Privacy Policy

This Privacy Policy tell you the rules of using www.SwitchIt.ai

Last updated: Feb 01, 2024

Welcome to SwitchIt ApS (‘SwitchIt’, ‘we’, ‘us’). This document explains how we handle your personal information when you use our services (‘the Services’). It also outlines your rights regarding privacy laws. We take responsibility for managing your data safely and transparently when you use the Services. If you have any questions about this privacy policy or your rights, please contact us at info@switchit.ai. To use SwitchIt, you’ll need to agree to this privacy policy and our terms of use. Additionally, you’ll need to give us permission to access your bank account and email information, as we’ll explain in more detail below.

Information We Process

To enhance your experience and tailor our services to your needs, SwitchIt may collect and process the following types of information from you:

Full Name: We use your full name to create your personal household account in SwitchIt, ensuring an unique and personalized experience.
Invoices and Service Agreements: By scanning your invoices and service agreements, we can compare them with current market offers. This helps us to identify potential savings or better services for you.
Bank Transactions: We analyze your bank transaction data to offer insights and compare them with available market offers. This enables us to suggest more suitable financial products or services for your household.
App Switches: We track the switchs you complete within the SwitchIt app to provide a seamless service experience.
Interests, Age, General Location, and Gender: We gather information about your interests, age, general location, and gender to improve our service offerings. This information is used exclusively for anonymized lead management in our SwitchIt Lead Manager system, ensuring that your personal details remain confidential.

Device Access Requirements

For the full functionality of SwitchIt, we may require access to certain features on your device. We will always request your permission for:

Camera Roll and Files Access: To enable the scanning of invoices and agreements directly from your device, we need access to your camera roll and file folders.
Push Notifications: To keep you updated with important account information and offers, we request the ability to send you push notifications.

Rest assured, we ask for these permissions only to enhance your user experience and will always maintain the highest standards of privacy and data protection.

When you use your phone number to log in to SwitchIt, leveraging Auth0’s passwordless authentication feature, we streamline your experience while prioritizing your security. Upon successful login, we’ll request your consent to access specific information from your Google/Outlook profile. This access is vital to integrate our services seamlessly with your existing online ecosystem. The data accessed from your Google/Outlook account, always with your explicit permission, includes:

Your email address, enabling us to identify and communicate with you effectively.
Relevant emails with companies, which assist us in personalizing and enhancing the services we offer to you.
Your email profile details, encompassing both your emails and their configurations, allowing us to understand and adapt to your preferences and needs.
Any personal data you’ve consented to share with Google/Outlook, ensuring that our services align with your expectations and requirements.

Our use of Auth0’s passwordless authentication ensures a secure, user-friendly login process, reducing barriers while safeguarding your privacy and data.

Collecting Your Information

Here’s how we gather the personal information you entrust us with:

Registration and Updates: When you register or update your profile in SwitchIt, we collect your personal details except for specific data like invoices, service agreements, and transactions.
Phone Number Login and Email Access: If you log in using your phone number and give consent, we access additional information from your authenticated Google or Outlook account. This includes invoices and receipts, but only on the needed services (Mobile, Broadband, Energy, Insurance and Mortgage)
when you upload them into SwitchIt.
Bank Transactions through GoCardless: For your financial data, we use GoCardless’s APIs, which are compliant with PSD2 regulations. This ensures secure access to your bank transactions when you authenticate your bank account with us. Once again, we only extract transactions from the needed services (Mobile, Broadband, Energy, Insurance and Mortgage).
Newsletter Interactions: If you opt to receive our newsletter, we may also gather data based on your interactions with these emails, as described earlier.

Purpose of Processing Your Information

To Deliver Intelligent Household Service Management: SwitchIt is the world’s first app designed to intelligently manage all your household services for a lifetime. We collect and process your personal information to automate the management of services like energy, mobile, broadband, banking, insurance, and more. This approach helps you avoid overpaying, buying unnecessary services, and reduces the hassle of finding new service providers.
For Tailored Offers and Switching Services: We use your transaction and consumption data to negotiate with companies on your behalf. This data, fully encrypted and accessed only via our SwitchIt Lead Manager interface, remains anonymized until you decide to switch providers. At that point, we share your contact information – first name, last name, and home address – with the new provider to facilitate the switch.
Communication and Legal Compliance: We may use your contact details to inform you about significant changes to SwitchIt, our terms of use, or this privacy policy. Additionally, we’ll communicate with you if there’s a need regarding your use of SwitchIt, such as a violation of terms of use. In certain cases, legal requirements may necessitate the processing of your data, including for legal claims, compliance, and law enforcement purposes.
Improvement and Personalization: Your data aids in our ongoing effort to enhance and develop our services, ensuring they remain cutting-edge and responsive to your needs.
Marketing and Analysis: We process your data to send you relevant marketing materials and conduct analysis and statistical studies to improve our service offerings.
Decision Making: Rest assured, all decisions made using your personal data are based on your explicit agreement or as necessary to fulfil our service obligations to you.
For Companies – SwitchIt Lead Manager: Companies get access to SwitchIt Lead Manager, where they can view detailed profiles of household services. This enables them to make informed decisions on lead bids, considering factors like pricing, services, and user preferences. Our use of AI and PSD2 technology automates processes, ensuring optimal service matches. A household is anonymised with their contact information until the household decides to switch service.

