Privacy Policy

Last updated: July 6, 2025

This Privacy Policy explains how Sjors van Holst. ("Swiftbite", "we", "us", or "our") collects, uses and protects your information when you visit icons.swiftbite.app or use any associated API services (collectively, the "Service").

1. Information we collect

• Contact-form data. When you request an API key, you submit your name, email address, company and use-case description via a Formspree form. We store this information so we can review your request, issue an API key and follow-up when new models become available.
• API-usage data. When an issued key is used, we log the anonymised user identifier (UUID), the requested icon and the action performed (generated or streamed) in Supabase. We do not store or associate IP addresses with these logs.
• Runtime logs. Vercel automatically records short-lived (≈3 day) logs that may include generic request metadata but are not tied to specific IP addresses by us.
• Anonymous cache. To speed up future requests, we store a small cache entry that pairs the sanitised input (e.g. “?title=Pizza Margherita”) with the resulting icon identifier. These entries contain no user identifiers and cannot be linked back to any individual.
• Analytics. We run a self-hosted instance of Plausible Analytics located in the EU. Plausible is privacy-focused and does not rely on cookies or personally identifiable information.
• Error reporting. We use Sentry Cloud to capture uncaught errors. Sentry may receive anonymised technical details (e.g. stack traces, browser version) necessary to diagnose issues.

2. How we use your information

We process the data above to:

• Provide and maintain the Service and API;
• Evaluate and approve API-key requests;
• Monitor performance and prevent abuse (rate-limits, fraud, spam);
• Improve our icon models and website stability;
• Inform you (very occasionally) when major model updates are released;
• Comply with legal obligations.

3. Legal bases for processing

Under the EU General Data Protection Regulation (GDPR) we rely on:

• Performance of a contract - to deliver the API and respond to your requests;
• Consent - for the information you voluntarily submit in the contact form;
• Legitimate interest - to secure and improve the Service (analytics, error logs).

4. Third-party processors

We share data only with the providers below, each of which processes it on our behalf:

• Plausible Analytics (self-hosted in the EU) - anonymous usage statistics;
• Sentry Cloud (EU region) - error monitoring data;
• Supabase (EU region) - API-usage database;
• BunnyCDN (EU POPs) - storage and delivery of icon images;
• Formspree - secure handling of contact-form submissions;
• Vercel (EU POPs) - hosting and transient runtime logs.

5. Data retention

• Contact-form and API-key data: retained until you request deletion or we end the beta programme.
• API-usage logs: kept for up to 12 months for debugging and abuse prevention.
• Anonymous cache entries: retained until they are no longer useful (typically overwritten automatically when models or icons are updated).
• Analytics and error logs: retained for no longer than necessary to fulfil the purposes outlined above.

6. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. To exercise these rights, email us at swiftbite@sjorsvanholst.nl. We will respond within 30 days.

7. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit, least-privilege access controls and regular security reviews.

8. Children

The Service is not directed at children, but we do not knowingly collect data that could identify a child. Parents who believe we have inadvertently collected such data may contact us to request deletion.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Continued use of the Service after an update constitutes acceptance of the revised policy.

10. Contact