Privacy Policy.

Last updated: June 14, 2026

Side Hat Ventures LLC d/b/a Swipebrief (“Swipebrief,” “we,” “us,” or “our”) provides a swipe-based learning app that turns any search topic into a structured, AI-generated stack of short educational cards. This Privacy Notice applies to the processing of personal information through our mobile application (the “App”), our website at https://swipebrief.com (the “Website”), and other online or offline offerings that link to or are otherwise subject to this Privacy Notice (collectively, the “Services”). It is designed to help you understand how we collect, use, and share your personal information and to help you exercise your privacy rights.

1. Updates to This Privacy Notice

We may update this Privacy Notice from time to time in our sole discretion. If we do, we will let you know by posting the updated Privacy Notice in the App and on the Website, and we may also send other communications. The “Last updated” date at the top reflects the most recent version. Your continued use of the Services after a change becomes effective constitutes acceptance of the revised Privacy Notice.

Governing language. This Privacy Notice was drafted in the English language, and the English-language version governs. We may provide translations for your convenience. In the event of any conflict or inconsistency between the English-language version and any translation, the English-language version controls to the maximum extent permitted by applicable law.

2. Personal Information We Collect

We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.

Personal Information You Provide to Us Directly

• Account Information. When you create a Swipebrief account, we collect personal information such as your email address. If you sign in using Sign in with Apple, we collect the information you authorize Apple to share with us (typically a name and either your real email or an Apple-relayed private email address).
• Profile and Preferences. During onboarding and through ongoing use of the Services, we collect information such as your selected topic interests, complexity preference (Simple or Detailed), preferred theme, daily reminder time, and any parental-controls settings you configure (including a hashed and salted PIN stored on your device).
• Personal Notes and Highlights. When you write a personal note on a card or highlight a sentence inside the expanded reader, we store that content so you can return to it later. Notes are limited to 4,000 characters per card; highlighted sentences are limited to 2,000 characters each.
• Subscriptions and Purchases. If you purchase a Swipebrief Plus or Pro subscription through the Apple App Store (or any other supported app store), the app store processes the payment and provides us with limited information such as a customer identifier, transaction status, entitlement, and renewal date through our subscription management provider (RevenueCat). We do not collect or store your payment card information.
• AI Inputs. When you search a topic, write a personal note, or otherwise submit content to the App, we collect the text you submit (“Inputs”). For details on how AI Inputs are processed, see Section 5.
• Your Communications with Us. We collect the information you send us when you contact our support team or otherwise communicate with us by email or other channels.
• Surveys and Research. If you choose to participate in a survey, beta test, or research interview, we collect the information you provide.

Personal Information Collected Automatically

• Device Information. We collect information about your device, such as device model, operating system version, language settings, time zone, app version, and unique identifiers (for example, an Apple advertising identifier when you have granted App Tracking Transparency permission, or a vendor identifier that is not linked across other apps).
• Usage Information. We collect information about how you interact with the Services, such as the topics you search, the cards you view, save, expand, share, or skip, dwell time on cards (capped at 120 seconds per card), source links you open, completion of stacks, streaks, and the date and time of activity.
• Approximate Location. We may derive approximate location from your IP address. We do not collect precise GPS location.
• Cookies and Similar Technologies (Website). On the Website, we and certain third parties may use cookies, pixel tags, and similar technologies (“Technologies”) to recognize your browser, remember preferences, measure engagement, and support marketing. See “Your Privacy Choices and Rights” below for your choices.

Personal Information from Third-Party Sources

• Sign-In Providers. If you sign in via Sign in with Apple, we receive the information described above from Apple based on your privacy choices.
• App Stores and Payment Processors. We receive subscription, transaction, refund, and entitlement information from the Apple App Store (and any other supported app store) and from RevenueCat.
• Analytics and Attribution Providers. We may receive aggregated reports and event data from analytics providers (for example, PostHog).
• Public Sources and Service Providers. From time to time we may receive information from publicly available sources or from service providers that help us operate the Services.