Legal Basis for Processing Your Data

Contractual Necessity (GDPR Article 6(1)(b)): When you create a SwitchIt account, we process your personal data to fulfill our contractual obligations to you. This includes providing you with the full range of SwitchIt services.
Consent (GDPR Article 6(1)(a)): For accessing your emails via Google/Outlook when you sign in, we base our processing on your prior explicit consent.
Legitimate Interests (GDPR Article 6(1)(f)):
- We process personal data for analysis and statistics to improve and develop our services.
- We use your data to send you personalized offers from our partners, balancing our legitimate interests with your rights and interests.
- For direct marketing, like sending newsletters, we process data based on your explicit consent. This also includes the use of tracking technologies in newsletters to understand your preferences and enhance marketing effectiveness.
Legal Compliance (GDPR Article 6(1)(c)): We process data as required by law, like for accounting purposes under the Danish Bookkeeping Act, and to adhere to our terms of use and applicable consumer protection laws.
Defense of Legal Claims: When necessary, we process data to establish or defend legal claims, which is a legitimate interest under GDPR.

Third-Party Data Sharing and Processing

Azure for Storage: We use Azure for securely storing invoice photos and contract details. Azure only ensures secure storage and does not otherwise access or use your documents.
GoCardless for Bank Transactions: GoCardless processes your bank transactions, facilitating bank authentication and PSD2 integration. They do not access your transaction details but support secure financial data processing.
Data from Google/Outlook: When you grant consent, we retrieve invoices and service agreements directly from your Google/Outlook account. These providers have already processed this data, and we access it only after your explicit permission. You retain full control and can delete this data from your email account.
SwitchIt LeadManager for Companies: Anonymized personal data is accessible to companies via our SwitchIt LeadManager platform. We inform you about any company accessing your data or offering you new services. Access is restricted to GDPR and PSD2 compliant companies.
Legal Basis for Sharing: Sharing your data with these parties is essential to fulfill our contractual obligations to you (GDPR Article 6(1)(b)).
Potential Asset Transfers: In case of any changes in SwitchIt’s corporate structure, such as asset sales, data transfer will comply with GDPR Article 6(1)(f), reflecting our commercial interests.
Limited Third-Party Disclosure: Apart from the scenarios mentioned, your data is not shared without your consent, except where legally required (e.g., with lawyers or in court proceedings). All shared data can be anonymized.
Customer.io for Communication: We utilize customer.io as a third-party tool for communication purposes. Customer.io helps us send personalized emails and messages to enhance your user experience. Your contact information and communication preferences are securely processed through Customer.io to ensure effective communication.

Your Privacy Rights Under GDPR

As a SwitchIt user, GDPR grants you several rights regarding your personal data:

Access and Insight: You have the right to know what personal information we hold about you and how it’s processed (GDPR Article 15).
Correction and Portability: You can request any corrections to your data (Article 16) and ask for your data to be transferred to another service (Article 20).
Restriction and Deletion: You have the right to restrict how we use your data (Article 18) or request its deletion (Article 17).
Account Deletion: You can ask for your SwitchIt account and all associated personal data to be completely removed, as outlined in our terms of use.
Withdraw Consent: If our processing is based on your consent, you can withdraw this at any time, leading to the deletion of data if there are no other grounds for processing.
Objection to Processing: You may object to the processing of your data, especially for direct marketing purposes, based on legitimate interests.

Identity Verification and Data Security

To protect your information, we’ll verify your identity before processing any requests.
In the unlikely event of a data breach, we will promptly notify you if your data is compromised.

Queries and Complaints

We’re here to address any questions about data processing.
If you believe we’re not meeting our obligations, you have the right to complain to the Danish Data Protection Authority (dt@datatilsynet.dk).

