Privacy, Cookies & Terms

Last updated: 24 June 2026

This policy is available in several languages for convenience. The English version is authoritative — if there is any difference, the English text applies.

1. Who we are

swish ("we", "us") is an independent fashion discovery service based in Romania. We help you discover clothing across many retailers, from high street to luxury. We are not a shop: we never hold inventory, take payment, or fulfil orders — any purchase happens on the retailer's own website, under their terms. For all privacy matters the data controller can be reached at hello@swishshop.net.

2. Using swish as a guest

You can browse and swipe without creating an account. The moment the app opens, swish signs you in to an anonymous session — a random ID with no email, name or date of birth attached — and your likes, skips, learned taste and swipe stats are saved to our backend provider, Supabase, under that random ID. We do this so your swipes aren't lost when you close the app and so your feed keeps improving across sessions. Because the session is anonymous, this activity isn't linked to any real-world identity: your email, name and date of birth are only collected if you choose to create an account (see section 3). It is protected so that only your own session can access it, we don't sell it, and we don't track you across other apps or websites. You can erase this anonymous data from our servers at any time with Stats → Reset all data.

3. What we collect when you create an account

Account details — your email address, name, and date of birth, provided at sign-up.
Your activity — items you like, dislike, save, add to an outfit, or tap through to shop, and the learned "taste" we use to personalise your feed.
An account identifier — a random user ID that links your data to your account so it syncs across your devices.

Account data is stored on our backend provider, Supabase, and protected so that you can only access your own data. We do not sell your personal data, and we do not track you across other apps or websites for advertising.

To show prices in your local currency, swish reads your device's language and time-zone on your device only — we don't send your location or IP address to work this out. We do not collect payment-card details (purchases happen on the retailer's own site), and we do not knowingly collect special-category data such as health or beliefs.

4. How we use your data

To run the app and keep you signed in.
To personalise your feed and your saved items. This profiling is used only to make discovery relevant and has no legal or similarly significant effect on you.
To sync your saved items and taste across your devices.
For basic, internal analytics (e.g. how many people liked an item) to improve the app. Per-item like counts are aggregate and are not tied to your identity publicly.

Our lawful bases under the GDPR are: performance of a contract (running the account features you ask for), your consent (which you can withdraw at any time), and our legitimate interests in keeping the service secure and improving it.

5. Cookies & local storage

swish uses essential, on-device storage (your session token and a local copy of your saved swipes) to function. As described in section 2, that activity is also synced to our backend (Supabase) so it persists across sessions; it is never used for advertising and is not sold or shared with third parties for their own purposes. We do not use third-party advertising or cross-site tracking cookies in the app. When you tap "Shop" and open a retailer's website, that retailer may set its own cookies under its own policy, which we don't control.

6. Affiliate links & retailers

When you tap "Shop", we open the retailer's own website in your browser. We may earn a commission if you buy, at no extra cost to you — this never changes the price you pay and does not influence what we show you beyond normal personalisation. Once you're on a retailer's site, their privacy policy and terms apply; we do not receive your payment or order details and we do not pass your personal data to retailers.

7. Third parties we rely on

Supabase — backend, authentication and database (data processor, under a data-processing agreement).
Cloudflare — hosts and delivers the website; it processes standard technical data such as your IP address to serve the site securely.
Google Workspace — handles email you send us (for example, support or rights requests).
An exchange-rate API — to show prices in your currency; no personal data is sent.

International transfers. Some of these providers operate outside the EU/EEA (for example in the US). Where that happens, the transfer is protected by appropriate safeguards such as the EU Standard Contractual Clauses.

8. Your rights (GDPR)

You have the right to access, correct, delete, restrict, or port your data, to withdraw consent at any time, and to object to profiling. In the app you can:

Delete your account — Account → Delete account permanently removes your account and associated data from our servers.
Reset your data — Stats → Reset all data clears your likes, swipes and learned taste.

You can also email hello@swishshop.net to exercise any of these — we respond within one month. You may complain to Romania's data-protection authority, ANSPDCP (dataprotection.ro).

9. Data retention & security

We keep your account data until you delete your account or ask us to remove it. Guest (anonymous) data is stored under a random anonymous ID and is kept until you clear it with Stats → Reset all data, which removes it from our servers as well as your device.

We protect your data with encryption in transit (HTTPS), passwords stored only in hashed form (we can never see them), and per-user access controls so you can only reach your own data. No system is perfectly secure, but we use reputable processors under data-processing agreements, apply appropriate technical and organisational measures, and will notify you and the supervisory authority of any qualifying breach as required by law.

10. Children

swish is not directed at children under 16, and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will remove it.

11. Terms of use

swish is provided "as is" as a discovery tool. Prices, availability, sizing and product details are owned by the retailers and may change — always confirm on the retailer's site before buying.
Your purchase contract is with the retailer, not swish. Returns, warranties, delivery and payment are the retailer's responsibility.
Please don't misuse the service — no scraping, reverse engineering, automated abuse, or unlawful use.
swish is provided without warranties to the extent permitted by law, and we are not liable for the acts, products or websites of third-party retailers.
We may suspend or remove accounts that abuse the service or these terms.
Governing law is Romania; EU consumer-protection rights that apply to you are unaffected.

12. Changes

We'll update this page if our practices change and revise the date above.

13. Contact

Questions about privacy or these terms: hello@swishshop.net.