Swann Retail Go to App →

Privacy Policy

Effective date: 1 July 2026 · Supersedes the version dated 19 June 2026

This Privacy Policy (this “Policy”) describes how SWANN SOFTWARE LIMITED, a company organised under the laws of The Commonwealth of The Bahamas with its principal place of business in Freeport, Grand Bahama, The Bahamas (“Swann Software”, “we”, “us”, or “our”), collects, uses, discloses, retains, and protects personal information in connection with the Swann Retail software-as-a-service point-of-sale and back-office platform and its related websites, applications, and services (collectively, the “Service”).

This Policy forms part of, and is incorporated by reference into, the End User License Agreement (the “Agreement”) between Swann Software and each merchant that uses the Service. By accessing or using the Service, you acknowledge that you have read and understood this Policy.

Table of contents

  1. 1. Scope of this Policy
  2. 2. Definitions
  3. 3. Our Roles: Controller and Processor
  4. 4. Information We Collect
  5. 5. Sources of Information
  6. 6. How We Use Information
  7. 7. Legal Bases for Processing
  8. 8. Cookies and Similar Technologies
  9. 9. How We Share Information
  10. 10. Infrastructure Providers and Subprocessors
  11. 11. The Loyverse Integration
  12. 12. The QuickBooks Online (Intuit) Integration
  13. 13. Payment Information
  14. 14. Internal Access Controls and Support Access
  15. 15. Aggregated and De-Identified Data
  16. 16. International Data Transfers
  17. 17. Data Retention
  18. 18. Security; Incident Response
  19. 19. Your Rights and Choices
  20. 20. Requests Concerning a Merchant’s Customer Data
  21. 21. Automated Decision-Making and Profiling
  22. 22. No Sale of Personal Information
  23. 23. Children
  24. 24. Third-Party Websites and Services
  25. 25. Changes to this Policy
  26. 26. Complaints
  27. 27. Contact Us

1. Scope of this Policy

This Policy applies to personal information processed in connection with:

  • the marketing website at retail.swannapps.com;
  • the web application at app.retail.swannapps.com;
  • the Swann Retail mobile application for tablets and other devices;
  • the help and documentation site at help.retail.swannapps.com;
  • locally installed utilities provided for use with the Service, such as the Swann Retail print-relay agent; and
  • our support, sales, and other communications with merchants and their staff.

This Policy does not apply to any third-party website, product, or service, including Third-Party Services a merchant chooses to connect to the Service (see Sections 11, 12, and 24), which are governed by their own privacy policies.

2. Definitions

  • Merchant” means the business that has registered for and uses the Service under the Agreement.
  • Authorised User” means an individual whom a Merchant authorises to access and use the Service on its behalf, such as an owner, employee, or contractor.
  • Merchant Data” means the data a Merchant or its Authorised Users submit to, create in, or import into the Service, including the Merchant’s product catalog, inventory, orders, receipts, deposits, and customer records.
  • Customer Personal Data” means personal information about a Merchant’s own customers contained in Merchant Data, such as a customer’s name and contact details.
  • personal information” (or “personal data”) means information relating to an identified or identifiable natural person.

3. Our Roles: Controller and Processor

3.1 Swann Software as controller. We act as a data controller — that is, we determine the purposes and means of processing — for: (a) the account and identity data of the individuals who register for and use the Service (merchant owners and Authorised Users); (b) technical, security, and usage data generated by the operation of the Service; (c) our support, billing, and business communications; and (d) visitor data on our marketing and documentation websites.

3.2 Swann Software as processor. We act as a data processor — that is, we process personal information on the Merchant’s behalf and instructions — for Customer Personal Data and for personal information about the Merchant’s staff contained in Merchant Data. For that data, the Merchant is the controller and is responsible for: (a) having a lawful basis to collect and use it; (b) providing any required notices to its customers and staff; and (c) responding to rights requests from its customers and staff, with our assistance as described in Section 20.

4. Information We Collect

4.1 Account and identity data. Authentication for the Service is handled by Google Firebase Authentication. When you sign up or sign in with e-mail and password or with a Google account, we receive and store your e-mail address, your name if provided, a profile photo URL if provided, and a Firebase user identifier. We also store account status information, such as whether your e-mail address has been verified.

