SwarmForge

Privacy policy

Last updated: 2026-05-12

Data controller

The data controller for personal data collected on this site is {{LEGAL_ENTITY_NAME}}, registered office: {{LEGAL_ENTITY_ADDRESS}}.

Data Protection Officer (DPO): dpo@swarmforge.fr.

Our privacy stance

This site is designed to collect the minimum of personal data:

  • No third-party cookies are set.
  • No third-party services (CDN, fonts, externally hosted videos) are loaded.
  • No advertising pixels, no remarketing scripts.
  • Server logs (nginx) are anonymised at collection: the last octet of IP addresses is zeroed before writing to disk. Logs are kept for 30 days, then automatically erased.

We use a cookieless internal audience-measurement tool (Plausible Analytics, hosted on our own infrastructure) consistent with the French CNIL’s consent-free guidance. No data is shared with any third party.

Demo-request form

The form published on app.swarmforge.fr allows you to request a platform demo. Submitting the form involves collecting the following data:

  • Data collected: name, work email address, firm or company (optional), role (optional), free-text message (optional).
  • Purpose: to organise and conduct the requested demo; if you have explicitly accepted, to send you product communications (news, invitations).
  • Legal bases:
    • pre-contractual measure (organising the demo);
    • explicit consent (tick-box, GDPR art. 6.1.a) for marketing communications.
  • Recipients: SwarmForge staff handling your enquiry.
  • Retention:
    • active lead (before demo + 12 months): kept on our infrastructure;
    • no follow-up: 3 years after last contact;
    • marketing consent withdrawal: applied immediately;
    • erasure on request: within 30 days.

Each consent (T&Cs + marketing) is timestamped, versioned and stored in an immutable append-only ledger. A withdrawal appears as a new entry, never as a modification of an earlier entry. You can request an export of your consent history at any time.

Visitor account (Google OAuth)

You can create a visitor account on accounts.swarmforge.fr by signing in with Google. This account lets you track the status of your demo request, manage your GDPR consents, and self-delete your data at any time.

  • Data collected at sign-in: opaque Google identifier (sub), verified email address, name, profile picture URL, preferred language. We do not store your Google password or access tokens; the identity token (id_token) is verified then discarded.
  • Purpose: tracking your demo request, managing your communication preferences, exercising your GDPR rights.
  • Legal basis: explicit consent (GDPR art. 6.1.a) at the first Google sign-in.
  • Strictly-necessary cookies: sw_oauth_tx (10 minutes, duration of the OAuth round-trip) and sw_sess (30 days, authenticated session). No cookie banner is required for these two cookies (CNIL guidance for strictly-necessary cookies).
  • Retention: as long as your account exists. You can delete it at any time from accounts.swarmforge.fr/en/me/. Deletion erases your demo requests, linked consents, and your session. A cryptographic trace (SHA-256 hash of your email and your Google sub) is kept as proof of erasure for GDPR audit purposes.

Unsubscribing

Every marketing message contains a one-click unsubscribe link. You can also:

  • click the native Unsubscribe button in your mail client (Gmail, Outlook, Apple Mail) — we implement RFC 8058;
  • write to dpo@swarmforge.fr with subject “unsubscribe”.

Sub-processors

The following sub-processors may process your personal data, strictly within the scope of their assignment:

Sub-processorPurposeData locationDPA
Google Ireland Limited (Google Workspace)Receiving and sending email from contact@swarmforge.fr and dpo@swarmforge.frEUWorkspace DPA
Google Ireland Limited (Google Identity Services)Verifying identity during the Google OAuth handshake — only at sign-inEU / internationalGoogle API Services User Data Policy

No other sub-processor is used. The website and platform servers are hosted in France (Côte d’Azur) on dedicated infrastructure controlled by SwarmForge.

Your GDPR rights

Under the EU General Data Protection Regulation (2016/679), you have:

  • right of access, rectification, and erasure;
  • right to restrict and object to processing;
  • right to data portability;
  • right to define post-mortem directives;
  • right not to be subject to automated decision-making;
  • right to withdraw your consent at any time.

To exercise these rights, write to dpo@swarmforge.fr. You will receive a response within one month.

Recourse

If after contacting us you consider your rights are not respected, you may lodge a complaint with the CNIL (French data protection authority): 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr.