Privacy Policy
Last modified: March 2026
1. Who We Are (Data Controller)
SwarmSight (“we”, “us”, “our”) is the data controller responsible for your personal data. For data protection enquiries, please contact us at: info@nexus-solutionsltd.com
This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the Gibraltar Data Protection Act 2004 (DPA 2004) and the General Data Protection Regulation (GDPR). Gibraltar's DPA 2004 transposes EU GDPR into Gibraltar law and provides substantively equivalent protections.
2. Data We Collect
We collect only the data necessary to provide the SwarmSight service:
| Data Category | Details |
|---|---|
| Email address | Provided during account creation via magic link or Google OAuth |
| Payment information | Processed by Stripe — we do not store card details or payment instrument data directly |
| Simulation configurations | Agent count, simulation rounds, template selection, and other parameters you configure |
| Uploaded documents | PDF or TXT files you upload as simulation seed material |
| LLM API keys | Used in-session only during active simulations; never stored persistently on our systems |
| Usage data | Simulation status, completion counts, bundle usage tracking |
3. How We Use Your Data (Legal Basis)
We process your data under the following legal bases:
Contract performance (Article 6(1)(b) GDPR)
Account management and authentication, simulation execution and result delivery, payment processing and bundle management, and email notifications (magic links, expiry warnings, result notifications).
Legitimate interests (Article 6(1)(f) GDPR)
Service improvement, error monitoring and debugging, security and fraud prevention. Our interests are balanced against your rights and do not override them.
Consent (Article 6(1)(a) GDPR)
Marketing communications, if any. We currently send no marketing emails. Any future marketing will require explicit opt-in consent.
4. Data Retention
We follow a strict data minimisation and deletion policy:
- Simulation data: Retained for the duration of your active bundle plus a short grace period. Upon bundle expiry, ALL simulation data is permanently deleted — including results, uploaded documents, configuration files, and VPS data.
- Account email: Retained for future authentication and potential future purchases unless you request deletion.
- LLM API keys: Never retained beyond the active simulation session. Not stored in our database or logs.
- Payment records:Retained as required by applicable financial regulations and Stripe's retention policies.
After bundle expiry and deletion, no recovery of simulation data is possible.
5. Data Sharing and Processors
We engage the following third-party data processors to deliver the service. We do not sell your data and do not share it for advertising purposes.
Stripe (stripe.com)
Payment processing. When you purchase a bundle, payment data is handled directly by Stripe. We receive only a confirmation of payment, not your card details. Stripe's own privacy policy applies to data they process.
Resend (resend.com)
Transactional email delivery. We use Resend to send magic link authentication emails, simulation result notifications, and bundle expiry warnings.
Hetzner (hetzner.com)
Virtual private server hosting. Your simulation data and uploaded documents reside on Hetzner infrastructure located in Nuremberg, Germany (EU). Hetzner operates under EU data protection law.
6. International Data Transfers
All VPS infrastructure is hosted by Hetzner in Nuremberg, Germany (EU data centre region: nbg1). Your simulation data does not leave the European Economic Area (EEA) through our hosting infrastructure.
Where Stripe and Resend transfer data outside the EEA as part of their services, they do so under Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR. We maintain Data Processing Agreements with our processors in accordance with Article 28 GDPR.
7. Your Rights
Under the GDPR and the Gibraltar Data Protection Act 2004, you have the following rights regarding your personal data:
- Right of access:Request a copy of the personal data we hold about you.
- Right to rectification:Request correction of inaccurate or incomplete data.
- Right to erasure:Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
- Right to restriction:Request that we restrict processing of your data in certain circumstances.
- Right to portability:Receive your data in a structured, machine-readable format.
- Right to object:Object to processing based on legitimate interests.
- Right to withdraw consent:Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, please contact us at info@nexus-solutionsltd.com. We will respond within 30 days.
8. Cookies
SwarmSight uses only essential cookies required for the service to function:
- Session management cookies (HTTP-only JWT tokens for authentication)
We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookies for profiling purposes. No cookie consent banner is required for essential-only cookies under GDPR Recital 47 and ePrivacy guidance.
9. Supervisory Authority
You have the right to lodge a complaint with the supervisory authority for data protection in Gibraltar:
Gibraltar Regulatory Authority (GRA)
The GRA is the data protection supervisory authority for Gibraltar under the Gibraltar Data Protection Act 2004.
Website: gra.gi
We encourage you to contact us first at info@nexus-solutionsltd.com before lodging a formal complaint, as we will endeavour to resolve your concern directly.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Changes will be posted on this page with an updated “Last modified” date. We will notify you by email of any material changes affecting your rights. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Effective Date
This Privacy Policy is effective as of March 2026.
See also our Terms of Service.