SwapKeyJoin free

Privacy Policy

Last updated: April 2026

SwapKey Ltd (“SwapKey”, “we”, “us”) operates the SwapKey platform at swapkey.io. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

We are registered as a data controller with the Information Commissioner’s Office (ICO). If you have any questions about this policy, contact us at privacy@swapkey.io.

1. What data we collect

Account information

  • Name and email address when you register
  • Password (stored as a salted hash — we never see it in plain text)
  • Profile photo if you choose to upload one
  • Phone number if you choose to provide one

Property listing information

  • Property address, type, size, and features
  • Photos you upload of your property
  • Your postcode is used for matching and map display. Your full address is not shown publicly — only your area and postcode district (e.g. “Hackney, E8”) is visible to other users
  • Council or housing association name
  • Tenancy type and EPC rating

Search preferences

  • Target areas, bedroom requirements, and lifestyle preferences you set
  • These are used solely to compute match scores

Messages

  • Content of messages you send to other users through SwapKey
  • Photos and documents shared in conversations
  • Message timestamps and read receipts

Swap application data

  • Details of any swap applications you start or participate in
  • Stage progress and any notes from housing officers

Usage data

  • Pages visited and actions taken (via PostHog analytics)
  • Browser type, device type, and approximate location (country/city level)
  • This data is anonymised and aggregated where possible

2. Why we collect it and our legal basis

We process your personal data under the following legal bases:

  • Contract performance: to provide the SwapKey service you signed up for — matching you with potential swap partners, enabling messaging, and tracking swap applications
  • Legitimate interests: to improve the platform, detect abuse, and ensure security
  • Legal obligation: to comply with applicable laws including GDPR, the Housing Act, and ICO requirements
  • Consent: for optional features such as email notifications. You can withdraw consent at any time from your profile settings

3. How we use your data

  • To create and manage your account
  • To compute compatibility match scores between your listing and others
  • To enable real-time messaging with other tenants
  • To send transactional emails (account confirmation, new messages, swap updates)
  • To track swap application progress
  • To improve the platform through aggregated analytics
  • To prevent fraud and abuse

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Who we share data with

We share limited data with the following third-party service providers, solely to operate the platform:

  • Supabase (database and authentication) — data stored in EU (Ireland) region
  • Vercel (hosting) — EU region
  • Resend (transactional email) — EU region
  • Mapbox (mapping) — postcode coordinates only, no personal identifiers
  • PostHog (analytics) — anonymised usage data

All providers are bound by data processing agreements. No data is transferred outside the UK or EU without appropriate safeguards.

We may also share data with housing officers at your council or housing association when you start a formal swap application — this is necessary to process your exchange request.

5. How long we keep your data

  • Account data: for as long as your account is active, plus 90 days after deletion to allow for recovery requests
  • Property listings: deleted when your account is deleted or your listing is removed
  • Messages: retained for 2 years to support any disputes related to swap agreements
  • Swap application records: retained for 5 years for legal and regulatory purposes
  • Analytics data: anonymised after 12 months

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data (“right to erasure”)
  • Restrict how we process your data in certain circumstances
  • Port your data to another service
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for consent-based processing

To exercise any of these rights, email privacy@swapkey.io. We will respond within 30 days. You can also delete your account directly from your profile settings.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint.

7. Cookies

We use the following types of cookies:

  • Essential cookies: required for the platform to function — session authentication, security tokens. These cannot be disabled.
  • Analytics cookies: PostHog uses cookies to track anonymised usage patterns. You can opt out via the cookie banner or your browser settings.

We do not use advertising or tracking cookies.

8. Security

We take data security seriously. Measures include:

  • All data encrypted in transit (TLS 1.3) and at rest
  • Row-level security on all database tables — users can only access their own data
  • Passwords hashed using bcrypt
  • Regular security reviews
  • Access to production data restricted to authorised personnel

9. Children

SwapKey is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at privacy@swapkey.io.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. The “last updated” date at the top of this page shows when it was last revised.

Contact

SwapKey Ltd
Email: privacy@swapkey.io