4.2 Merchant business and transaction data. We store the Merchant Data you create or import to run your business, including your product catalog and categories, inventory levels and adjustments, orders and receipts, sale line items and totals, tender types and amounts recorded at the register, deposits and customer balances, till and cash-management records (opening floats, cash movements, and end-of-day counts), and your configuration settings such as tax rates, discounts, and staff roles.

4.3 Register staff data. Where the Merchant configures staff access to the register, we store the staff member’s display name, role and permission assignments, register PIN codes used to control register access, and records of register activity attributable to a staff member (for example, which staff member rang a sale or opened the cash drawer).

4.4 Customer Personal Data. Where the Merchant creates customer records in the Service or imports them through the Loyverse integration, we process Customer Personal Data on the Merchant’s behalf, which may include a customer’s name, e-mail address, phone number, postal address, notes, and purchase and balance history with that Merchant.

4.5 Integration credentials. When you connect an integration, we store the credentials needed to maintain the connection — your Loyverse access token, and your QuickBooks Online (Intuit) OAuth access and refresh tokens and company identifier (realmId). These are stored encrypted at rest in production and are never returned in any API response.

4.6 Technical, device, and log data. The operation of the Service generates technical data such as IP addresses, request logs, timestamps, device and browser information, error and diagnostic records, and security event logs. Our infrastructure providers (Cloudflare for the websites, Amazon Web Services for the application) process this data to deliver, monitor, and secure the Service.

4.7 Support and communications data. When you contact us — for example at support@swannapps.com or privacy@swannapps.com — we collect the contents of your message, your contact details, and any attachments you choose to send, and we retain our correspondence with you.

5. Sources of Information

We collect personal information:

  • Directly from you, when you register, configure your business, ring sales, create records, or communicate with us;
  • From your Authorised Users and staff, as they use the Service under your account;
  • From the integrations you connect, such as customer, catalog, inventory, and receipt records imported from your Loyverse account and chart-of-accounts data read from your QuickBooks Online company;
  • From your sign-in provider, such as Google, when you choose to authenticate with it; and
  • Automatically, through the technical operation of the Service as described in Section 4.6.

6. How We Use Information

We use personal information for the following purposes:

  • To provide the Service — to authenticate users, operate the register, catalog, inventory, orders, deposits, till management, receipt printing, and reporting, and to sync the integrations you choose to connect;
  • To secure the Service — to enforce tenancy isolation between merchants, detect, prevent, and investigate fraud, abuse, and security incidents, and maintain audit records of security-relevant activity;
  • To support you — to respond to enquiries, diagnose problems, and provide requested assistance, including limited access to your account data where needed to resolve your issue (see Section 14);
  • To operate, improve, and develop the Service — to monitor performance, fix defects, understand how features are used, and develop new features, including through the use of aggregated and de-identified data as described in Section 15;
  • To communicate with you — to send service, security, and administrative communications, and to notify you of material changes to the Service, the Agreement, or this Policy;
  • To comply with law — to meet our legal, tax, accounting, and regulatory obligations and respond to lawful requests from competent authorities; and
  • To protect rights — to establish, exercise, or defend legal claims, and to enforce the Agreement.

8. Cookies and Similar Technologies

The Service uses only strictly necessary cookies and similar technologies (such as browser local storage) for authentication, session management, security, and remembering essential preferences. We do not use advertising or ad-tracking cookies, and we do not embed third-party analytics or marketing trackers in the application. Our infrastructure providers may set technical cookies necessary to deliver and protect the websites (for example, Cloudflare security cookies). Because these technologies are essential to providing the Service, they cannot be disabled while using it; you can clear them at any time through your browser or device settings, which may end your session.

9. How We Share Information

We share personal information only in the following circumstances:

  • With the integrations you connect — Loyverse and QuickBooks Online (Intuit) — only as described in Sections 11 and 12 and only for as long as the connection remains enabled;
  • With our infrastructure providers and subprocessors listed in Section 10, which process data on our behalf to host, deliver, and secure the Service;
  • With professional advisers — lawyers, accountants, auditors, and insurers — under duties of confidentiality, where reasonably necessary;
  • With authorities where we believe in good faith that disclosure is required by law, legal process, or a binding request of a competent authority, or is necessary to protect the rights, property, or safety of Swann Software, our merchants, or the public; and
  • With a successor in connection with a merger, acquisition, financing, corporate reorganisation, or sale of all or part of our business or assets, in which case personal information may be transferred as a business asset subject to protections materially consistent with this Policy.

