Privacy Policy

    How Sweven collects, uses, and protects your information.

    Sweven, LLC. — Privacy Policy

    Last Updated: April 17, 2026Effective Date: April 17, 2026

    1. Introduction

    Sweven, LLC. ("Sweven," "we," "our," or "us") respects your privacy and is committed to protecting the personal and operational data you entrust to us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Sweven Facilities Maintenance platform, including our web application, mobile application, API, and related services (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree with the terms of this Policy, please discontinue use of our Services.

    2. Information We Collect

    2.1 Information You Provide Directly

    We collect information you voluntarily provide when you register for an account, submit forms, or communicate with us. This includes: • Account registration data: name, work email address, job title, company name, and phone number. • Billing information: payment method details (processed and stored by Stripe; Sweven does not store raw card data). • Work Order content: descriptions, notes, photos, and attachments you upload. • Communications: messages you send to our support team or through the platform.

    2.2 Information Collected Automatically

    When you use our Services, we automatically collect certain technical information: • Device and browser information: IP address, browser type and version, operating system, device identifiers. • Usage data: pages visited, features used, time spent on screens, click patterns, and search queries within the platform. • Log data: server logs including timestamps, error reports, and performance metrics. • Cookies and similar technologies: session tokens, authentication cookies, and analytics identifiers.

    2.3 Operational Data from Your Facilities

    As part of providing our Services, we process operational data generated by or uploaded to your account: • Asset data: equipment identifiers, location, service history, compliance records, and maintenance schedules. • IoT sensor data: real-time and historical readings from connected sensors (temperature, vibration, humidity, etc.). • Work Order data: job descriptions, vendor assignments, cost records, photos, and status history. • Vendor data: names, contact information, certifications, and performance records.

    3. How We Use Your Information

    We use the information we collect for the following purposes: • Service delivery: to provide, operate, and maintain the Sweven platform and its features. • AI Engine operation: to train and run our machine learning models that generate recommendations, predict maintenance needs, and automate Work Orders on your behalf. Models are trained per-client and your data is never used to train models for other clients. • Vendor coordination: to match, dispatch, and communicate with vendors in connection with your Work Orders. • Billing and payments: to process subscription fees and vendor payments through Stripe. • Communications: to send service notifications, security alerts, and platform updates. • Analytics and improvement: to understand usage patterns and improve the platform (using aggregated, anonymized data only). • Legal compliance: to comply with applicable laws, regulations, and legal processes.

    4. How We Share Your Information

    We do not sell your personal or operational data to third parties. We may share information in the following limited circumstances: • Vendors on your network: contact and Work Order information is shared with vendors you assign to jobs. You control which vendors have access. • Service providers: we use trusted third-party providers to operate our infrastructure (e.g., cloud hosting, payment processing, email delivery). These providers are contractually bound to process data only as we direct and under strict confidentiality. • Stripe: payment data is processed directly by Stripe under their Privacy Policy. We share only the data necessary to process transactions. • Legal requirements: we may disclose information if required by law, subpoena, or government request, or to protect the rights and safety of Sweven, our users, or the public. • Business transfers: in the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to the same privacy protections.

    5. Data Retention

    We retain your information for as long as your account is active or as needed to provide the Services. Specifically: • Account data is retained for the duration of your subscription and for 90 days after termination, after which it is deleted or anonymized. • Work Order and asset history is retained for 7 years to support compliance and audit requirements, unless you request earlier deletion. • IoT sensor data is retained for 24 months in raw form; aggregated summaries are retained indefinitely. • Billing records are retained for 7 years as required by financial regulations. You may request earlier deletion of specific data categories by contacting us at contact@swevenbpm.com.

    6. Your Rights and Choices

    Depending on your location, you may have the following rights regarding your personal data: • Access: request a copy of the personal data we hold about you. • Correction: request correction of inaccurate or incomplete data. • Deletion: request deletion of your personal data, subject to retention obligations. • Portability: request your data in a structured, machine-readable format. • Objection: object to certain processing activities. • Restriction: request that we restrict processing of your data in certain circumstances. To exercise any of these rights, contact our Data Protection Officer at contact@swevenbpm.com. We will respond within 30 days. If you are located in the European Economic Area, you also have the right to lodge a complaint with your local supervisory authority.

    7. Security

    We implement industry-standard technical and organizational security measures to protect your data: • Encryption at rest: all stored data is encrypted using AES-256. • Encryption in transit: all data transmitted between your browser and our servers uses TLS 1.3. • Access controls: role-based access control (RBAC) limits data access to authorized personnel and systems only. • Multi-factor authentication (MFA): required for all administrator accounts. • SOC 2 Type II: our infrastructure and security controls are audited annually. • Penetration testing: we conduct external security assessments on a quarterly basis. While we take extensive precautions, no system is completely immune to security breaches. In the event of a data breach affecting your data, we will notify you in accordance with applicable law.

    8. Cookies and Tracking Technologies

    We use cookies and similar technologies to operate and improve our Services: • Essential cookies: required for authentication and core platform functionality. These cannot be disabled. • Analytics cookies: used to understand how users interact with our platform (e.g., Google Analytics in anonymized mode). You may opt out via your browser settings. • Preference cookies: store your platform settings and preferences. You can manage cookie preferences through your browser settings. Note that disabling essential cookies will prevent you from using the platform.

    9. Third-Party Services and Integrations

    Our platform integrates with third-party services to provide certain features (e.g., Stripe for payments, AWS for cloud infrastructure, Twilio for notifications). These integrations are governed by the respective providers' privacy policies. We only integrate with providers who meet our data protection standards. Links to third-party websites within our platform are provided for your convenience only. We have no control over and assume no responsibility for the privacy practices of any third-party site.

    10. Children's Privacy

    Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a minor, please contact us at contact@swevenbpm.com and we will promptly delete the information.

    11. International Data Transfers

    Sweven is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We use Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure adequate protection for international data transfers.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and by posting a prominent notice on the platform at least 30 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

    13. Contact Us

    If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: Sweven, LLC. Data Protection Officer Email: contact@swevenbpm.com Support: contact@swevenbpm.com We are committed to working with you to resolve any privacy concerns promptly.

    Questions about this policy? Contact our Data Protection Officer at contact@swevenbpm.com