3. How We Use Personal Information

We use personal information for a variety of business purposes, including the following.

Provide the Services

• Create and manage your account.
• Authenticate you and keep your account secure.
• Generate, retrieve, and serve learning stacks based on your search queries and complexity preference.
• Save and synchronize your library (saved cards, notes, highlights, completed stacks).
• Track your streak, progress, and milestones.
• Process subscriptions and entitlements through our app store and subscription provider.
• Send service-related communications (for example, password or account notices, payment receipts, and policy updates).
• Send local push notifications you have opted into (for example, daily reminders, streak save reminders, weekly recap).
• Respond to your support requests.

EU/UK GDPR Lawful Bases: performance of a contract, legitimate interest, and/or compliance with legal obligations.

Improve the Services and Develop New Features

• Analyze how users interact with the Services to improve search resolution, stack quality, the recommendation algorithm, the resurfacing schedule, and the overall experience.
• Conduct internal research and testing.
• Detect, prevent, and respond to bugs, errors, and reliability issues.
• Create de-identified or aggregated information for analytics and product development. If we create or receive de-identified information, we will not attempt to re-identify it except as permitted or required by law.

Note on AI training. We do not ourselves use your AI Inputs or other personal information to train AI models, and we do not build our own foundation models from your Inputs. However, to generate content we transmit your Inputs to a third-party AI provider (currently Google), and we do not control, and cannot guarantee, how that provider uses your Inputs. Depending on the provider and the applicable service tier, the provider may retain and use your Inputs in accordance with its own terms and privacy policies, which may include using Inputs to operate, secure, monitor, and improve or train its own models and services. We may use de-identified or aggregated Inputs and Outputs to improve our prompts, evaluate quality, tune confidence scoring, build internal evaluation sets, and improve Swipebrief’s own systems. Because we cannot guarantee how third-party AI providers handle your Inputs, you should avoid including confidential, sensitive, or personal information in your search queries. See Section 5 for more detail.

EU/UK GDPR Lawful Bases: legitimate interest and/or consent.

Operate Our Business

• Enforce our Terms of Service and other agreements.
• Protect against fraud, abuse, security incidents, and violations of our policies (including by applying rate limits and abuse-risk scoring).
• Comply with legal obligations and respond to lawful requests.
• Pursue corporate transactions as described below.

EU/UK GDPR Lawful Bases: legitimate interest, compliance with legal obligations.

Marketing

We may send you marketing communications about Swipebrief features, promotions, and offers, including by email, in-app messages, or push notifications. You can opt out at any time as described in Section 6. We may also engage in interest-based advertising through partners such as social platforms. Some of our marketing activities may be considered a “sale” or “share” of personal information for “cross-context behavioral advertising” under applicable privacy laws. See Annex A.

EU/UK GDPR Lawful Bases: legitimate interest and/or consent.

With Your Consent or Direction

We may use personal information for other purposes that we describe to you at the time you provide it, with your consent, or as otherwise directed by you.

EU/UK GDPR Lawful Bases: consent, performance of a contract, and/or legitimate interest.

4. How We Share Personal Information

We share personal information with third parties for the purposes described above.

Service Providers

We share personal information with service providers that help us operate the Services. These include, among others:

• Cloud hosting and database. Supabase Inc. hosts our application backend, including authenticated database, storage, edge functions, and authentication.
• AI providers. Google LLC (Gemini) generates learning content from your search queries and creates embeddings used to find similar topics. See Section 5.
• Subscription management. RevenueCat, Inc. handles subscription entitlement validation and webhooks tied to your Apple App Store purchases.
• App stores and payment processors. Apple Inc. (and, if applicable in the future, Google LLC) processes purchases, billing, and refunds.
• Product analytics. PostHog, Inc. provides product analytics. We pass events to PostHog only after we have appropriate permissions on your device (see “Tracking Authorization” in Section 6).
• Customer support tools. Email and ticketing providers we use to respond to your inquiries.

