Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how Swin collects, uses, shares and protects your personal data when you use the Swin application (the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD).

Who we are

Swin is operated by Gonca Dev ("we", "us"), which acts as the data controller for the personal data described in this Policy.

For any privacy-related request, you can contact us at mauriciogn@gmail.com.

Personal data we collect

We collect only the data needed to run the Service:

Account and identity: when you sign up we use Firebase Authentication (Google). We store your name, e-mail address, language preference and a Firebase user identifier. Your password is handled exclusively by Firebase and is never stored on our servers.
Swimmer profiles: name, date of birth, sex, competition category (professional or Masters), club name (optional) and a profile photo URL (optional). A single account may manage more than one swimmer profile — for example a coach or a parent.
Training and performance data: training sessions (date, location, duration, distance and free-text notes), meets and meet results (entry and result times, placing, FINA points and notes) and goals.
Communications: messages you send through the in-app feedback channel and the notifications we generate for you.
Security and technical data: for each sign-in and sign-up attempt we record the IP address, the browser/device user-agent, the outcome and a timestamp, to protect accounts against unauthorised access.

How we use your data and legal bases

We use your personal data for the following purposes and on the following legal bases:

To provide and operate the Service — managing your account, profiles, training, meets and goals: performance of a contract (GDPR Art. 6(1)(b); LGPD Art. 7, V).
To keep the Service secure and investigate abuse — login/sign-up auditing and error diagnostics: our legitimate interests and compliance with legal obligations (GDPR Art. 6(1)(f) and (c); LGPD Art. 7, IX and II).
To respond to your feedback and support requests: performance of a contract and our legitimate interest in supporting users.
To send in-app notifications about your meets, goals and news: our legitimate interest; these are shown inside the app only.

Sensitive data and minors

To assign the correct competition category we record each athlete's sex and date of birth. We do not request health, biometric, racial or other sensitive data, and you should not enter such information in free-text fields.

Accounts must be created by an adult. If you add a swimmer profile for a minor (for example as a parent or coach), you confirm that you have authority to do so and, where required, the consent of the minor's legal guardian. We rely on you to provide and manage that data lawfully.

Sharing and service providers

We do not sell your personal data. We share it only with service providers (processors) that help us operate the Service:

Google Firebase — authentication and identity management.
Bugsnag (SmartBear) — error and crash diagnostics. Technical request data and, when an error occurs, your user identifier, e-mail and name may be included.

Public data such as the ABMN national meet calendar and World Aquatics (FINA) reference times is imported into the Service for your convenience; we do not send any of your personal data to those sources.

International transfers

Some providers (Firebase, Bugsnag) may process data outside your country, including outside Brazil and the European Economic Area. Where this happens, transfers are protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the providers' own compliance programmes.

Cookies and local storage

Swin does not use advertising or tracking cookies and does not run third-party analytics. Authentication relies on a token stored in your browser solely to keep you signed in.

Data retention

We keep your account and activity data for as long as your account is active. Sign-in and sign-up audit records are automatically deleted after 90 days. When you delete your account, we erase your data as described below.

Your rights

Subject to the GDPR and the LGPD, you have the right to access your data; to correct inaccurate data; to delete your data; to receive a portable copy; to restrict or object to certain processing; and to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority — the ANPD in Brazil, or your local data-protection authority in the EU/EEA.

You can exercise most of these rights directly in the app, or by contacting us at mauriciogn@gmail.com.

Deleting your account

You can delete your account at any time from within the app. This permanently removes your Firebase login and all swimmer profiles, training sessions, meets, results, goals, feedback and notifications associated with your account. Security audit logs are removed automatically within the retention period described above.

Security

Access to the Service requires authentication. Data is transmitted over encrypted connections and stored in a managed database with restricted access. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.

Changes to this Policy

We may update this Policy from time to time. We will revise the "last updated" date and, for material changes, provide a notice in the app.

Contact

Questions about this Policy or your data: mauriciogn@gmail.com. Data controller: Gonca Dev.