Privacy Policy of SWOT (Learn Smart, Stay Ahead)

Last updated: August 10, 2025

Welcome to SWOT, your premier intelligent study companion meticulously designed to empower learners to study smarter, remain motivated, and achieve continuous academic improvement through personalized tools, resources, and analytics. At SWOT (hereinafter referred to as "We," "Us," "Our," or the "Company"), an entity duly organized and existing under the laws of Belgium, with its principal place of business located in Belgium, Your privacy is of paramount importance. This Privacy Policy (the "Policy") constitutes a legally binding document that comprehensively delineates the types of personal data We collect, the purposes for which We collect and process such data, the mechanisms by which We use, store, and share it, and the rights You, the end-user (hereinafter referred to as "You," "User," or "Data Subject"), possess under the General Data Protection Regulation (GDPR) (EU) 2016/679, the Belgian Data Protection Act, and other applicable privacy laws (collectively, "Applicable Laws"). By accessing, downloading, installing, browsing, or otherwise utilizing the SWOT platform, including its website, mobile applications, or any associated digital services (collectively, the "App" or "Services"), You expressly acknowledge and consent to the collection, processing, storage, and use of Your personal data as described herein. Your use of the App or Services in any manner whatsoever constitutes Your unequivocal acceptance of this Policy in its entirety. If You do not agree with any provision of this Policy, You must immediately cease all use of the App and Services and delete any copies thereof from Your devices. This Policy is incorporated by reference into Our Terms of Service, and Your compliance with both is required to use the App or Services.

1. Who Are We?

SWOT is a sophisticated digital learning platform engineered to support students, educators, and other learners in organizing study materials, setting personalized learning objectives, applying advanced study strategies, and tracking academic progress in a highly tailored and efficient manner. As the Data Controller, We are responsible for ensuring that Your personal data is processed in strict compliance with Applicable Laws. Our contact details are as follows:

Company Name: SWOT
Website: swot.app
Email: charles.degraeuwe@icloud.com
Data Controller: SWOT, operating under Belgian and EU law
Registered Address: [To be provided upon request, subject to verification]

We reserve the right to update Our contact details or corporate structure without prior notice, provided such changes are reflected on Our website or communicated through other reasonable means.

2. Scope of This Policy

This Policy applies to all individuals and entities who access, interact with, or otherwise use the App or Services, including but not limited to students, educators, parents, guardians, and any other visitors or users, whether through Our website, mobile applications, or other digital or ancillary services provided by Us (collectively, "Users"). This Policy governs the collection, processing, storage, and use of Your personal data in connection with Your use of the App or Services, regardless of the method or medium of access. By using the App or Services, You acknowledge that You are subject to this Policy and Our Terms of Service, and You agree to comply with all obligations set forth herein.

3. Categories of Data We Collect

In providing the App and Services, We collect and process various categories of personal data to facilitate the functionality, performance, and improvement of Our offerings. The types of data We collect are detailed below:

3.1 Data You Voluntarily Provide

When You register for, interact with, or use the App or Services, You may voluntarily provide Us with the following types of personal data:

Full name or pseudonym;
Email address;
Profile details, including but not limited to school name, education level, study interests, academic goals, and preferences;
Account credentials, such as passwords, which are securely hashed and stored via Firebase Authentication;
User-generated study content, including but not limited to notes, flashcards, SWOT analyses, quizzes, study plans, and learning goals;
Communications, including support tickets, feedback, survey responses, inquiries, and any other correspondence submitted to Us;
Any additional information You voluntarily provide, such as preferences, settings, or optional profile data.

You represent and warrant that all data You provide is accurate, current, and complete, and You agree to promptly update such data as necessary. You further acknowledge that providing false, inaccurate, or incomplete data may result in suspension or termination of Your Account, as set forth in Our Terms of Service.

3.2 Data Collected Automatically

To enhance the functionality, performance, security, and analytics of the App and Services, We automatically collect certain data when You interact with Our platform, including:

Internet Protocol (IP) address;
Device information, including device type, model, manufacturer, and unique device identifiers;
Browser information, including browser type, version, and settings;
Operating system and screen resolution;
Session and interaction logs, including page views, clicks, navigation patterns, and time spent on the App;
Time and date of access, including time zone information;
Firebase-generated anonymous user identifiers;
Geolocation data (if enabled, with Your explicit consent);
Performance metrics, such as load times, error rates, and crash reports;
Other technical data necessary to maintain and improve the App and Services.

