CardSwap Privacy Policy

Effective date: May 23, 2026 Provided by: [Company name — to be finalized]

CardSwap is built to be private by design. This policy explains, in plain terms, exactly what the app does and does not do with your information.

The short version

• CardSwap does not collect, transmit, or sell your personal data.
• There are no analytics, no tracking, no advertising, and no third-party SDKs.
• We (the developer) operate no servers that receive your data. There is no account to create and nothing to log in to.
• All of your cards and received cards live only on your device.
• Sharing happens directly, device-to-device — over the local network / Bluetooth (Apple's Multipeer Connectivity) or by showing a QR code. Your data never passes through us.

What information CardSwap handles

All of the following is created and stored locally on your device and is never sent to [Company name — to be finalized] or any third party:

• The cards you create. Whatever you choose to put on a card — for example your name, job title, company, email, phone number, website, social handles, notes, and an optional photo.
• Cards you receive from other people, along with the sender's device name and the time you received the card.
• Your app preferences, such as your light/dark appearance choice and whether you've completed onboarding. These are stored in the system's standard local preferences (UserDefaults).

CardSwap does not access your location, your photo library beyond a single image you explicitly pick for a card, your microphone, your camera (the QR feature only *displays* a code; it does not scan), or your browsing history.

How sharing works (and why your data stays private)

CardSwap offers two ways to share a card, both peer-to-peer:

1. Nearby exchange (Multipeer Connectivity). When you open the Send screen, your device advertises and discovers other nearby devices running CardSwap using a local Bonjour service (_cardswap._tcp) over Wi-Fi and/or Bluetooth. When you tap a nearby device to send your card, the card data is transmitted directly between the two devices over an encrypted Multipeer session. It is not uploaded anywhere.
2. QR code. CardSwap can render your card as a QR code containing a standard vCard. Anyone can scan it with their phone's camera — no app or network required. Nothing about a scan is reported back to us.

Because there is no server in the middle, [Company name — to be finalized] never sees the cards you create, send, or receive.

Contacts access (optional)

If — and only if — you tap Add to Contacts on a card you've received, CardSwap asks the system for permission to write to your Contacts and then saves that one contact. CardSwap does not read your existing contacts, and it does not use Contacts access for any other purpose. You can decline, and you can revoke access at any time in Settings › CardSwap.

Exporting and deleting your data

• Export: The Settings screen lets you export all of your cards and received cards as a JSON file, which you can save or share wherever you choose. This export is generated on your device and shared only through the system share sheet.
• Delete: The Settings screen lets you permanently delete all cards and received cards from the device. Deleting the app also removes all of its locally stored data.

Children's privacy

CardSwap is a general-audience utility and does not knowingly collect any personal information from anyone, including children under 13. Because the app collects no data and has no servers, there is nothing for us to retain or delete on a child's behalf.

Third parties

CardSwap integrates no third-party analytics, advertising, crash-reporting, or tracking services. The only external code in the app is Apple's own frameworks and the open-source Composable Architecture library, which runs entirely on-device and sends nothing anywhere.

Apple "Data Not Collected" declaration

Consistent with the above, CardSwap's App Store privacy label is configured as Data Not Collected, and the bundled PrivacyInfo.xcprivacy manifest declares no tracking and no collected data types.

Changes to this policy

If the app's behavior ever changes in a way that affects this policy, we will update this page and revise the effective date above. Material changes will be reflected in a future app update's release notes.

Contact

Questions about this policy can be directed to [Company name — to be finalized] via the support link in the App Store listing.