Swiftrics Privacy Policy
Effective Date: June 17, 2026
Last Updated: June 17, 2026
1. Introduction
This Privacy Policy describes how Pelton Solutions LLC, a Michigan limited liability company doing business as Swiftrics ("Swiftrics," "we," "us," or "our"), collects, uses, and discloses information when you use our website, software-as-a-service platform, website builder, hosting, domain registration, outbound email, and analytics services (collectively, the "Service").
This Policy is incorporated into our Terms of Service. Defined terms have the meanings given in the Terms.
The Service is offered only to Customers with a valid United States billing address who are at least 18 years old. If you are accessing the Service from outside the United States, please do not provide us with personal information.
2. Scope of This Policy
This Policy covers:
- information about you as a Swiftrics Customer (including individual users at a Customer organization);
- information about visitors to swiftrics.com and our marketing and support pages; and
- information you submit in support of a Domain registration processed through Swiftrics (Registrant contact details, etc.).
This Policy does not govern, as a matter of our own privacy practices, the personal information that Customer Site Visitors submit to a Customer Site you build and operate using Swiftrics — for example, contact-form submissions. For that data, you (the Customer) are the controller and Swiftrics acts as a processor / service provider on your behalf. Your own privacy policy on your Customer Site governs how that data is handled. See Section 7 and our Data Processing Addendum.
3. Information We Collect
3.1 Information You Provide Directly
- Account information. Your first and last name, email address, and a password (which we store only in hashed form), plus an email-verification timestamp when you confirm your address.
- Billing information. Your billing name and address. Payment card details are collected and stored by our payment processor, Stripe; Swiftrics does not receive or store your full card number — only Stripe customer, subscription, and price identifiers and limited billing metadata.
- Domain Registrant information. For each Domain you register through Swiftrics, we collect Registrant contact details required by the registry and the Upstream Registrar — typically name, organization (if any), postal address, email, and phone number. This information is shared with the Upstream Registrar and the applicable registry and may appear in public WHOIS/RDAP records, subject to any privacy/proxy service we provide and to applicable law. See Section 5.
- Customer Content. Content you upload to, import into, or create within the Service (text, images and other media, code, files, data), including business "Locations" data and any media you publish. We treat Customer Content as confidential and process it only to provide the Service to you. Note that content and media you publish become publicly available on your live Customer Site.
- Support and feedback. Information you submit when you contact support, request features, respond to surveys, or otherwise interact with us.
3.2 Information We Collect Automatically (About Customers Using the Admin Platform)
When you use the Swiftrics admin platform, we collect:
- Authentication and session data. Session cookies, "remember me" tokens, and API tokens used to keep you signed in and to authenticate API requests.
- Diagnostic and error data. When the Service encounters an error, we capture diagnostic information through our error-monitoring provider, Sentry, and our deployment/source-control tooling, GitHub. This diagnostic data may incidentally include request details such as an IP address or other request data associated with the error. We use it only to detect, investigate, and fix problems — not for advertising or cross-site tracking.
We do not use third-party advertising cookies or cross-site tracking technologies in the admin platform.
3.3 Customer Site Visitor Analytics (Privacy-Preserving)
Swiftrics provides built-in, cookieless analytics for your published Customer Sites. This analytics system is deliberately privacy-preserving:
- It does not set tracking cookies and does not store a visitor's raw IP address or user-agent string.
- Instead, those values are combined into a daily-rotating, salted SHA-256 "visitor hash" that cannot be reversed to identify an individual and that changes each day and differs per site.
- The only data retained is the page path, referrer, device type (desktop / mobile / tablet), and a timestamp.
- Analytics records are retained for a default of two (2) years and then pruned.
3.4 Information from Third Parties
We may receive information about you from third parties, including:
- Stripe — payment confirmations, fraud signals, and dispute information.
- Upstream Registrar — registration, renewal, transfer status, and abuse reports.
- Email infrastructure — delivery, bounce, and complaint events for messages sent through the Service.