You acknowledge that the collection of such data is necessary for the operation and optimization of the App and Services, and You consent to such collection as a condition of Your use, consent can be withdrawn at any time by deleting Your account.

3.3 Data from Third Parties

If You choose to log in or register using third-party authentication services (e.g., Google or Apple), We may receive limited personal data from such third parties, subject to Your explicit consent and authorization. Such data may include:

Name or display name;
Email address;
Profile image or avatar;
Other limited profile information provided by the third-party service, as permitted by Your settings.

We process such third-party data in accordance with this Policy and the terms of the respective third-party service provider. You are responsible for reviewing the privacy policies of such third parties to understand their data-sharing practices.

4. Purposes and Legal Bases for Data Processing

We collect and process Your personal data for specific, legitimate purposes necessary to provide, maintain, and improve the App and Services, as well as to comply with Applicable Laws. The following table outlines the purposes for which We process Your data and the corresponding legal bases under GDPR:

Purpose	Legal Basis	Explanation
User authentication and account management	Contractual necessity (GDPR Art. 6(1)(b))	To create, secure, and manage Your SWOT Account, enabling access to personalized features and Services.
Personalized learning experience	Legitimate interest (GDPR Art. 6(1)(f)) / Consent (GDPR Art. 6(1)(a))	To tailor study recommendations, feedback, dashboards, and content based on Your preferences and usage patterns.
Analytics and service improvement	Legitimate interest (GDPR Art. 6(1)(f))	To analyze usage trends, monitor performance, and enhance the functionality, security, and user experience of the App and Services.
Customer support and communication	Contractual necessity (GDPR Art. 6(1)(b))	To respond to Your inquiries, support tickets, or feedback, and to provide effective assistance.
Marketing and promotional activities	Consent (GDPR Art. 6(1)(a))	To send newsletters, promotional offers, or updates, only with Your explicit opt-in consent, which You may withdraw at any time.
Legal and regulatory compliance	Legal obligation (GDPR Art. 6(1)(c))	To comply with applicable tax, audit, data protection, or other legal requirements under Belgian and EU law.
Security and fraud prevention	Legitimate interest (GDPR Art. 6(1)(f))	To detect, prevent, and mitigate security threats, fraud, or unauthorized activities affecting the App or Services.
Commercial and research purposes	Legitimate interest (GDPR Art. 6(1)(f))	To use anonymized or aggregated data for research, product development, or commercial purposes, including partnerships or monetization strategies.

You acknowledge and agree that the processing of Your personal data for these purposes is essential to the provision of the App and Services, and You consent to such processing as a condition of Your use. Where processing is based on consent, You may withdraw such consent at any time, as described in Section 10, although this may limit Your ability to use certain features or Services.

5. Use of Firebase Services

We utilize Firebase, a platform provided by Google LLC, to deliver reliable, secure, and scalable backend services for the App. Firebase services used include, but are not limited to:

Firebase Authentication: For secure user login, registration, and account management;
Cloud Firestore: For storing and managing Your study data, such as notes, flashcards, and goals;
Firebase Cloud Storage: For securely storing any files You upload, such as images or documents;
Firebase Analytics: For collecting anonymized insights into user behavior and platform performance (optional, with Your consent);
Firebase Cloud Messaging: For delivering optional notifications, such as reminders or updates (with Your consent);
Firebase Crashlytics: For monitoring and reporting technical issues to improve stability.

Firebase operates in compliance with GDPR and other Applicable Laws. Data processed through Firebase may be stored or processed in data centers located in the European Union, the United States, or other jurisdictions, subject to Standard Contractual Clauses (SCCs) or other approved data transfer mechanisms. For more information, please refer to the Firebase Privacy Policy. You acknowledge and consent to the processing of Your data by Firebase as described herein, and You agree to indemnify and hold Us harmless from any claims or losses arising from Firebase's processing of Your data in accordance with this Policy and Our Terms of Service.

6. Cookies and Tracking Technologies

We employ cookies, web beacons, pixel tags, and other tracking technologies (collectively, "Cookies") to enhance the functionality, performance, and analytics of the App and Services, as well as to deliver targeted advertising. The types of Cookies We use include:

Essential Cookies: Necessary for core functionality, such as user authentication, session persistence, and security;
Analytics Cookies: Collect anonymized data on user behavior to improve the App and Services;
Advertising Cookies: Enable targeted third-party advertisements based on Your interests and usage patterns;
Functional Cookies: Enhance user experience by remembering Your preferences and settings.

