portability Request"
  • Response time: 14 days

10.5 Right to Object

  • You can object to marketing emails or analytics tracking
  • Unsubscribe: Click "Unsubscribe" link in marketing emails
  • Opt out of analytics: Privacy Center → Disable Analytics Cookies

10.6 Right to Withdraw Consent

  • You can withdraw consent to GPS location, push notifications, or marketing emails at any time
  • Settings → Privacy & Permissions
  • Withdrawal takes effect immediately

11. Children's Privacy

Swappo is not intended for individuals under 18 years of age (or the legal age of majority in the UAE). We do not knowingly collect personal data from children. If we discover that a child has created an account, we will delete the account and all associated data immediately. If you have concerns about a child using Swappo, contact support@swappo.ae.

12. International Data Transfers

  • Supabase Cloud: Data is hosted on AWS/Google Cloud infrastructure, which may be located in regions outside the UAE (US, EU, or other global locations)
  • Google Vision / AWS Rekognition: Photo analysis may occur in cloud regions outside the UAE
  • Stripe: Payment processing occurs in the US but is PCI compliant and encrypted
  • Google Analytics: Analytics data is transferred to Google servers outside the UAE

Data is protected during transfer via encryption (HTTPS/TLS) and complies with UAE data protection standards. By using Swappo, you consent to international data transfers necessary to provide the Service.

13. Data Security

13.1 Encryption

  • All data in transit is encrypted using TLS 1.2+ (HTTPS on all pages)
  • Sensitive data at rest (passwords, authentication tokens) is encrypted or hashed
  • Database connections are encrypted

13.2 Password Security

  • Passwords are never stored in plain text
  • Passwords are hashed using bcrypt or similar strong algorithms
  • We cannot recover your password; you must reset it via email if forgotten

13.3 Access Controls

  • Only authorized Swappo staff can access personal data, with strict role-based access control
  • API endpoints require authentication and authorization checks
  • Service providers are bound by data processing agreements (DPAs)

13.4 Monitoring & Incident Response

  • We monitor for unauthorized access attempts, intrusions, and data breaches
  • If a data breach occurs, we will notify affected users within 72 hours (per UAE PDPL requirements) via email and in-app notification
  • We will provide guidance on steps to protect your account

13.5 Limitations

  • No security system is 100% secure. While we use industry best practices, we cannot guarantee complete protection against all threats
  • You are responsible for maintaining the confidentiality of your password and account access

14. Third-Party Links & Services

Swappo may contain links to third-party websites or services (payment providers, OpenStreetMap, etc.). This Privacy Policy applies only to Swappo. We are not responsible for the privacy practices of linked sites. Review their privacy policies before providing information.

15. Changes to This Privacy Policy

Swappo may update this Privacy Policy at any time. Changes will be notified via:

  • Email to your registered account email address
  • In-app notification upon next login
  • Updated "Last Updated" date on this page

Continued use of Swappo after changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may delete your account.

16. Data Protection Officer (DPO)

Questions or concerns about data privacy? Contact our Data Protection Officer:

17. Complaint & Dispute Resolution

  1. Contact Swappo support: support@swappo.ae
  2. We will investigate within 14 days and respond with findings
  3. If unresolved, you may lodge a complaint with UAE data protection authorities (Office of Data Protection, General Directorate of Residency and Foreigners Affairs)

18. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of the United Arab Emirates, including:

  • UAE Federal Decree Law No. 14/2023 on E-Commerce
  • UAE Federal Law No. 15/2020 on Consumer Protection
  • UAE Personal Data Protection Law (PDPL)

Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the Courts of Abu Dhabi, UAE.

19. Contact Information

  • Email: ahmed.kridis@gmail.com
  • Phone: +971 503 017 675
  • Support: support@swappo.ae
  • In-App: Settings → Privacy & Support → Contact
  • Address: Hannibal General Trading - L.L.C - S.P.C, Abu Dhabi, UAE

By using Swappo, you acknowledge that you have read and understood this Privacy Policy.