- Public sources — when relevant (for example, business look-ups in fraud investigations).
3.5 What We Do Not Collect
- The Service is not directed to minors; you must be 18 or older to hold an Account, and we do not knowingly collect personal information from anyone under 18. See Section 13.
- We do not collect biometric or genetic identifiers, precise geolocation (beyond what an IP address incidentally implies), or special categories of data such as racial or ethnic origin, religious beliefs, health data, or union membership.
4. How We Use Information
We use the information described in Section 3 to:
- Provide the Service — host and publish your Customer Site, manage your Domain registration, process Customer Content, and operate the platform you subscribe to;
- Process Domain registrations and renewals — submit Registrant data to the Upstream Registrar, the applicable registry, and the WHOIS/RDAP system as required by ICANN and registry rules;
- Bill you and process payments — charge your payment method on file via Stripe, send receipts, and manage refunds and disputes;
- Send email and protect deliverability — deliver messages you trigger (such as contact-form notifications), and monitor bounce and complaint events and maintain a suppression list to protect platform deliverability;
- Communicate with you — service announcements, security and account notices, renewal reminders, support responses, and (if you opt in) marketing emails;
- Improve the Service — diagnose issues, analyze performance, and develop new features;
- Maintain security and integrity — detect and prevent fraud, abuse, malware, phishing, account takeover, and other harm; and
- Comply with legal obligations and enforce our agreements — including tax reporting, legal process, ICANN policy obligations, DMCA, and the Terms and Acceptable Use Policy.
We do not sell your personal information for monetary consideration. See Section 11 for state-specific definitions and rights.
5. WHOIS, RDAP, and Domain Registration Disclosures
When you register a Domain through Swiftrics, certain Registrant information is shared with parties beyond Swiftrics. This is required by the domain-name industry and is not something Swiftrics can opt out of on your behalf.
- We share Registrant contact information with the Upstream Registrar, which in turn submits required data to the applicable registry and the WHOIS/RDAP system.
- Some Registrant contact details may be published in the public WHOIS/RDAP database, subject to ICANN's policies and applicable law. Some TLDs require more information to be public; others permit redaction.
- We may offer or include a WHOIS privacy / proxy service that substitutes proxy contact information in the public record. Even with privacy enabled, the underlying Registrant data is retained by us and the Upstream Registrar and may be disclosed in response to lawful process, abuse investigations, UDRP/URS proceedings, or as ICANN policy requires.
- Registrant data may also be shared with escrow providers and emergency back-end registry operators as ICANN policy requires.
- If you transfer your Domain to another registrar, we will provide the gaining registrar with information required for transfer processing.
By registering a Domain through Swiftrics, you authorize these disclosures and accept that they will continue for as long as you remain the Registrant of record.
6. How We Share Information
We disclose your information in the following situations.
6.1 Service Providers and Sub-Processors
We use third-party vendors to operate the Service. These vendors process information only on our instructions and under contractual obligations to protect it. Our principal sub-processors are:
- Amazon Web Services (AWS) — cloud infrastructure: application hosting, databases, storage of content and media, content delivery (CDN), DNS and domain registry access, and outbound email delivery (Amazon SES);
- Stripe — payment processing and subscription billing;
- Sentry — application error and performance monitoring;
- GitHub — source control and deployment tooling; and
- the Upstream Registrar and related registry/escrow providers — to register, renew, and manage Domains.
A current, detailed list is maintained in our Sub-Processor List, which we update as our vendors change.
6.2 Legal Process and Safety
We may disclose information when we believe in good faith that disclosure is required or appropriate to (a) comply with applicable law or legal process; (b) protect the rights, property, or safety of Swiftrics, our Customers, or the public; (c) detect, prevent, or investigate fraud, security, or technical issues; or (d) enforce our Terms or other agreements.
6.3 ICANN, Registries, and Dispute Bodies
For Domain-related matters, we may share information with ICANN, registry operators, the Upstream Registrar, UDRP/URS dispute providers, and similar bodies as required by applicable policies.
