The controller for data processing within the meaning of the GDPR and other data protection regulations is: FYN Labs LLC 1209 Mountain Road Pl NE # 6408 Albuquerque, NM 87110, USA Email: privacy@fyn-labs.com Phone: +1 (505) 209-7025
We operate this website in a data-minimized way. We do not use tracking cookies, advertising pixels or third-party analytics tools on this website. If you contact us by email or phone, we process the data you provide to answer your request.
This website is hosted on Vercel. For technical reasons, server logs may be processed (e.g., IP address, timestamp, requested page, user agent) to deliver, secure and stabilize the service. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable operation).
We store your language and theme preference locally in your browser (Local Storage) to improve usability. This information is not used for tracking.
You have the right to access, correct, or delete your personal data. Please contact us at privacy@fyn-labs.com for any requests.
The controller for data processing within the meaning of the GDPR and other data protection regulations is: FYN Labs LLC 1209 Mountain Road Pl NE # 6408 Albuquerque, NM 87110, USA Email: privacy@fyn-labs.com Phone: +1 (505) 209-7025
The controller for data processing within the meaning of the GDPR and other data protection regulations is: FYN Labs LLC 1209 Mountain Road Pl NE # 6408 Albuquerque, NM 87110, USA Email: privacy@fyn-labs.com Phone: +1 (505) 209-7025
You can create an account and sign in using the following methods: • Email and Password: Your email address and a hashed password are stored securely via Supabase Auth (EU-hosted). • Google OAuth: When signing in with Google, we receive your name, email address, and profile picture from Google. We request only the standard scopes (openid, email, profile) for authentication. • GitHub OAuth: When signing in with GitHub, we receive your username, email address, and profile information. We request the scopes 'repo' (to access repositories you connect as Knowledge Bases) and 'read:user' (to read your profile information). • Guest Access: You may use the app without an account. A temporary guest session ID is stored locally in your browser. If you later create an account, guest session data is merged into your account and the guest session is deleted. We use Supabase (hosted in Frankfurt, Germany, EU) for authentication and user management. Your authentication tokens are stored locally in your browser and are never shared with third parties.
We collect the following data to provide and improve our services: • Chat Messages: Your conversations with AI agents are stored to maintain session history and enable persistent threads. • User Profile Facts: Facts you share about yourself (e.g., industry, preferences) are stored to personalize AI responses. • Usage Data: Feature usage patterns, session duration, and interaction metrics. • Device Data: Device model, operating system version, browser type. • Purchase History: Processed via Apple App Store, Google Play, or Stripe. We do not store payment card information. • Uploaded Files: Documents and images you upload for AI processing (stored encrypted, accessible only to your account). • Knowledge Base Content: Text chunks from connected sources are stored as vector embeddings for semantic search.
We use trusted third-party services to operate our App: • Supabase (EU, Frankfurt): Authentication, database, and real-time infrastructure. GDPR-compliant, data stored in the EU. • Railway (EU): Backend API hosting. Data processed in the EU. • Vercel: Frontend hosting and CDN. Static assets only, no user data stored. • RevenueCat: Subscription and purchase management. Processes purchase receipts from app stores. • Apple App Store / Google Play: Payment processing for mobile subscriptions. We do not store your credit card information. • Stripe: Payment processing for web subscriptions (where applicable).
When you connect your Google Drive account to The Swarm, we request the following permissions: • Read access (drive.readonly): To read documents from folders you explicitly select as Knowledge Base sources. Only files you choose are accessed. • Per-file access (drive.file): To create and manage files that The Swarm generates on your behalf (e.g., reports, artifacts, exported analyses). How we use your Google Drive data: • We only access files you explicitly select or that our app creates. • File content is processed in real-time to provide AI-assisted responses. Text is chunked and stored as vector embeddings for semantic search within your Knowledge Base. • We do not share your Google Drive data with any third parties. • Your Google OAuth refresh token is stored encrypted server-side to enable background sync of Knowledge Base content. • You can disconnect Google Drive and revoke access at any time via your Google Account permissions (https://myaccount.google.com/permissions).
