Skip to main content

Privacy Policy

Last updated:

1. Introduction

This privacy policy explains how SwingIntel collects, uses, stores, and protects your personal data when you use our website at https://swingintel.com and our AI-powered website optimisation services.

The data controller responsible for your personal data is Next Layer Digital Ltd, trading as SwingIntel, a company registered in England and Wales (company number 16932866), with its registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO:00012757628).

SwingIntel provides AI-powered website scanning, scoring, and optimisation services that help businesses improve their visibility to AI search agents such as ChatGPT, Perplexity, Claude, Gemini, Grok, DeepSeek, and Microsoft Copilot. We analyse publicly accessible web pages and generate reports with actionable recommendations.

If you have any questions about this privacy policy or our data practices, you can contact us at info@swingintel.com.

2. Information We Collect

We collect the following categories of information when you interact with our services:

Account Information

When you create an account or make a purchase, we collect your email address and, optionally, your name. Passwords are managed by our authentication provider and are not stored directly by us.

Scan Data

When you use our scanning services, we collect the website URLs you submit for analysis, the resulting scan data, AI Readiness Scores, and generated reports. This information is necessary to deliver the service you have requested.

AI Visibility Monitoring Data

If you have purchased an AI Readiness Audit, we may periodically re-scan your website to track changes in your AI visibility over time. These automated checks generate updated scan data, including AI Readiness Scores, which are associated with your account and original order.

Payment Information

All payment processing is handled by Stripe. We never see, receive, or store your credit card numbers, debit card numbers, or other sensitive payment credentials. From Stripe, we receive only the transaction confirmation, the amount paid, and the email address associated with the payment.

Lead Information

If you provide your email address when using our free homepage scan, we collect that email address along with the associated scan results. This allows us to send you your scan report and, where applicable, follow up with relevant service information.

Contact and Inquiry Data

When you submit a message via our contact form, we collect your name, email address, and message content. If you submit an enterprise inquiry, we also collect your company name, company website URL, and the number of websites you manage. This information is used to respond to your inquiry and, where relevant, to provide you with information about our services.

Automatically Collected Information

Our hosting provider (Vercel) generates server access logs as part of normal operations. These may include your IP address, browser user-agent string, and the pages you access. We do not use these logs for analytics, profiling, or marketing purposes.

Cookies

We use essential cookies for session management and authentication, and analytics cookies (Google Analytics 4) to understand how visitors use our website. We do not use advertising cookies, remarketing cookies, or any third-party marketing cookies. For full details, see Section 11 below.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide our website scanning, scoring, and report generation services
  • To process payments securely via Stripe
  • To create and manage your account
  • To send transactional emails, including welcome messages, payment confirmations, and notifications when your report is ready
  • To improve the quality and accuracy of our scanning and optimisation services
  • To prevent abuse, fraud, and misuse of our platform, including rate limiting

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases under the UK General Data Protection Regulation (UK GDPR):

Contract Performance

Processing your email address, scan data, and payment information is necessary for the performance of the contract between you and Next Layer Digital Ltd — specifically, to deliver the scanning and optimisation services you have purchased.

Legitimate Interests

We process certain data on the basis of our legitimate interests, which include improving the quality and effectiveness of our services, preventing abuse and fraud, and conducting internal analytics to understand usage patterns. We ensure that our legitimate interests do not override your fundamental rights and freedoms.

Consent

Where we introduce marketing communications in the future, we will obtain your explicit consent before sending such communications. You will always have the right to withdraw consent at any time.

Legal Obligation

We may process and retain certain data where required by law, including financial records for tax and accounting purposes, and data necessary for fraud prevention and detection.

5. Third-Party Service Providers

We share your personal data with the following third-party service providers, each of whom processes data on our behalf and in accordance with their own privacy policies:

  • Stripe (stripe.com) — Processes all payments securely. Stripe receives your payment details directly and provides us only with transaction confirmation information.
  • Supabase (supabase.com) — Provides authentication services and database hosting for our application data.
  • Vercel (vercel.com) — Hosts our website and serves our web application.
  • Resend (resend.com) — Delivers transactional emails on our behalf, including payment confirmations and report delivery notifications.
  • Anthropic (anthropic.com) — Provides AI-powered analysis capabilities for our audit reports. We send publicly accessible website content and scan analysis data to Anthropic's API to generate strategic insights and competitive analysis. We do not send your personal data (such as your name, email, or payment details) to Anthropic.
  • Google Analytics (analytics.google.com) — Provides website usage analytics. Google Analytics uses cookies to collect aggregated data about page views and user interactions. We use this data to understand how visitors use our website and to improve our services. Google may process this data on servers outside the UK. See Google's privacy policy at policies.google.com/privacy.

AI Citation Testing Providers

As part of the AI Readiness Audit, we test whether AI search platforms cite your website. To perform these tests, we send queries containing your website URL and publicly available business information to the following AI platforms:

No personal data (such as your name, email address, or payment details) is shared with these providers. These queries contain only your website URL and publicly available business information, and are processed under each provider’s API terms of service.

Data Analysis Providers

We use the following services to analyse your website’s visibility and discoverability:

  • DataForSEO (dataforseo.com) — Provides page ranking data, keyword analysis, AI search visibility data, and AI Overview detection. Receives your website URL.
  • Exa (exa.ai) — Provides neural search testing to assess whether AI systems can discover your website through semantic search. Receives your website URL and publicly available business information.
  • Tavily (tavily.com) — Provides AI agent search testing to assess whether AI agents find your website when browsing the web. Receives your website URL and publicly available business information.