Other Users You Share or Interact With

If you share a card or stack using our share features, the recipient can view the shared content. We use universal links (for example, https://swipebrief.com/c/<id> and https://swipebrief.com/s/<id>) so that recipients open the same stack on the App or Website. Your personal notes and highlights are never shared automatically and remain private to your account unless you copy them yourself.

Business and Strategic Partners

We may share information with business partners with whom we jointly offer products or features. Once shared, your information will be subject to that partner’s privacy policy.

Disclosures to Protect Us or Others

We may share your personal information with external parties if we, in good faith, believe doing so is required or appropriate to (i) comply with law enforcement, national security, or other government requests, (ii) comply with legal process such as a court order or subpoena, (iii) protect your, our, or others’ rights, property, or safety, (iv) enforce our policies or contracts, (v) collect amounts owed, or (vi) assist with an investigation or prosecution of suspected or actual unauthorized or illegal activity.

Corporate Transactions

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, transition of service to another provider, or similar corporate transaction, your personal information may be shared, sold, or transferred as part of that transaction.

With Your Consent or Direction

We will share personal information for other purposes that we describe to you at the time you provide it, with your consent, or as otherwise directed by you.

5. AI Features and AI-Generated Content

Swipebrief is built around AI-generated learning content. This section explains how AI is used and what that means for your personal information.

What we generate with AI

When you search a topic and a matching stack is not already cached, we use a third-party large language model (currently Google’s Gemini 2.5 Flash) to generate a structured learning stack composed of short cards. We also use a third-party embedding model to convert your normalized topic into a numeric vector that we compare to existing topics in our database so we can serve a cached, validated stack whenever possible.

What we send to AI providers

To generate or look up a stack, we send the AI provider:

• Your normalized search query (for example, “dopamine” or “how tariffs work”).
• A server-side system prompt and JSON schema we control.
• A flag indicating whether parental “strict mode” is active on your account.

We do not send the AI provider your email address, Apple identifier, payment information, library contents, notes, highlights, or other personal information that is not necessary to generate a stack. We do not send your notes or highlights to any AI provider.

How AI Inputs and Outputs are used

• Inputs (your queries) and Outputs (the cards we generate) may be retained by Swipebrief to operate the Services, cache results for future users, improve content quality, evaluate confidence scoring, debug failures, and protect against abuse.
• We may use de-identified and/or aggregated Inputs and Outputs to improve Swipebrief’s own systems, including our prompts, our recommendation pipeline, and our internal quality evaluations.
• Your Inputs are processed by our third-party AI provider (currently Google) to generate content. We do not control, and cannot guarantee, how that provider uses your Inputs. Depending on the provider and the applicable service tier, the provider may retain and use your Inputs in accordance with its own terms and policies, which may include retaining Inputs to deliver and secure the service, monitor for abuse, comply with legal obligations, and improve or train its own models and services. The provider’s processing of your Inputs is governed by its own terms and privacy policies (for example, Google’s Gemini API / Generative AI terms). For this reason, you should avoid submitting confidential, sensitive, or personal information in your search queries.

Limitations of AI Outputs

AI Outputs are automatically generated and may not be accurate, complete, or up to date. Even when a card displays a high confidence score, the underlying claim may be wrong, outdated, or contested. Outputs are provided for informational and educational purposes only and are not professional advice. See our Terms of Service for the full disclaimer.

Confidence scores and sources

Every card carries a confidence score and rationale produced by our generation pipeline. Some cards include linked sources you can open. Confidence scores and source links are AI-generated metadata and should not be treated as a guarantee of accuracy.

Parental controls and strict mode

If you enable strict mode (either directly or through parental controls), the server enforces additional content restrictions before generation. We also apply server-side content-safety measures designed to reduce the likelihood of inappropriate, dangerous, or NSFW Outputs; because these measures rely on probabilistic systems they are not perfect, and we cannot guarantee they will block every such topic. The PIN used to gate parental controls is stored on your device as a salted SHA-256 hash inside the iOS Keychain and is not transmitted to our servers.