When you sign in with GitHub or connect a GitHub account, we request the following permissions: • repo: To read repository contents (code, documentation, issues) that you explicitly select as Knowledge Base sources. • read:user: To read your GitHub profile information for account linking. How we use your GitHub data: • We only access repositories you explicitly connect as Knowledge Base sources. • Repository content is chunked and stored as vector embeddings for semantic search within your Knowledge Base. • We do not modify your repositories, create commits, or push code. • We do not share your GitHub data with any third parties. • You can disconnect your GitHub account and revoke access at any time via your GitHub Settings → Applications (https://github.com/settings/applications).
The Swarm uses multiple AI model providers to power its agents. Depending on configuration, your data may be processed by one or more of the following providers: • Google Gemini (default platform provider) • OpenAI (GPT models, available via BYOK) • Anthropic (Claude models, available via BYOK) • xAI (Grok models, available via BYOK) • Groq (Llama/Mixtral models, available via BYOK) • OpenRouter (multi-model routing, available via BYOK) • Custom providers (any OpenAI-compatible API endpoint, available via BYOK) How your data is processed: • Your messages, uploaded documents, connected Knowledge Base content, and conversation context are sent to the selected AI model provider for processing. • Data is transmitted via encrypted TLS connections. • When accessed via API, leading providers (Google, OpenAI, Anthropic) do not use your data to train their models. Refer to each provider's data processing terms for details. • We do not permanently store raw AI model responses beyond what is needed for your chat history. • If you use Bring Your Own Key (BYOK), your API key is stored encrypted on our servers. API calls are made directly to the provider under your own account and their terms of service apply. Our backend infrastructure is hosted in the EU (Frankfurt, Germany) to ensure GDPR compliance. Note that AI model API calls may be routed to provider infrastructure outside the EU, depending on the provider.
In addition to Google Drive and GitHub, The Swarm supports the following Knowledge Base sources: • URL/Website Scraping: You can provide URLs whose text content is fetched, chunked, and stored as vector embeddings. We access only the URLs you provide. • File Uploads: You can upload documents (PDF, DOCX, TXT, CSV, and other formats). Files are stored encrypted and processed into vector embeddings for search. • YouTube: You can connect YouTube video URLs. We extract publicly available transcript/caption data for Knowledge Base indexing. • Reddit: You can connect Reddit threads or subreddits. We access publicly available post and comment data. • X (formerly Twitter): You can connect X/Twitter content. We access publicly available posts and threads. For all Knowledge Base sources: • Content is stored as vector embeddings (numerical representations) in our EU-hosted database. • Original content is processed for chunking and may be cached temporarily for re-indexing. • You can delete any Knowledge Base and all associated data at any time from the app.
• Chat history: Retained as long as your account exists. You can delete individual rooms/threads at any time. • Knowledge Base data: Retained until you delete the Knowledge Base or your account. • User profile facts: Retained until you delete them or your account. • Uploaded files: Retained until you delete them or your account. • Guest session data: Automatically deleted upon account creation (merged) or after 30 days of inactivity. • Account deletion: Upon request, all your data (chats, KBs, uploads, profile) is permanently deleted within 30 days. Email privacy@fyn-labs.com to request deletion.
The Swarm's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. Specifically: • We only use Google user data for the purposes described in this privacy policy and as consented to by the user. • We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, or as required by law. • We do not use Google user data for advertising or to serve ads. • A human can only read Google user data if we have the user's explicit consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.
We implement appropriate technical and organizational measures to protect your data: • All data in transit is encrypted using TLS 1.2+. • Database hosted in the EU (Frankfurt, Germany) with Supabase, which implements Row Level Security (RLS) to ensure users can only access their own data. • API keys (BYOK) are stored encrypted at rest. • Authentication tokens use industry-standard JWT with automatic expiration. • File uploads are stored with unique, non-guessable identifiers and are only accessible to authenticated account owners.
Under the GDPR and other applicable data protection laws, you have the following rights: • Right of access: Request a copy of your personal data. • Right to rectification: Correct inaccurate or incomplete data. • Right to erasure: Request deletion of your personal data. • Right to data portability: Receive your data in a structured, machine-readable format. • Right to object: Object to processing based on legitimate interests. • Right to withdraw consent: Withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at privacy@fyn-labs.com. For Google-specific data, you can also revoke access via your Google Account (https://myaccount.google.com/permissions). For GitHub-specific data, you can revoke access via GitHub Settings → Applications (https://github.com/settings/applications). You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
Powered by the world's leading AI models