Privacy policy
1. Data Controller
The data controller for personal data processed through this website and purchase process is:
Avastorm Oy
Finland
Email: hello@swiftcheckout.io
2. The Plugin Collects No Data
Swift Checkout for WooCommerce operates entirely within your own WordPress/WooCommerce installation. It:
- Sends no usage data to Avastorm or any third party.
- Makes no external API calls (no Google Fonts, no analytics endpoints, no CDN pings).
- Performs no deactivation surveys and sends no admin-level telemetry.
- Does not track your store's customers in any way.
Your customers' personal data (names, addresses, payment details) stays on your server. You, as the WooCommerce store operator, are the data controller for your customers' data. We have no access to it.
3. Data We Collect from You (as a Customer)
When you purchase a Swift Checkout license, we collect and process the following personal data:
| Category | Data | Purpose | Legal basis (GDPR) |
|---|---|---|---|
| Account | Name, email address | Deliver license key, send receipts and renewal reminders | Contract performance (Art. 6(1)(b)) |
| Payment | Billing address, VAT number (optional) | Invoicing, tax compliance | Contract performance; Legal obligation (Art. 6(1)(b)(c)) |
| Payment card | Not stored by us — processed by our payment provider | Subscription billing | Contract performance (Art. 6(1)(b)) |
| License usage | Domain name(s) registered to your license key | License validation, abuse prevention | Legitimate interests (Art. 6(1)(f)) |
| Support | Email correspondence, technical details you share | Resolving your support requests | Contract performance; Legitimate interests (Art. 6(1)(b)(f)) |
| Website | Server access logs (IP address, browser, page visited) | Security monitoring, error diagnosis | Legitimate interests (Art. 6(1)(f)) |
4. Payment Processing
Card payments are processed by our payment provider Stripe. We do not store card numbers, CVV codes, or full payment details on our servers. Your payment data is subject to the payment provider's own privacy policy. We share only the minimum data necessary (amount, billing address) to complete the transaction.
5. Cookies and Tracking
swiftcheckout.io uses only essential cookies required for the checkout session and login state. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics.
If we add any non-essential cookies in future, we will update this policy and obtain your consent first.
6. Data Sharing
We do not sell, rent, or trade your personal data. We share your data only with:
- Payment processor Stripe — to process subscription payments (acting as data processor).
- Transactional email provider — to deliver license keys, receipts, and support replies (acting as data processor).
- Authorities — if required by applicable Finnish or EU law (e.g., tax authorities, court order).
All third-party processors we use are contractually bound to handle your data in compliance with GDPR.
7. International Transfers
Avastorm Oy is based in Finland (EU). We process your data within the European Economic Area (EEA) wherever possible. If any processor transfers data outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decision).
8. Data Retention
- Account and license data — retained for the duration of your subscription plus 5 years, as required by Finnish accounting law.
- Invoices and payment records — retained for 7 years to comply with Finnish bookkeeping requirements.
- Support correspondence — retained for 2 years after the case is closed.
- Server access logs — retained for 90 days, then automatically deleted.
9. Your Rights Under GDPR
If you are in the EU or EEA, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (subject to legal retention obligations).
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email hello@swiftcheckout.io. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or the supervisory authority in your country of residence.
10. Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), access controls, and regular security reviews. No system is completely secure; in the event of a breach affecting your rights, we will notify you and the relevant supervisory authority as required by GDPR.
11. Children
Swift Checkout is a business-to-business product intended for WooCommerce store operators. We do not knowingly collect personal data from individuals under 16 years of age. If you believe a minor has submitted data to us, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to the address on file. The "Effective date" at the top of this page will always reflect the most recent version. We encourage you to review this policy periodically.
13. Contact
For any privacy-related questions or to exercise your rights, contact us at:
Avastorm Oy
Email: hello@swiftcheckout.io
Finland