6.4 Business Transfers
If Swiftrics is involved in a merger, acquisition, financing, reorganization, sale of assets, or insolvency proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
6.5 With Your Direction
We share information with third parties when you instruct us to — for example, by requesting a Domain transfer or referring a colleague.
6.6 Aggregated and De-Identified Information
We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose.
7. Customer Sites and Customer Site Visitors
When you build and operate a Customer Site using Swiftrics, Customer Site Visitors interact with you, not with Swiftrics directly. Specifically:
- You determine what data Customer Site Visitors are asked to provide (for example, through a contact form, which may collect a name, email, phone number, a free-text message, and any additional fields you configure). Contact-form submissions are stored for you and emailed to the site owner.
- You are responsible for publishing a privacy policy on your Customer Site, obtaining any required consents, and complying with all applicable privacy and consumer-protection laws regarding Customer Site Visitors.
- Swiftrics processes Customer Site Visitor data only as your service provider / processor, to deliver the Service. We do not use Customer Site Visitor personal information for our own marketing, profiling, or other independent purposes.
Data Processing Addendum. For Customers who require one, we make a Data Processing Addendum (DPA) available that governs our processing of Customer Site Visitor data on your behalf and incorporates our Sub-Processor List. If a Customer Site Visitor contacts us directly with a request about data handled on your Customer Site, we will generally redirect them to you as the responsible party.
8. Cookies and Similar Technologies
Swiftrics uses a minimal set of first-party technologies and does not use third-party advertising or cross-site tracking cookies anywhere in the Service.
- Strictly necessary (admin platform). A first-party session/authentication cookie, a CSRF-protection token, and "remember me" tokens keep you securely signed in. These cannot be turned off without breaking the Service.
- Customer Site analytics. As described in Section 3.3, our built-in analytics for your published Customer Site are cookieless and do not store raw IP addresses or user-agent strings.
Because we do not engage in cross-context behavioral advertising and do not "sell" or "share" personal information in the advertising sense, a consent banner is generally not required for our own technologies. You can also manage cookies through your browser settings, though disabling strictly necessary cookies will prevent the admin platform from working. Where any applicable law treats a browser Global Privacy Control (GPC) signal as a valid opt-out request, we will honor it.
9. Data Retention
We retain personal information for as long as we need it to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific practices include:
- Account information. Retained for the life of your Account. On cancellation or termination, your Customer Site is taken offline and you have an approximately 30-day grace period to export your Customer Content; after that period we permanently delete your Account and Customer Content from active systems. Residual copies in routine backups age out on their normal rotation cycle.
- Billing and tax records. Retained for the period required by applicable tax and financial regulations (typically seven years in the U.S.), even after Account closure.
- Domain Registrant information. Retained for the life of the registration plus any post-cancellation period required by ICANN policy or the Upstream Registrar agreement (data-escrow obligations may extend retention).
- Customer Site analytics. Page-view records are pruned after a default of two (2) years.
- Site export files. Generated export downloads are temporary and expire shortly after creation (approximately one day).
- Email deliverability events. Bounce, complaint, and suppression-list records are retained to protect ongoing deliverability.
- Diagnostic/error data and support communications. Retained for the period reasonably needed to investigate issues, handle disputes, and improve the Service.
When we no longer need information, we delete or de-identify it, except where law or contractual obligation requires continued retention.
10. Security
We use reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include:
- HTTPS enforced in transit, and DKIM / SPF / DMARC authentication on outbound email;
- per-tenant isolation, where each Customer site is provisioned with its own scoped cloud credentials;
- secrets held in a managed secrets store, with sensitive database fields encrypted at rest;
- production systems that run on short-lived instance credentials rather than long-lived static keys; and
- access controls, logging, and regular security review.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a security incident that affects your personal information in a way that triggers a notification obligation under applicable law, we will notify you and the appropriate regulators in accordance with that law. You are responsible for the security of your Account credentials and for promptly notifying us of any suspected compromise.