Infrastructure Providers

  • Upstash (upstash.com) — Provides Redis caching and durable workflow execution for our scanning pipeline. Processes technical operational data only.
  • Cloudflare (cloudflare.com) — Provides bot detection (Turnstile CAPTCHA) on our contact and enterprise inquiry forms. Cloudflare may set cookies on your device to distinguish humans from bots. See Cloudflare’s privacy policy at cloudflare.com/privacypolicy.

We do not sell your personal data to any third party. We only share data with third parties to the extent necessary to deliver our services.

6. Data Retention

We retain your personal data for the following periods:

  • Account data: Retained for as long as your account remains active. If you request deletion of your account, we will delete your account data within 30 days, subject to any legal obligations that require us to retain certain records.
  • Scan reports: Retained indefinitely so that you can access your reports at any time. You may request deletion of your reports at any time.
  • Lead data: Email addresses and associated free scan results are retained for service delivery and improvement purposes until you request their deletion. If we introduce marketing communications in the future, we will seek your explicit consent before using your data for that purpose.
  • Payment records: Retained for as long as required by UK financial regulations, typically a minimum of six years from the date of the transaction.
  • Automatically collected data: Technical data such as IP addresses, browser information, and page visit logs are retained for up to 12 months.

7. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored by our service providers is encrypted at rest in accordance with their security standards.
  • Access controls: Access to personal data is restricted to authorised personnel only, protected by authentication and role-based access controls.
  • No card data: Payment card information never touches our systems. All card data is handled exclusively by Stripe, a PCI DSS Level 1 certified payment processor.

While we take all reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the highest practical standard.

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. Where the breach poses a high risk to you, we will notify you directly without undue delay.

8. International Transfers

Your personal data may be processed in countries outside the United Kingdom by our third-party service providers. Our primary service providers are based in the United States (Stripe, Supabase, Vercel, Resend, Anthropic, OpenAI, Perplexity, xAI, DeepSeek, Microsoft, Exa, Tavily, Upstash) and the European Union (DataForSEO). Cloudflare and Google operate globally.

Where data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries with UK adequacy decisions, where the UK government has determined that the country provides an adequate level of data protection.
  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, which contractually require the receiving party to protect your data to the same standard as required under UK law.
  • Other appropriate safeguards as permitted by the UK GDPR.

9. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request that we delete your personal data, subject to any legal obligations that require us to retain certain records.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object: You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at info@swingintel.com. We will respond to your request within one month of receiving it, as required by the UK GDPR. If your request is particularly complex or we have received a number of requests from you, we may extend this period by up to two further months. If we need to extend the deadline, we will inform you within one month of receiving your original request and explain why the extension is necessary.

Your first request for a copy of your personal data is provided free of charge. For further copies, or for requests that are manifestly unfounded or excessive (for example, because of their repetitive character), we may charge a reasonable fee based on administrative costs or refuse to act on the request. In either case, we will explain our reasons.

If you are not satisfied with our response or believe that we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Automated Processing

Our AI Readiness Score (0–100) is generated through automated analysis of your website’s publicly accessible pages. This score is designed to help you understand your website’s visibility to AI search agents and is advisory in nature.

The AI Readiness Score is not used to make legally binding decisions about you, deny you access to our services, or determine your eligibility for any offer. It is one component of the broader analysis provided in your report.

If you have concerns about any automated assessment, you may contact us at info@swingintel.com to request a human review.

11. Cookies

Our website uses the following types of cookies:

Essential Cookies

These cookies are strictly necessary for the operation of our website. They cannot be disabled.

  • Supabase authentication cookies (sb-*): Maintain your login session and verify your identity. Set when you log in; expire at end of session or after the configured session duration.
  • API security token (api-guard): Protects against cross-site request forgery (CSRF) attacks. Set on each page visit; expires after 24 hours.
  • Cloudflare bot detection (cf_clearance, __cf_bm): Set by Cloudflare Turnstile on pages with forms (contact, enterprise inquiry) to distinguish humans from automated bots. Expire after 30 minutes of inactivity. See Cloudflare’s privacy policy for details.

Analytics Cookies

  • Google Analytics (_ga): Distinguishes unique visitors to our website. Expires after 2 years.
  • Google Analytics (_ga_*): Maintains session state. Expires after 2 years.

Google Analytics 4 automatically anonymises IP addresses before storage. We use analytics data in aggregate to understand how visitors use our website and to improve our services. Google may process this data on servers outside the UK — see Google’s privacy policy at policies.google.com/privacy.

We do not use advertising cookies, remarketing cookies, or any third-party marketing cookies.

Your Cookie Choices

Under the Privacy and Electronic Communications Regulations 2003 (PECR), non-essential cookies require your consent. We are in the process of implementing a cookie consent mechanism for our analytics cookies. In the meantime, you can control cookies through your browser settings. You can also opt out of Google Analytics specifically by installing the Google Analytics opt-out browser add-on.

12. Children’s Data

Our services are not directed at individuals under 18, and we do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make material changes to this policy, we will notify you by email (if we have your email address) or by displaying a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your data. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or the way we handle your personal data, please contact us:

  • Email: info@swingintel.com
  • Postal address: Next Layer Digital Ltd, trading as SwingIntel, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ
  • Company number: 16932866
  • ICO registration: ICO:00012757628