You may manage or disable Cookies through Your browser settings; however, blocking essential Cookies may impair or prevent access to certain features or Services. You acknowledge that the use of Cookies is integral to the operation of the App and consent to their use as described herein. We may share anonymized data collected via Cookies with third parties for analytical, marketing, or commercial purposes, and You waive any right to compensation or control over such data. For further details, please refer to Our Cookie Policy, available on Our website.

7. Data Retention Periods

We retain Your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with Applicable Laws. The following table provides typical retention periods for various data types:

Data Type	Retention Period
User account data (e.g., name, email)	Until You request deletion of Your Account or it is terminated under Our Terms of Service
Login and session history	Up to 60 days after Account deletion or termination
User-generated study content	Up to 12 months post-deletion (for potential recovery or legal purposes)
Support requests and communications	Up to 2 years after resolution
Anonymized analytics data	Up to 36 months, or longer if required for research or commercial purposes
Technical logs (e.g., IP addresses, crash reports)	Up to 90 days, unless required for security or legal compliance

Upon expiration of the applicable retention period, We may delete, anonymize, or securely archive Your data at Our sole discretion. You acknowledge that We may retain certain data indefinitely for legal, compliance, or business purposes, particularly in anonymized or aggregated form, and You waive any right to access or control such data.

8. Data Sharing and Third-Party Processors

We do not sell, rent, or lease Your personal data to third parties for monetary gain. However, We may share Your personal data with the following entities under strict contractual safeguards:

Firebase (Google LLC): For hosting, storage, authentication, and analytics services, as described in Section 5;
Trusted Service Providers: Including cloud infrastructure providers, payment processors (if applicable), analytics providers, and customer support platforms, all of whom are contractually bound to comply with GDPR and other Applicable Laws;
Legal and Regulatory Authorities: If required to comply with legal obligations, court orders, or governmental requests under Applicable Laws;
Business Partners: For commercial purposes, such as joint ventures or marketing campaigns, provided data is anonymized or aggregated unless You provide explicit consent;
Successors or Assigns: In the event of a merger, acquisition, reorganization, or sale of assets, Your data may be transferred to a successor entity, subject to GDPR-compliant safeguards.

All third-party processors are required to implement appropriate technical and organizational measures to protect Your data and process it solely for the purposes specified by Us. You agree to indemnify and hold Us harmless from any claims, losses, or damages arising from the actions or omissions of such third parties, provided they act in accordance with Our instructions and this Policy.

9. Data Security Measures

We implement robust technical, organizational, and administrative measures to safeguard Your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

End-to-end encryption using HTTPS (SSL/TLS) for data transmission;
Secure hashing and salting of passwords, ensuring they are never stored in plain text;
Role-based access control (RBAC) to limit internal access to Your data;
Daily encrypted backups stored in secure, GDPR-compliant data centers;
Advanced intrusion detection and anomaly monitoring systems;
Regular security audits, penetration testing, and vulnerability assessments;
Compliance with ISO 27001 and other relevant security standards, where applicable.

Despite these measures, You acknowledge that no system is entirely secure, and You assume all risks associated with providing personal data through the App or Services. We shall not be liable for any direct, indirect, incidental, or consequential damages resulting from a data breach or security incident, except in cases of Our gross negligence or willful misconduct, as determined by a court of competent jurisdiction.

10. Your GDPR and Privacy Rights

As a User residing in the European Union or European Economic Area (EEA), or otherwise subject to GDPR, You have the following rights regarding Your personal data, subject to applicable limitations and conditions:

Right to Access: Request a copy of the personal data We hold about You;
Right to Rectification: Correct or update inaccurate or incomplete data;
Right to Erasure ("Right to Be Forgotten"): Request deletion of Your personal data, subject to Our retention obligations under Applicable Laws;
Right to Restriction of Processing: Limit how We process Your data in certain circumstances;
Right to Data Portability: Receive Your data in a structured, commonly used, and machine-readable format for transfer to another controller;
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes;
Right to Withdraw Consent: Withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing;
Right to Lodge a Complaint: File a complaint with a supervisory authority, such as the Belgian Data Protection Authority.

