Last updated: 22 June 2026
SwiftKeys ("we", "us", or "our") is a typing, spelling, and grammar trainer available at https://swiftkeys.app/. This Privacy Policy explains what personal information we collect, why we collect it, how we protect it, and what choices you have.
SwiftKeys is designed to be offline-first. You can use the full free tier without creating an account — all practice data is stored locally on your device and never sent to us unless you sign in and enable cloud sync.
By using SwiftKeys you agree to the practices described in this Policy. If you do not agree, please discontinue use and contact us to request deletion of any data we may hold about you.
We collect data in two contexts: guest (offline) mode and signed-in (cloud sync) mode.
When you use SwiftKeys without signing in, no data leaves your device. All lesson progress, settings, and typing statistics are stored solely in your browser's localStorage. We do not receive or process this data.
When you create an account or sign in, we collect the following:
| Category | Data | Required? | Purpose |
|---|---|---|---|
| Account identity | Display name, email address, hashed password | Required | Create and secure your account; display your name in leaderboards and races |
| Profile details | Date of birth Optional Gender Optional Country Optional | Optional | Demographic analytics (aggregate only); age verification for Children's Privacy compliance |
| Progress & statistics | Lessons completed, stars earned, best WPM, best accuracy, per-key and per-word statistics, achievements, lesson history | Required for sync | Sync your progress across devices; power adaptive lesson selection; populate leaderboards |
| Settings & preferences | Sound theme, volume, ambient mode, hand display, finger colors, locale | Required for sync | Restore your preferences on any device |
| Subscription data | Plan type (monthly / annual), subscription start date, premium status | Required for Premium | Grant access to Premium lessons; record billing history |
| Usage analytics | Lesson completion events, feature interactions, session timestamps | Automatic on sign-in | Aggregate reporting for product improvement; admin dashboard KPIs (never sold) |
| Technical data | Browser type and version (if sent by browser), approximate timezone from locale | Automatic | Debugging, compatibility |
We do not collect: keystrokes or text you type during lessons (only aggregate speed/accuracy statistics), payment card numbers (billing is handled by the payment processor), precise geolocation, or microphone/camera data. The Web Audio API is used locally for typing sounds — no audio data leaves your device.
We use the information we collect for the following purposes:
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
Signed-in user data is stored in Supabase, a managed cloud database platform. Supabase infrastructure is hosted on AWS (regions vary; see supabase.com/security). Guest data lives only in your browser's localStorage and is never transmitted.
We protect your data through the following measures:
We retain your account data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, except where retention is required by law (e.g. financial records for subscription history, which may be kept for up to 7 years).
Usage analytics events may be retained in aggregate, anonymised form indefinitely after personal data is deleted.
Guest-mode localStorage data is deleted when you clear your browser data; we have no copy of it and cannot delete it on your behalf.
Despite these measures, no internet transmission or storage system is 100% secure. We encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorised access to your account.
Depending on your location, you may have the following rights regarding your personal data. EU/EEA residents have these rights under the General Data Protection Regulation (GDPR); UK residents under UK GDPR; California residents under CCPA. Residents of other jurisdictions may have similar rights under local law.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Receive your data in a structured, machine-readable format (e.g. JSON).
Ask us to restrict processing of your data in certain circumstances.
Object to processing based on legitimate interests or direct marketing.
Request human review of any decision made solely by automated processing.
Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing your request.
If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data-protection supervisory authority (e.g. the Irish DPC, the UK ICO, or the relevant EU national authority).
SwiftKeys uses browser localStorage (not traditional cookies) to store app state on your device. Here is what is stored and why:
| Key | Contents | Purpose |
|---|---|---|
swiftkeys_app |
Active profile name, all profile progress data (lessons, stats, settings, achievements, subscription status) | Core offline functionality — persists your progress between visits without an account |
swiftkeys_bots_v3 |
Bot player data for race mode | Makes race opponents consistent across sessions |
This data stays entirely on your device. It is not transmitted to us unless you sign in and trigger a cloud sync. You can clear it at any time by clearing your browser's site data, or by deleting your profile within the app.
When you sign in, Supabase Auth sets a short-lived session token in localStorage to keep you authenticated. This token is used only to make authenticated API requests to your own data. It is not used for tracking or advertising.
We do not use third-party tracking cookies, advertising cookies, or analytics cookies from services such as Google Analytics.
SwiftKeys integrates with the following third-party services when you use cloud features:
We use Supabase for user authentication, cloud database storage, and real-time features (online races, leaderboards). Supabase processes personal data on our behalf as a data processor under a Data Processing Agreement. Their privacy policy is available at supabase.com/privacy.
Premium subscriptions will be processed through a third-party payment provider (planned: Stripe). Payment card numbers and billing details are handled entirely by the payment processor and are never stored on our servers. When this integration is live, we will update this section with the processor's name and a link to their privacy policy.
SwiftKeys offers "Continue with Google" as an optional authentication method. If you use this option, Google will share your name and email address with us through Supabase Auth. We do not receive your Google password. Google's privacy policy governs their handling of your data: policies.google.com/privacy.
No advertising networks, social media tracking pixels, or data brokers are currently used. First-party promotional images (if any) are served directly from our own domain.
SwiftKeys is a general-audience educational application. We do not knowingly collect personal data from children under the age of 13 (or the applicable minimum age in your jurisdiction — e.g. 16 in several EU member states under GDPR).
If you are under the applicable minimum age, please use SwiftKeys in guest mode only (no account required) or have a parent or guardian create an account on your behalf and supervise your use.
If you are a parent or guardian and believe your child has created an account and provided personal data without your consent, please contact us at [email protected]. We will promptly investigate and, where confirmed, delete the child's data.
The optional date-of-birth field collected during sign-up is used, in part, to identify accounts that may belong to users below the minimum age so we can handle them appropriately.
We may update this Privacy Policy from time to time to reflect changes in the app, applicable law, or our data practices. When we make material changes, we will:
We encourage you to review this page periodically. Your continued use of SwiftKeys after the effective date of an updated Policy constitutes acceptance of the changes, to the extent permitted by applicable law.
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please get in touch:
SwiftKeys — Data Controller
Email: [email protected]
Website: https://swiftkeys.app/
We aim to respond to all privacy enquiries within 30 days. For urgent matters (suspected data breach, child-safety concern), please mark your email subject line URGENT — Privacy.