Privacy Policy

We are committed to protecting your personal information and ensuring transparency in how your data is collected, used, and stored. This Privacy Policy explains what information we gather, how we use it to improve our services, and the measures we take to keep it secure. By using our platform, you agree to the practices described in this policy.

Privacy Policy — TeamSwaps

This Privacy Policy explains how Teamswaps ("TeamSwaps", "we", "us", or "our") collects, uses, discloses, and protects Personal Data when you visit or use our website (https://de.teamswaps.com) and future production domains, products, and services (collectively, the "Services"). This Policy applies to: visitors to the website, registered users, clients, candidates, vendors, and any other users of our Services.

1. Controller & Contact

TeamSwaps

Email (privacy) : teamswapssupport@gmail.com

For legal notices : teamswapssupport@gmail.com

2. Scope & Legal Basis

We process Personal Data to provide Services, perform contracts, comply with legal obligations, pursue our legitimate interests (marketing, security, fraud prevention, business operations), and where required, with your consent. Where required by law (e.g., GDPR), we will rely on lawful bases: consent, contract, legal obligation, vital interests, public task, and legitimate interests as applicable.

3. Types of Data We Collect

Identity & Contact Data : Name, job title, company, business email, phone, postal address.

Account Data : username, password (hashed), profile images, user role, preferences.

Project & Business Data : company size, project description, budget, domain, uploaded documents (requirements, IP docs).

Payment & Billing Data : billing name, billing address, VAT/GST number, payment instrument metadata (Stripe/processor handles card numbers). We do not store card numbers on our servers unless you use a direct stored-pay method we host; instead, we use PCI-compliant third-party processors.

Candidate / Employee Data : resumes/CVs, work history, portfolio links, certifications, background-check results (where applicable and permitted).

Technical & Usage Data : IP address, device and browser identifiers, operating system, pages visited, timestamps, referrer, error logs.

Communications Data : emails, support tickets, messages, meeting recordings (if consented/allowed).

Cookies & Tracking : see Cookie Policy below.

Sensitive Data : we do not intentionally collect special category data (race, religion, health) except where required for compliance (e.g., background checks for specific roles) — in that case we will obtain explicit consent or process only as allowed by law.

4. How We Use Personal Data (Purposes)

We use data to :

Provide, operate, and maintain Services (match teams, manage projects).

Onboard, verify, and support clients and candidates.

Process quotes, invoices, payments, refunds.

Communicate confirmations, status, and service updates.

Improve Services, perform analytics, monitor and secure systems.

Advertising and marketing (with consent where required).

Regulatory, tax and audit compliance.

Enforce our Terms & Conditions and prevent fraud.

5. Sharing & Disclosure

We do not sell personal data. We share data with:

Service providers (Stripe, SendGrid, Calendly/Cal.com, AWS/GCP/Azure, analytics providers) under agreements requiring protection of data.

Business partners only to the extent necessary to deliver a service (e.g., EoR or payroll partners).

Legal & safety : when required by law or to protect rights (court orders, law enforcement).

Acquisitions : in the event of sale/merger, assets including Personal Data may transfer (we'll notify you).

6. Data Retention

We retain Personal Data only as long as necessary for the purposes described, or to comply with legal obligations (typically 3–7 years for billing and tax, candidate records for up to 3 years unless otherwise required). When retention is no longer necessary, data is securely deleted or anonymized.

7. International Transfers

We operate globally; data may be transferred outside your jurisdiction (including to the U.S., Canada, India, EU) to processors or affiliates. Where transfers occur, we use appropriate safeguards (standard contractual clauses, adequacy decisions, or other lawful mechanisms).

8. Security

We implement reasonable technical and organizational measures: TLS/HTTPS, encryption at rest for sensitive data, RBAC, least privileged access, MFA for critical admin accounts, regular security testing, logging, and incident response. However no transmission over the internet is 100% secure — notify privacy@teamswaps.com if you suspect a data breach.

9. Your Rights (GDPR/CCPA & Similar)

Depending on your jurisdiction you may have the right to:

Access your Personal Data.

Correct inaccurate or incomplete data.

Delete your Personal Data ("right to be forgotten").

Restrict or object to processing.

Port your data in a machine-readable format.

Withdraw consent at any time.

Opt out of sale of personal data (if applicable).

Requests : privacy@teamswaps.com. We may require verification; we will respond within statutory timelines (30 days for GDPR/CCPA; may extend with notice).

10. Cookies & Tracking

See our Cookie Policy (below). We only activate non-essential cookies after explicit consent in applicable jurisdictions.

11. Children

Our Services are for businesses; we do not knowingly collect Personal Data from children under 16. If you believe we have such data, contact privacy@teamswaps.com and we will delete it.

12. Third-party Links

Our site may contain links to third-party sites. We are not responsible for their privacy practices.

13. Automated Decisions & Profiling

We may use automated systems to match teams with client requirements (skill matching). Where such profiling produces significant legal effects, we will provide notice, rationale, and the right to human review where required by law.

14. Data Breach Notification

In the event of a data breach affecting your Personal Data, we will notify affected individuals and regulators as required by law without undue delay.

15. Changes to this Policy

We may update this Policy; we'll post the revised Policy with an updated “Last updated” date and, where required, obtain additional consent.

16. Contact

teamswapssupport@gmail.com

Appendix : Processors & Categories (examples)

Hosting : AWS / GCP / Azure (data center region indicated per client request).

Email : SendGrid / Postmark / Gmail (transactional).

Payments : Stripe / PayPal (PCI compliance).

Analytics : Google Analytics / Mixpanel (consent-managed).

Scheduling : Calendly / Cal.com.

Identity : Firebase Auth / Auth0.

Cookie Policy (Summary)

Essential cookies : session, auth, load balancing — required.

Analytics cookies : Google Analytics (activated on consent).

Functional cookies : calendar widgets, language prefs.

Marketing cookies : only with consent.

Banner options : Accept All | Reject All | Customize. Provide cookie management UI and link to privacy controls.