11. State Privacy Rights
Several U.S. states grant residents specific rights with respect to their personal information. The rights below apply where you are a resident of the applicable state. To exercise these rights, see Section 14.
11.1 California (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose; access a copy of it; correct inaccuracies; delete it (subject to exceptions); limit the use of sensitive personal information; opt out of any "sale" or "sharing" for cross-context behavioral advertising; and not be discriminated against for exercising these rights.
Sale and sharing. Swiftrics does not sell personal information for monetary consideration and does not "share" personal information for cross-context behavioral advertising. We engage our vendors as service providers under contracts that restrict their use of personal information to providing services to us.
Categories collected. See Section 3. Categories include: identifiers (name, email, IP captured incidentally in diagnostics); commercial information (subscription and billing); internet/usage activity; professional information (work email/organization); and Registrant contact details for Domains. We do not collect biometric or genetic data, precise geolocation, or other sensitive categories listed in Section 3.5.
Authorized agents. California residents may use an authorized agent to submit a request; we may require verification of the agent's authority.
11.2 Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and similar states
Residents of these states (and other states with comparable privacy laws) generally have the right to access their personal information, correct inaccuracies, delete it, obtain a portable copy, opt out of targeted advertising / sale / certain profiling, and appeal a denied request. The exact scope depends on your state of residence. To submit a request, see Section 14.
11.3 General
We will verify your identity before fulfilling a request and may decline requests that are unverifiable, manifestly unfounded, excessive, or that conflict with our legal obligations. We will not retaliate against you for exercising a privacy right.
12. Marketing Communications
We may send you marketing emails (about new features, tips, or promotions) if you have opted in or where applicable law permits a "soft opt-in" based on your Customer relationship with us. You can unsubscribe at any time using the link in any marketing email or by emailing hello@swiftrics.com. We will still send you operational messages (about your Account, billing, security, and Domain renewals), which are not marketing.
13. Children's Privacy
The Service is intended for business use by adults and is not directed to minors. You must be at least 18 years old to create an Account, and we do not knowingly collect personal information from anyone under 18. If you believe we may have collected personal information from a minor, please contact us at hello@swiftrics.com and we will take appropriate steps to delete it.
If you operate a Customer Site directed to children, you are solely responsible for complying with the Children's Online Privacy Protection Act ("COPPA") and any similar laws with respect to your Customer Site Visitors.
14. How to Exercise Your Rights
You may submit a privacy request (access, correction, deletion, portability, opt-out, or appeal) by either of the following methods:
- Online form: complete the privacy request form at https://app.swiftrics.com/privacy-request; or
- Email: email hello@swiftrics.com with the subject line "Privacy Request — [your state]";
- Include enough information to identify your Account and the right you wish to exercise; and
- We will respond within the timeframe required by applicable law (generally within 45 days, with one possible 45-day extension).
If we deny your request, we will explain why and how to appeal.
15. International Users and Data Location
The Service is intended only for users in the United States, and all information is processed and stored in the United States (primarily in AWS regions in Ohio and Northern Virginia; published site content is cached on global CDN edge locations). By using the Service from any other location, you understand that your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those of your country.
We do not currently offer the Service to residents of the European Economic Area, the United Kingdom, or Switzerland, and we do not provide GDPR-style data subject rights or Standard Contractual Clauses for international transfers. The Data Processing Addendum referenced in Section 7 governs our role as a service provider/processor for Customer Site Visitor data under U.S. law; it is not a GDPR transfer mechanism. If you are located in the EEA, UK, or Switzerland, please do not create an Account.
16. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will give you reasonable advance notice (by email and/or in-product notice). The "Last Updated" date at the top reflects the most recent revision.
17. Contact
Pelton Solutions LLC
Attn: Swiftrics — Privacy
101 Rainbow Dr, Suite 1624
Livingston, TX 77399
Privacy questions and requests: hello@swiftrics.com