We do not otherwise sell, rent, or disclose personal information to third parties.

10. Infrastructure Providers and Subprocessors

We use a small set of established infrastructure providers to operate the Service. Each acts as a processor or subprocessor under its own contractual and security commitments:

  • Amazon Web Services, Inc. (AWS) — application hosting, database (Amazon DynamoDB), search indexing, message queuing, and e-mail delivery, in the United States (us-east-1 region);
  • Google LLC (Firebase Authentication) — user authentication and identity management;
  • Cloudflare, Inc. — website hosting, content delivery, DNS, and security for our websites; and
  • Intuit Inc. — solely where the Merchant connects the QuickBooks Online integration, as described in Section 12.

We may engage additional or replacement subprocessors from time to time. Where we do, we will update this Policy and, for changes materially affecting the processing of Customer Personal Data, take reasonable steps to inform merchants in advance.

11. The Loyverse Integration

Where the Merchant connects Loyverse, we use the Merchant’s access token to read from the Merchant’s Loyverse account: items, categories, inventory, customers (name, e-mail, phone, address, and notes), and sales receipts. Receipts and catalog data are imported read-only. The Merchant can disconnect Loyverse at any time; on disconnect we clear the stored token and connection details and stop syncing. Loyverse itself is operated by a third party under its own terms and privacy policy, and the Merchant’s relationship with Loyverse is independent of Swann Software.

12. The QuickBooks Online (Intuit) Integration

The Service offers an optional accounting integration with QuickBooks Online. Where the Merchant connects QuickBooks:

  • What we access (read): the Merchant’s QuickBooks chart of accounts, so the Merchant can map sales, taxes, and discounts to the correct general-ledger accounts;
  • What we write: summarised accounting entries (journal entries) that post the Merchant’s retail activity for a closed period into QuickBooks. We do not read the Merchant’s QuickBooks customers, invoices, or other records beyond what is needed for account mapping and posting;
  • Credentials: we store the Intuit OAuth access and refresh tokens and the company identifier (realmId), encrypted at rest. They are used solely to maintain the authorised connection and are never sold or shared; and
  • Disconnecting: the Merchant can disconnect QuickBooks at any time. On disconnect we make a best-effort call to revoke the token with Intuit and then delete the stored tokens and company identifier from our systems.

Our use of information received from Intuit is limited to the scopes the Merchant authorises during the QuickBooks connection and to providing the accounting-sync feature the Merchant enabled. We do not use Intuit data for advertising, and we do not sell or transfer it to third parties.

13. Payment Information

Swann Software does not process card payments and does not collect or store cardholder data — full card numbers, security codes (CVV/CVC), PINs, or magnetic-stripe or chip data. Card and other electronic payment acceptance takes place on the Merchant’s separate payment terminal or payment provider, outside the Service, under the Merchant’s own agreements with those providers. The Service records only the tender type and amount of a completed sale for the Merchant’s business records. Merchants must not enter cardholder data into any field of the Service, including free-text and note fields.

14. Internal Access Controls and Support Access

Access to merchant accounts and Merchant Data by Swann Software personnel is restricted to what is needed to operate, secure, and support the Service. The Service enforces tenancy isolation so that one merchant’s data is not visible to another merchant. Where our staff use internal tools to view a merchant’s account in order to provide support or investigate a problem, that access operates in a read-only support mode, is restricted to designated personnel behind a staff-only access gate, and is recorded in audit logs that identify who accessed which merchant and when.

15. Aggregated and De-Identified Data

We may aggregate, anonymise, or otherwise de-identify information — including information derived from Merchant Data and from the technical operation of the Service — so that it no longer identifies any merchant, user, or natural person. We use aggregated and de-identified data to operate, analyse, improve, and develop our products and services, to produce statistics and benchmarks, and for other lawful business purposes, as further described in the Agreement. We commit to maintaining such data in de-identified form and not attempting to re-identify it, except as necessary to test the effectiveness of our de-identification.

16. International Data Transfers

Application data is stored with Amazon Web Services in the United States (us-east-1 region) and is encrypted at rest in production. Because our providers (AWS, Google/Firebase, Intuit, and Cloudflare) operate internationally, personal information — including Customer Personal Data — may be transferred to, stored in, and processed in countries other than The Bahamas or the country in which it was collected, including the United States, and those countries may have data-protection rules different from those of your home jurisdiction. Where we transfer personal information internationally, we rely on our providers’ contractual commitments and recognised security certifications to protect it. Merchants serving customers in other jurisdictions remain responsible for any additional cross-border obligations that apply to them as controllers of their own customer data.

