We are committed to protecting your personal and business data. This policy explains exactly what we collect, how we use it, and your rights over it.
The business operating this platform
SwiftHubs is a unified business management platform that serves both wholesale/distribution businesses and hospitality operations. The platform is operated by the business that registered the account and their authorised staff.
The platform is hosted at swifthubs.net. For the purposes of data protection law, the business account owner is the Data Controller — meaning they decide what data is collected and why. SwiftHubs acts as the Data Processor — meaning we handle data on their behalf.
If you are a customer, supplier, guest, or employee whose data is held in this system, your relationship is primarily with the business that entered your data into SwiftHubs.
A full breakdown of every category of data stored in the system
| Category | Examples | Source |
|---|---|---|
| Account & Identity | Full name, phone number, email address, login PIN/password (hashed), role | Entered by account owner or the user themselves at registration |
| Customer Data | Customer name, phone, email, delivery address, purchase history, outstanding balance, loyalty stamps, referral code | Entered by business staff via the Customer Centre or POS system |
| Supplier Data | Supplier name, contact person, phone, email, payment terms, purchase orders | Entered by business staff via the Warehouse or Invoicing module |
| Employee / Staff Data | Full name, phone, role, salary, tax details (PAYE/SSNIT), bank info, leave records, loan records, attendance, clock-in location | Entered by HR/Manager during staff onboarding and payroll runs |
| Hotel / Hospitality Guest Data | Guest name, phone, booking dates, room assignment, payment method, stay history | Entered at check-in or via the WhatsApp bot booking flow |
| Financial Transactions | Invoice amounts, payments received, expenses, POS sales, cash totals, profit/loss figures | Generated automatically when sales or payments are recorded |
| Product & Inventory | Product names, SKUs, batch numbers, expiry dates, stock quantities, warehouse locations | Entered by warehouse staff or imported via CSV |
| Device & Session Data | Browser session token (stored as a signed cookie), page visit context, clock-in GPS coordinates | Collected automatically when you use the platform |
| WhatsApp Conversations | Incoming message text, phone number of sender, bot conversation history, message status | Received via Twilio WhatsApp Conversations API when a user messages the bot |
We do not collect payment card numbers directly. Payments are handled by Stripe or Paystack who have their own PCI-DSS compliant systems.
Purposes for which data is processed
We do not sell your data, use it for advertising, or share it with any third party outside the list in Section 5.
Access control within the platform
| Role | What They Can See |
|---|---|
| Superadmin | Platform-level subscription and billing data only. Cannot see your business's customer, financial, or staff records. |
| Manager | All data within their assigned business unit — sales, staff, customers, payroll, expenses, reports. |
| Admin | Modules they have been granted permission to by a Manager. Access is tab-by-tab and can be restricted at any time. |
| Store / Sales User | Their own sales data, their stock levels, their POS session. Cannot see other users' financials, full payroll, or system settings. |
| Customer / Supplier | Their own transaction history and loyalty balance only, when accessed via the WhatsApp bot or a shared invoice link. |
| Guest (Hospitality) | Their own booking status and room information only, via the WhatsApp bot. |
All access is authenticated via a secure login PIN or password. Passwords and PINs are stored as irreversible hashes — the platform cannot recover them in plaintext.
External providers that process data on our behalf
All WhatsApp messages sent and received by your business number are routed through Twilio's Conversations API. Twilio stores message logs for delivery tracking. Message content is subject to Twilio's own privacy policy.
Twilio Privacy Policy →Summarised and anonymised data is passed to OpenAI's GPT-4 API for features such as payroll summaries, offer letter generation, booking parsing, and performance insights. No raw personal records (full names, phone numbers, financial breakdowns) are sent in their original form.
OpenAI Privacy Policy →The PostgreSQL database that stores all platform data is hosted on Neon's serverless infrastructure. Data is encrypted at rest and in transit. Neon does not access or process your business data.
Neon Privacy Policy →The SwiftHubs application server runs on Replit's cloud infrastructure. Replit hosts the code and runtime environment. The domain swifthubs.net is registered and managed through Replit.
Replit Privacy Policy →If you pay for a SwiftHubs subscription, payment is processed by Stripe (international) or Paystack (Ghana / Africa). We never store your card details — only a subscription reference ID from the payment gateway.
Stripe Privacy → Paystack Privacy →How long we keep your data
| Data Type | Retention Period |
|---|---|
| Active account & business data | Retained for the life of the active subscription |
| Financial records (invoices, payments, expenses) | Minimum 7 years to comply with standard accounting requirements |
| Payroll records | Minimum 7 years to comply with tax authority requirements |
| WhatsApp conversation logs | 90 days rolling, then purged from live tables (Twilio retains their own copy per their policy) |
| Session data | Expires with browser session or after 24 hours of inactivity |
| Audit logs | 12 months rolling |
| Data after account cancellation | Exported to the account owner on request, then deleted within 30 days of cancellation |
How we protect your data
In the event of a data breach that affects your personal data, we will notify affected account owners within 72 hours of becoming aware of it.
What you can ask us to do with your data
Request a copy of all personal data we hold about you at any time.
Ask us to correct inaccurate or incomplete personal data.
Request erasure of your personal data, subject to legal retention requirements.
Export your data in a machine-readable format (CSV or PDF).
Object to specific uses of your data, including automated decision-making.
Request we restrict processing of your data while a complaint is investigated.
To exercise any of these rights, contact us using the details in Section 11. We will respond within 30 days. We may need to verify your identity before actioning a request.
If you are an employee or customer of a business using SwiftHubs, your primary contact for data rights is that business. We will cooperate with any deletion or export request they raise on your behalf.
How your WhatsApp interactions are handled
When you send a WhatsApp message to a business number powered by SwiftHubs, that message is received via the Twilio Conversations API. The following applies:
WhatsApp messages are end-to-end encrypted between your device and WhatsApp's servers. Once delivered to our system via Twilio's webhook, they are transmitted over HTTPS and stored encrypted at rest.
How we handle updates to this document
We may update this policy from time to time. When we make a significant change, we will:
Continued use of SwiftHubs after the effective date of a change constitutes acceptance of the updated policy. If you disagree with a change, you may terminate your account and request data deletion before the effective date.
Get in touch about any privacy concern
If you want to access, correct, export, or delete your data — or if you have any concern about how SwiftHubs handles personal information — contact us and we will respond within 30 days.
If you believe your rights have been violated and we have not resolved your complaint satisfactorily, you have the right to lodge a complaint with the relevant data protection authority in your country.