Privacy Policy
Last updated: 16 March 2026
FanSwype ("we", "us", "our") operates the FanSwype mobile application (the "App"). This Privacy Policy explains what data we collect, how we use it, and your rights.
Data Controller: FanSwype, Australia. For data enquiries, contact support@fanswype.com.
1. Data We Collect
1.1 Data You Provide
- Display name and avatar: chosen during setup. No real name, email, or phone number is required.
- Rankings and votes: your swipe choices and resulting rankings for each franchise.
- Consent preferences: your analytics and advertising consent choices.
1.2 Data Collected Automatically
- Anonymous device identifier: generated via Supabase anonymous authentication. We do not link this to your real identity.
- Usage analytics (only if you consent): non-personally-identifiable events such as franchises selected, votes cast, and features used.
- Device information: device type, operating system version, and app version for crash reporting and compatibility.
1.3 Data We Do NOT Collect
- Real names, email addresses, phone numbers, or physical addresses
- Location data (we use device locale settings only to determine your regional Amazon store)
- Photos, contacts, or other on-device data
- Payment details (handled entirely by Apple App Store / Google Play)
2. Lawful Basis for Processing (GDPR)
We process your data under the following lawful bases:
| Data Type | Lawful Basis | Purpose |
|---|
| Display name & avatar | Consent (Art. 6(1)(a)) | Profile creation |
| Rankings & votes | Contract performance (Art. 6(1)(b)) | Core service functionality |
| Anonymous device ID | Contract performance (Art. 6(1)(b)) | Account creation and authentication |
| Usage analytics | Consent (Art. 6(1)(a)) | App improvement — not collected unless you consent |
| Device information | Legitimate interest (Art. 6(1)(f)) | Crash reporting and compatibility (see Section 2.1) |
| Ad personalisation | Consent (Art. 6(1)(a)) | Personalised advertising — not activated unless you consent |
| Consent preferences | Legal obligation (Art. 6(1)(c)) | Record-keeping to demonstrate valid consent (Art. 7(1)) |
You can withdraw consent for analytics and personalised ads at any time via Settings > Legal & Privacy in the App. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. It is as easy to withdraw consent as it is to give it.
2.1 Legitimate Interest Assessment — Device Information
We collect basic device information (device type, OS version, app version) under legitimate interest for the purpose of crash reporting and compatibility. We have assessed that:
- Our interest: ensuring the App functions correctly across devices and promptly fixing crashes.
- Impact on you: minimal — this data is non-identifying, limited to technical metadata, and cannot be used to identify or profile you.
- Safeguards: data is retained for only 90 days and is not shared beyond our crash reporting provider (Sentry, when integrated).
3. How We Use Your Data
- Provide the service: store your votes, compute rankings, enable connections with other users. When you connect with another user, your display name, avatar, and rankings are shared with that user (and vice versa).
- Global rankings: aggregate anonymised vote data to produce community-wide rankings.
- Improve the App: analyse usage patterns to fix bugs and improve features (only if you consent to analytics).
- Affiliate links: we use your device locale to direct you to the correct regional Amazon store. We earn a commission on qualifying purchases via the Amazon Associates programme. No personal data is shared with Amazon.
4. Data Storage and Security
- Data is stored in Supabase (hosted on AWS infrastructure) with Row Level Security (RLS) enforced — users can only access their own votes, ratings, and settings.
- Images are served via Cloudflare R2 CDN.
- All network communication uses HTTPS/TLS encryption.
- Anonymous authentication means there is no password to compromise.
5. International Data Transfers
Your data may be processed by our service providers in jurisdictions outside your country of residence, including the United States:
- Supabase (database): hosted on AWS infrastructure
- Cloudflare (image CDN and website hosting): global network
- Sentry (crash reporting, when integrated): US-based
- Google AdMob (advertising, when integrated): US-based
These transfers are safeguarded by the providers' Standard Contractual Clauses (SCCs) or equivalent mechanisms as approved under GDPR Art. 46. You can request further details about these safeguards by contacting us.
6. Data Sharing
We do not sell, rent, or share your personal data with third parties. Data is only shared in these limited cases:
- Service providers: Supabase (database hosting), Cloudflare (image CDN), and Sentry (crash reporting, when integrated) process data on our behalf under their respective privacy policies and data processing agreements.
- Aggregated data: we may use, publish, licence, or otherwise make available de-identified, aggregated statistical data derived from user activity (such as global rankings and voting trends). This data cannot be used to identify any individual user.
- Legal requirements: we may disclose data if required by law or to protect our legal rights.
7. Advertising
The App displays advertisements via Google AdMob. If you consent to personalised advertising, AdMob may collect device identifiers and usage data according to Google's Privacy Policy. If you do not consent, you will still see advertisements, but they will not be personalised. You can change your advertising preferences at any time via Settings > Legal & Privacy in the App.
8. In-App Purchases
Purchases are processed entirely by Apple (App Store) or Google (Google Play). We do not receive or store your payment information. We receive only a confirmation that a purchase was completed.
9. Automated Decision-Making
The App uses an ELO-based ranking algorithm to calculate your personalised rankings from your swipe choices. This is an automated process, but:
- It does not produce legal effects or similarly significantly affect you
- It only determines the ordering of entertainment content in your personal rankings
- You can reset your rankings at any time within the App
10. Children's Privacy
The App is not directed at children under 13. We do not knowingly collect data from children under 13. The App includes an age verification gate on first launch. If you believe a child under 13 has accessed the App, please contact us and we will delete their data promptly.
11. Data Retention and Deletion
| Data Type | Retention Period |
|---|
| Account data (anonymous ID, display name, avatar) | Until you delete your account |
| Votes and rankings | Until you delete your account or reset within the App |
| Usage analytics events | 12 months from event date, then automatically purged |
| Device/crash information | 90 days from event date |
| Consent records | 3 years from date of consent (to demonstrate lawful consent) |
| Aggregated global rankings | Indefinitely (fully anonymised, cannot be linked to you) |
- You can reset your votes and rankings at any time within the App.
- You can delete your account via Profile > "Delete My Account". Local data is removed immediately. Server-side data will be permanently deleted within one month of your request.
- To request complete deletion of your data, you can also contact us at the address below.
12. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the data we hold about you (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure of your data ("right to be forgotten") (Art. 17)
- Restrict processing of your data (Art. 18)
- Data portability — receive your data in a structured, machine-readable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time for analytics and personalised ads (Art. 7(3)), via Settings > Legal & Privacy
- Do Not Sell or Share — California residents (CCPA/CPRA) can opt out of data sharing via Settings > Legal & Privacy > "Do Not Sell or Share My Data"
- Lodge a complaint with a supervisory authority in your jurisdiction (Art. 77). For Australian residents, this is the Office of the Australian Information Commissioner (OAIC). For EU residents, contact your local Data Protection Authority.
To exercise these rights, contact us at the address below. We will respond without undue delay and in any event within one month of receiving your request.
13. Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Art. 33)
- Notify affected users without undue delay via an in-app notification and, where possible, via any contact information on file
- Document the breach, its effects, and the remedial actions taken
14. Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top. Material changes will be communicated via the App. Where changes affect processing based on consent, we will seek fresh consent where required.
15. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Email: support@fanswype.com