17. Data Retention

We retain personal information according to the following principles:

  • Account and Merchant Data is retained for as long as the Merchant’s account is active and as needed to provide the Service;
  • Integration credentials (Loyverse tokens; Intuit tokens and company identifier) are retained until the Merchant disconnects the integration, at which point they are deleted as described in Sections 11 and 12;
  • Transaction records (orders, receipts, and related accounting postings) may be retained for longer periods where required for legal, tax, accounting, audit, or dispute-resolution purposes;
  • Technical and security logs are retained for limited operational periods appropriate to monitoring, diagnostics, and security investigation; and
  • On account closure, we delete or de-identify personal information within a reasonable period, subject to the legal retention needs above, routine backup cycles, and the data-export window described in the Agreement.

18. Security; Incident Response

We use administrative, technical, and organisational safeguards appropriate to the nature of the data we process, including: encrypted transport (HTTPS/TLS) for data in transit; encryption at rest for production data; tenancy isolation between merchants enforced at the application layer; scoped, role-based access controls for both merchant staff and Swann Software personnel; storage of integration credentials such that they are encrypted at rest and never exposed in API responses; and audit logging of security-relevant activity, including internal support access.

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting personal information for which we are responsible, we will investigate, take appropriate remedial measures, and notify affected merchants and any competent authority where and when required by Applicable Law. Merchants are responsible for safeguarding their own account credentials, register PINs, devices, and local networks, and for the access they grant to their staff.

19. Your Rights and Choices

Under the Data Protection (Privacy of Personal Information) Act of The Bahamas and, depending on your location, other applicable data-protection laws, you may have some or all of the following rights in respect of personal information for which we are the controller:

  • Access — to ask whether we process your personal information and obtain a copy;
  • Correction — to ask us to correct inaccurate or incomplete information;
  • Deletion — to ask us to delete your personal information, subject to legal retention requirements;
  • Portability — to receive certain information in a structured, machine-readable form;
  • Objection and restriction — to object to or ask us to restrict certain processing; and
  • Withdrawal of consent — where processing is based on consent, to withdraw it at any time.

To exercise any of these rights, contact us at privacy@swannapps.com. We may need to verify your identity before acting on a request, and we will respond within the time required by Applicable Law. These rights are subject to limitations and exemptions under Applicable Law; where we decline a request, we will explain why. Merchants can also directly view and edit much of their account and business data within the Service.

20. Requests Concerning a Merchant’s Customer Data

We process Customer Personal Data as a processor on the relevant Merchant’s behalf. If you are a customer of a business that uses Swann Retail and you wish to exercise rights over the information that business holds about you, please direct your request to that business, which controls your data. If a request concerning Customer Personal Data is made directly to us, we will refer it to the relevant Merchant and provide the Merchant reasonable assistance to respond, as required by Applicable Law and the Agreement.

21. Automated Decision-Making and Profiling

We do not use personal information to make automated decisions that produce legal effects concerning you or that similarly significantly affect you, and we do not carry out profiling of merchants’ customers.

22. No Sale of Personal Information

We do not sell personal information, we do not rent it, and we do not share it with third parties for cross-context behavioural advertising. This applies equally to merchants’ personal information and to Customer Personal Data.

23. Children

The Service is a business tool intended for use by businesses and their authorised staff. It is not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact privacy@swannapps.com and we will take appropriate steps to delete it.

25. Changes to this Policy

We may update this Policy from time to time to reflect changes in the Service, our practices, or Applicable Law. When we do, we will post the updated Policy with a revised effective date and, for material changes, take reasonable steps to notify you in advance, such as by e-mail or an in-Service notice. Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of it.

26. Complaints

If you have a concern about how we handle personal information, please contact us first at privacy@swannapps.com so that we can try to resolve it. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of The Bahamas or, depending on your location, with your local data-protection authority.

27. Contact Us

Privacy questions and requests: privacy@swannapps.com.
Legal notices: legal@swannapps.com.
SWANN SOFTWARE LIMITED, Freeport, Grand Bahama, The Commonwealth of The Bahamas.

This Policy is governed by the laws of The Commonwealth of The Bahamas.