6. Your Privacy Choices and Rights

Privacy Choices

• Email communications. You can opt out of marketing emails by following the unsubscribe link in any marketing email. You cannot opt out of certain service messages (for example, security alerts, billing notices, or material changes to this Notice).
• Push notifications and local reminders. You can disable push notifications and local reminders at any time by changing the settings on your device or inside the App (Profile → notifications).
• Tracking Authorization (ATT). On iOS, we ask for permission to track via Apple’s App Tracking Transparency framework. If you do not grant permission, we will not link analytics events to your Apple advertising identifier.
• Account deletion. You can permanently delete your Swipebrief account at any time from inside the App (Profile → Danger Zone → Delete Account). Deleting your account cascades through your saved cards, notes, highlights, subscriptions metadata, and interactions and cannot be undone. To avoid additional charges, cancel your subscription before deleting your account.
• Export your library. You can export your saved cards, notes, highlights, and completed stacks as Markdown from inside the App (Library → Export).
• Cookies (Website). You can stop or restrict the placement of Technologies on your device by adjusting your browser preferences. Some features of the Website may not function properly if you do.
• “Do Not Track.” We do not respond to Do Not Track signals.

Privacy Rights

Subject to applicable law, you may have the right to:

• Request access to or portability of your personal information;
• Request correction of your personal information;
• Request deletion of your personal information;
• Request restriction of or object to our processing;
• Opt out of certain processing activities, including “sale” of personal information, “sharing” for cross-context behavioral advertising, or “profiling” in furtherance of decisions with legal or similarly significant effects (as those terms are defined by applicable privacy laws); and
• Withdraw your consent to our processing (with effect for future processing only).

You can exercise these rights for free at any time by emailing legal@swipebrief.com. We may need to verify your identity before processing your request, typically by confirming the email address associated with your account. You may use an authorized agent where applicable law permits, by providing written authorization signed by you and the agent. We will respond in accordance with applicable laws. If we decline your request, you may have the right to appeal that decision; instructions will be included in our response where required.

You also have the right to lodge a complaint with the data protection authority in the country or state where you live.

7. International Transfers of Personal Information

We are based in the United States, and our service providers may store and process personal information in the United States or other countries that may have data protection laws different from the laws where you live. Where required by applicable law (for example, for transfers out of the European Economic Area or the United Kingdom), we use safeguards such as Standard Contractual Clauses approved by the European Commission, or rely on adequacy decisions, to protect your personal information during international transfer.

8. Retention of Personal Information

We retain personal information as long as your account is active, as long as necessary to fulfill the purposes described in this Notice, and as long as required or permitted by law. Account, library, interaction, and subscription records are retained while your account is active and are deleted (subject to limited exceptions for legal, accounting, or security reasons) when you delete your account, subject to a processing window of up to 30 days. De-identified and aggregated information may be retained indefinitely.

9. Security

We implement reasonable administrative, technical, and physical measures designed to protect your personal information, including encryption in transit, server-trusted access controls, row-level security in our database, hashed-and-salted PIN storage, HMAC-signed payment webhooks, and email-verification gates on AI generation. No security system is perfect; we cannot guarantee the absolute security of your personal information.

10. Supplemental Notice for EU/UK GDPR

This section applies only to our processing of personal information subject to the EU General Data Protection Regulation or the UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or necessary to enter into a contract with us. If you choose not to provide such personal information, the Services may not function correctly or may be unavailable to you.

For the lawful bases we rely on, see Section 3. If we ever process special categories of personal data, our processing will be supported by one of the conditions in Article 9(2) of the EU/UK GDPR (for example, your explicit consent or that the data has been manifestly made public by you).

You have the right to lodge a complaint with the competent supervisory authority. EU residents can find their authority at edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents can complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint/.

The data controller for personal information described in this Notice is Side Hat Ventures LLC d/b/a Swipebrief.

11. Children’s Personal Information

The Services are intended for users 16 years of age and older. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided personal information to us in violation of applicable law, please contact us at legal@swipebrief.com and we will take appropriate steps to delete it.