To exercise any of these rights, please contact Us at privacy@swot.com. We will respond within thirty (30) days, or sooner if required by Applicable Laws. You acknowledge that exercising certain rights (e.g., erasure or restriction) may limit or prevent Your ability to use the App or Services. You agree to provide sufficient information to verify Your identity before We process any request, and We reserve the right to deny requests that are unfounded, excessive, or otherwise prohibited by Applicable Laws. You further agree to indemnify and hold Us harmless from any claims or losses arising from Your exercise of these rights, including any costs incurred in responding to such requests.

11. Minors and Parental Consent

The App and Services are not intended for use by individuals under the age of sixteen (16) without the explicit, verifiable consent of a parent or legal guardian. If We become aware that personal data of a minor under 16 has been collected without such consent, We will promptly delete such data and terminate the associated Account, in accordance with Our Terms of Service. Parents or guardians may contact Us at privacy@swot.com to request the removal of a minor's data or to provide consent. You acknowledge that We may require additional verification to process such requests, and We shall not be liable for any delays or refusals resulting from incomplete or unverifiable requests.

12. International Data Transfers

Your personal data may be processed or stored in jurisdictions outside the European Economic Area (EEA), such as the United States, where Our service providers (e.g., Firebase) operate data centers. In such cases, We ensure that all data transfers comply with GDPR requirements, including the use of Standard Contractual Clauses (SCCs), adequacy decisions, or other approved mechanisms. You expressly consent to the transfer of Your personal data to such jurisdictions as a condition of using the App or Services. We shall not be liable for any claims, losses, or damages arising from such transfers, provided they are conducted in compliance with Applicable Laws. You agree to indemnify and hold Us harmless from any claims related to international data transfers conducted in accordance with this Policy.

13. Changes to This Policy

We reserve the unilateral right, at Our sole discretion, to update, amend, or modify this Policy at any time to reflect changes in Our practices, legal obligations, platform features, or industry standards. Any changes will be posted on this page, and We may, but are not obligated to, notify You via email, in-app notifications, or other reasonable means if the changes are deemed material by Us. Your continued use of the App or Services following the posting of any changes constitutes Your irrevocable acceptance of the revised Policy. If You do not agree to the revised Policy, Your sole remedy is to cease using the App and Services and delete Your Account. You waive any right to claim damages, compensation, or injunctive relief arising from changes to this Policy.

Last revision: August 10, 2025

14. Additional Protections for the Company

To further safeguard Our interests and ensure the sustainability of the App and Services, You agree to the following:

Any feedback, suggestions, ideas, or improvements You provide regarding the App or Services (collectively, "Feedback") shall be deemed Our sole and exclusive property, and You hereby assign all rights, title, and interest in such Feedback to Us without compensation, attribution, or accounting;
You waive any right to challenge or contest Our use of Feedback, including in the development, marketing, or monetization of new features, products, or services;
You acknowledge that Your use of the App or Services is at Your sole risk, and We shall not be liable for any reliance on the App or Services for academic, professional, or other purposes;
You agree to bear all costs and risks associated with Your use of the App or Services, including but not limited to data charges, hardware or software failures, or interruptions in service;
You shall indemnify, defend, and hold harmless Us, Our affiliates, officers, directors, employees, agents, successors, and assigns from any claims, losses, or damages arising from Your violation of this Policy, Your use of the App or Services, or Your interactions with other users or third parties;
We may, at Our sole discretion, impose usage limits, quotas, or restrictions on Your access to the App or Services, including limits on the storage, creation, or access of study content, without notice or liability;
You waive any right to claim ownership, compensation, or control over anonymized or aggregated data derived from Your use of the App or Services, which We may use for any purpose, including commercial exploitation.

15. Contact Us

If You have any questions, concerns, complaints, or inquiries regarding this Policy, Your personal data, or Our data processing practices, please contact Us at:

Email: charles.degraeuwe@icloud.com
Belgian Data Protection Authority (DPA): https://www.dataprotectionauthority.be/citizen

We will endeavor to respond within thirty (30) days, or sooner if required by Applicable Laws, but We make no guarantees regarding response times or resolution outcomes. You agree that Our failure to respond or provide a satisfactory resolution shall not constitute a breach of this Policy or give rise to any claim or liability. You further agree to indemnify and hold Us harmless from any claims or costs arising from Your inquiries or complaints, including any costs incurred in responding to such requests.