Privacy Policy

Last updated: April 2026

1. Introduction

Swift ETA (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at swifteta.com and the UK ETA application services we provide.

We operate in compliance with the General Data Protection Regulation (GDPR) and applicable international data protection laws. By using our service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of personal data to provide our UK ETA application service:

Personal Identification Data

Full name, date of birth, nationality, email address, and (optionally) phone number.

Passport and Travel Data

Passport number, issue date, expiry date, issuing country, a photo or scan of your passport, your intended travel date, and your purpose of visit to the UK.

Payment Data

Payment is processed entirely by Stripe, a PCI-DSS Level 1 certified payment processor. We do not collect, store, or have access to your payment card details at any time.

Technical and Usage Data

IP address, browser type, device type, pages visited, and time spent on our website. This data is collected automatically and used for security, fraud prevention, and service improvement.

3. How We Use Your Data

We use your personal data exclusively for the following purposes:

  • To submit your UK ETA application to the UK Government on your behalf
  • To communicate with you about your application status via email
  • To process your payment through our payment provider (Stripe)
  • To provide customer support in response to your enquiries
  • To comply with our legal obligations
  • To detect and prevent fraud or misuse of our service

We will never sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract: Processing is necessary to perform the service you have contracted us to provide (submitting your UK ETA application).
  • Legitimate interests: For security monitoring and fraud prevention.
  • Legal obligation: Where we are required by applicable law to retain or disclose data.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected. Specifically:

  • Application data (including passport details and photos) is permanently deleted 30 days after your ETA is delivered to your email address.
  • Payment records are retained for the period required by applicable financial and tax regulations (typically 7 years), though we only retain transaction references — not card details.
  • If your application is refunded, data is deleted 30 days after the refund is confirmed.

6. Data Security

We take data security seriously. All data is protected using the following measures:

  • All data is transmitted over TLS/SSL (HTTPS) encrypted connections
  • Sensitive data (including passport numbers) is stored with AES-256 encryption at rest
  • Passport photos are stored in a private, access-controlled file storage system
  • Access to your data is restricted to team members who need it to process your application
  • Our infrastructure is hosted on Supabase (PostgreSQL) with row-level security policies

7. Your Rights

Under applicable data protection law, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request that we correct any inaccurate data.
  • Right to erasure: You may request that we delete your data (subject to our legal retention obligations).
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to portability: You may request a copy of your data in a machine-readable format.
  • Right to object: You may object to our processing of your data based on legitimate interests.

To exercise any of these rights, please email us at hello@swifteta.com. We will respond within 30 days.

8. Third-Party Services

We use the following third-party services to operate our business:

  • Stripe: Payment processing (PCI-DSS compliant). Stripe's privacy policy applies to payment data.
  • Supabase: Database and file storage, hosted on encrypted infrastructure.
  • Resend: Transactional email delivery. Only your email address and order-related content is transmitted.
  • Vercel: Website hosting. Standard server logs are retained for security purposes.

All third-party providers are contractually obligated to handle your data securely and in accordance with applicable data protection law.

9. Cookies

We use minimal, essential cookies required for the operation of our website (e.g. session authentication). We do not use advertising cookies or tracking pixels. We do not share cookie data with third parties for marketing purposes.

10. Governing Law

This Privacy Policy is governed by applicable international data protection law and regulations, including but not limited to the General Data Protection Regulation (GDPR) where applicable. We do not designate a specific national jurisdiction for data protection purposes, as our service is provided on an international basis.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated by posting the updated policy on this page with a revised date. We encourage you to review this policy periodically.

12. Contact Us

For any questions, concerns, or requests related to your privacy or personal data, please contact us at:

Swift ETA

Email: hello@swifteta.com