Plain English, because that's the whole brand. Last updated: 4 July 2026.
SwapMyApp ("the service") is a product of PMDonkey Labs.
Controller / Developer: Martin Cavey.
For privacy-related enquiries, please use the contact details at the end of this policy — a human (the founder) reads and answers.
Account and identity — your email address (used to sign in) and a password, stored only as a secure hash by our authentication provider; we never see or store the password itself.
Your app listings — the app name, store links, icon, category and the hook line you write. This is information you choose to publish into the network: it appears on your promo card inside other members' apps.
Exchange activity — the credit ledger (grants, clicks delivered and received), your swaps and placements: the working record of the exchange.
Purchase information — Launch Boost payments are processed by PayPal. We do not receive or store your card or bank details — only the PayPal order reference and payment status.
Device and technical data — error logs from our servers used to keep the service secure and reliable.
Support communications — messages and contact details you send us when you ask for help or make a privacy request.
When a promo card is shown or tapped inside a member's app, we process a salted hash of the visitor's IP address and browser type. The raw IP address is never stored. The hash exists for exactly two purposes: counting a click once per device per day, and fraud prevention.
No cookies, no tracking SDK, no advertising identifiers, no profiles. A card is a link, not a tracker.
· To create and manage your account and app listings.
· To run the exchange — matching, credits, and showing cards.
· To keep it honest — fraud prevention and the fair-play rules in the member
guide.
· To process payments you initiate (Launch Boost).
· To monitor performance, fix bugs, and improve security.
· To communicate with you about your account, important changes, or support
requests.
· To comply with legal obligations and enforce our terms.
We do not sell your data, share it with ad networks, or use it for anything unrelated to running SwapMyApp.
Where applicable data protection law (such as the GDPR or UK GDPR) applies, we rely on the following legal bases:
· Contract — to provide the service and its core features you
request.
· Consent — where we ask for it, which you can withdraw at any
time.
· Legitimate interests — to keep the service secure, prevent
abuse (including click fraud), understand general usage, and improve the service,
in ways that do not override your rights and freedoms.
· Legal obligation — where we must process or retain certain
information to comply with law.
We do not sell your personal data. We share information only with:
Service providers / processors who help us run the service:
· Supabase — authentication, database, and backend hosting
(EU — Ireland).
· Cloudflare — edge delivery, performance, and security.
· PayPal — payment processing for Launch Boost.
· Email providers — to send account or service emails.
Public viewers — your promo card (app name, icon, hook line, rating) is published into other members' apps and is visible to their users. That's the product; only list information you're happy to publish.
Authorities or third parties — where required by law, to protect our rights, or to protect someone's vital interests (for example, emergencies or suspected fraud).
Where your data is stored or processed by third-party service providers (cloud hosting, databases, payments), we use providers that meet high security and data protection standards, and we require appropriate safeguards (such as contracts and, where needed, standard contractual clauses) so that your data receives the highest level of protection practicable.
Our service providers may process your data in countries outside your own. When we transfer personal data from the UK or EEA to countries that do not provide an equivalent level of protection, we use appropriate safeguards such as standard contractual clauses where required by law.
We keep your information for as long as your account is active and as needed to provide the service. When you close your account, we delete your personal data immediately (see "Data deletion" below), subject to the narrow exceptions we must or may lawfully retain:
· Payment records — the PayPal order reference, kept for
legal and accounting reasons.
· Expulsion records — if an account was expelled for click
fraud, the banned email and app identities stay on the blacklist. This is a
legitimate-interest measure that keeps the exchange honest for everyone else.
You can delete all of your personal data at any time by closing your account:
1 · Sign in to SwapMyApp and go to Settings.
2 · In the Close account panel, type your email address to
confirm.
3 · Press Close my account permanently.
Once you confirm, we immediately and permanently delete all personal data associated with your account — your account details, apps, cards, swaps, click history and credit ledger. This cannot be undone, credits are not transferable, and paid Launch Boosts are not refunded. We retain only what we are legally required or lawfully entitled to keep (see "Data retention" above). If you need help, contact us using the details below.
We use reasonable technical and organisational measures to protect your information, including access controls and encryption where appropriate. However, no online service can be completely secure, so we cannot guarantee absolute security.
The service is intended for adults (typically 18+) who publish and promote their own apps. We do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
Depending on your location, you may have the right to:
· Access the personal data we hold about you.
· Request correction of inaccurate information.
· Request deletion of your data — go to Settings and close your
account (see "Data deletion" above), or contact us.
· Request a copy of your data in a portable format.
· Object to certain processing or ask us to restrict it, where applicable.
· Withdraw consent at any time where we rely on consent.
The member dashboard keeps your sign-in session in your browser's local storage — that's it. The public site and the embed card set no cookies and run no analytics scripts.
We may update this Privacy Policy from time to time. The "Last updated" date at the top shows the latest version. If we make material changes, we'll say so plainly on this page and in the member guide.
Email: pmdonkeylabs@gmail.com
For privacy enquiries, account deletion, or data requests, please contact us at the address above. You may also have the right to lodge a complaint with your local data protection authority.