12. Contact Us

Side Hat Ventures LLC d/b/a Swipebrief is the controller of the personal information processed under this Notice.

• Privacy and legal requests: legal@swipebrief.com
• General support: support@swipebrief.com
• Mailing address: Side Hat Ventures LLC, 344 Grove Street #4213, Jersey City, NJ 07302

13. Annex A – Supplemental CCPA Privacy Notice

This Supplemental CCPA Privacy Notice supplements our Privacy Notice and applies only to our processing of personal information subject to the CCPA.

Notice at Collection

At or before the time of collection, California residents have a right to receive notice of our privacy practices. California residents can find that information below.

• Personal information collected. See “Overview of Personal Information Collected, Disclosed, Sold, and/or Shared” below.
• Uses of personal information. See “Uses of Personal Information” below.
• Is personal information “sold” or “shared” for “cross-context behavioral advertising”? Yes, with respect to certain marketing partners. See below.
• Retention. See Section 8 of the Privacy Notice.

Categories of Sources

We collect personal information from you, from your device automatically when you use the Services, and from third-party sources (app stores, subscription providers, sign-in providers, analytics providers, and public sources).

Overview of Personal Information Collected, Disclosed, Sold, and/or Shared

We do not knowingly sell or share personal information of consumers under the age of 16 without affirmative authorization.

Uses of Personal Information

We may use and disclose the personal information that we collect for the following business and commercial purposes:

• Providing the Services, as further described in our Privacy Notice;
• Processing to improve the Services and develop new features, as further described in our Privacy Notice;
• Processing to operate our business, as further described in our Privacy Notice;
• Processing for marketing purposes, as further described in our Privacy Notice;
• Processing with your consent or direction, as further described in our Privacy Notice;
• Auditing related to counting impressions, verifying positioning, and auditing compliance with standards;
• Helping to ensure security and integrity to the extent reasonably necessary and proportionate;
• Debugging to identify and repair errors that impair existing intended functionality;
• Short-term, transient use, including non-personalized advertising shown as part of your current interaction with Swipebrief;
• Maintaining accounts, providing customer service, processing transactions, providing analytic services, providing storage, or providing similar services;
• Providing advertising and marketing services; and
• Undertaking internal research for technological development and demonstration.

Right to Opt Out of “Sales” of Personal Information and/or “Sharing” for Cross-Context Behavioral Advertising

California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” You can exercise this right by emailing legal@swipebrief.com with the subject line “California Do Not Sell/Share Request” or by adjusting tracking permissions on your device.

Sensitive Personal Information

Swipebrief uses and discloses sensitive personal information only for the purposes set forth in Section 7027(m) of the CCPA regulations.

Nondiscrimination

California residents have the right not to receive discriminatory treatment for the exercise of their rights conferred by the CCPA.

Authorized Agent

You may designate an authorized agent to act on your behalf. We may require written authorization signed by you and your agent, and we may verify your identity directly.

14. Annex B – Supplemental Notices for Other US States

Virginia, Colorado, Connecticut, Utah, Texas, and other comprehensive-privacy-law states

If you reside in a US state with a comprehensive consumer privacy law, you may have additional rights including the right to confirm whether your personal data is being processed, access your personal data, correct inaccuracies, delete personal data, obtain a portable copy, and opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) certain profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in profiling that produces legal or similarly significant effects.

To exercise these rights, please email legal@swipebrief.com with the subject line “State Privacy Request” and your state of residence. If we decline your request, you may have a right to appeal as described in our response.

Nevada

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at legal@swipebrief.com with the subject line “Nevada Do Not Sell Request” and providing the email address associated with your account. We do not currently sell personal information as defined by Nevada Revised Statutes Chapter 603A.

I HAVE READ THIS PRIVACY NOTICE AND UNDERSTAND HOW SWIPEBRIEF COLLECTS, USES, AND SHARES MY PERSONAL INFORMATION.

Last updated: June 14, 2026