Back to Swurvebot

Privacy Policy

Last updated: April 2, 2026

What We Collect

When you use Swurvebot, we collect only what is necessary to provide the service:

• Account info — username, email address (optional), and a securely hashed password.
• Marketplace connections — seller usernames or profile URLs you provide for eBay, Depop, Mercari, and OfferUp. For eBay, we request read-only OAuth access to your seller inventory.
• Discord — if you link Discord, we store your Discord user ID and username for community tier assignment.
• Billing — subscription status and Stripe customer ID. We never see or store your credit card number; all payment processing happens on Stripe's servers.
• Usage data — task history, view delivery counts, notification preferences, and first-party site analytics events such as page views, referral metadata, session activity, and performance signals.

How We Use Your Data

• To deliver automated listing views and watchers you request.
• To manage your subscription and send transactional emails (verification, task completion).
• To sync your Discord role with your subscription tier (if connected).
• To measure site traffic, diagnose product performance, and understand conversion funnels inside Swurve.

We do not sell your data. We do not run ads. We use first-party analytics to understand traffic and product performance, and we do not use third-party advertising or tracking pixels.

Third-Party Services

We share limited data with these services to operate Swurvebot:

• Stripe — email and subscription info for payment processing.
• Resend — email address for transactional emails (verification, notifications).
• Discord — user ID for role assignment (if you link your account).
• eBay — OAuth tokens for read-only inventory access (if you connect eBay).

No user data is shared with our proxy provider (Webshare) or any other third party.

Cookies

We use two cookies, both strictly functional:

• Session cookie — keeps you logged in (HttpOnly, Secure).
• CSRF cookie — protects against cross-site request forgery.

We do not use advertising cookies. Our product analytics are first-party and do not rely on third-party analytics cookies or pixels.

Data Security

Passwords are hashed with scrypt. Sessions use HMAC-signed cookies over HTTPS. OAuth tokens are stored server-side and never exposed to the browser. All connections use TLS.

Data Retention & Deletion

Your data is retained as long as your account is active. To request account deletion and removal of all associated data, contact us via Discord or email. We will delete your account and all stored data within 30 days of your request.

Your Rights

You can request a copy of your data or ask us to delete your account at any time. Contact us through our Discord server.

Changes

We may update this policy. Material changes will be announced on our Discord server.