Data Processing Across Borders

EU/EEA Data Centers: We process all personal data connected to SwitchIt in data centers located within the EU/EEA for maximum security.
International Transfers: For certain services like Stripe, Google, and Microsoft Azure, data may be transferred outside the EU/EEA, including to countries with different data protection standards like the USA. These transfers adhere to the EU Commission’s standard contractual clauses for data security.

Data Deletion and Retention

Account Closure: Your personal data is deleted within 30 days of closing your SwitchIt account or withdrawing consent to email access.
Accounting Records: Data related to financial transactions is kept for 5 years as per financial record-keeping regulations.
Marketing Consent Records: Records of your marketing consent are retained for 2 years after you withdraw consent.
Anonymization: For longer-term needs, data may be stored in an anonymized format.

Enhanced Security Measures for Your Data

Encryption Standards: We employ advanced encryption protocols. All data, both in transit and at rest, is encrypted using industry-standard encryption methods. This ensures that your personal information is protected from unauthorized access or interception as it travels between your device and our servers, as well as when it’s stored.
Secure Data Transmission: Data transmitted to and from our servers is secured using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) technology. This creates a secure channel safeguarding all data exchange, including sensitive financial information.
Robust Access Controls: Access to your personal data is strictly controlled and limited to authorized personnel only. We implement role-based access controls and regularly audit these permissions to prevent unauthorized access.
Regular Security Audits: Our systems undergo regular security reviews and audits to ensure ongoing protection against emerging security threats. This includes both internal audits and, where appropriate, external audits by third-party security experts.
Data Integrity Measures: We implement measures to maintain the integrity and accuracy of your data. This includes protection against unauthorized modifications and ensuring data consistency through backups and redundancy systems.
Compliance with Privacy Regulations: Our data security practices are designed to comply with relevant privacy regulations, including GDPR, CCPA, and others, ensuring that your data is handled in accordance with legal standards.

Usage by Minors

Age Restriction: SwitchIt services are intended for individuals aged 18 and over. We do not knowingly design our services for, nor do we encourage their use by, anyone under the age of 18.
Handling Data of Minors: In the event that we become aware of having inadvertently collected personal information from a minor under 18, we will take immediate steps to delete such information from our records.
Parental Awareness and Control: We encourage parents and guardians to take an active role in their children’s online activities. If you believe that we might have any information from or about a minor, please contact us, and we will address the issue promptly.

Compliance with External Data Policies

Google API Services User Data Policy: When using data obtained from Google APIs, we strictly adhere to the Google API Services User Data Policy. This includes adhering to the Limited Use requirements, ensuring that data from Google services is used responsibly and in a transparent manner.
Microsoft Outlook Data Policy: In a similar vein, our use and transfer of data obtained through Microsoft Outlook APIs comply with Microsoft’s data use policies. We ensure that your data is handled securely and with respect for your privacy according to Microsoft’s guidelines.
Apple’s User Data Guidelines: For users accessing SwitchIt on Apple devices, we follow Apple’s guidelines regarding user data access. This involves clearly notifying users whenever SwitchIt accesses data on Apple devices, and confirming that such access is solely for improving the services offered by our app.
Android User Data Policy: For Android users, we comply with Android’s user data policies, which include transparently notifying users about the types of data the SwitchIt app accesses and the purposes for which it is used. Our commitment is to ensure that data access on Android devices is performed with the utmost security and only for service enhancement purposes.

In all these cases, our foremost priority is to maintain the highest standards of data privacy and security, conforming to the specific regulations set by each platform provider. We commit to using your data solely to enhance your SwitchIt experience, in a manner consistent with your explicit consent.

Data Processing on Social Media Platforms

Joint Responsibility: When you visit SwitchIt’s profiles or pages on social media platforms, both SwitchIt and the respective social media providers share responsibility for processing your personal data. We align with the General Danish Data Protection Agency’s guidelines on shared data liability.
Transparency in Data Processing: Our aim is to ensure you’re informed about how your personal data is processed when you interact with our social media profiles. We utilize the tools and resources provided by these platforms to maintain transparency.
SwitchIt on Social Media: We have established profiles on various social media platforms to engage with you and enhance our services. Here’s how you can learn more and manage your data on these platforms:
- Facebook (Meta Platforms Ireland Ltd.):
  - Privacy Policy: Facebook’s Privacy Policy.
  - Manage Privacy: Customize Your Privacy Settings on Facebook.
- Instagram (Meta Platforms Ireland Ltd.):
  - Privacy Policy: Instagram’s Privacy Policy.
  - Manage Privacy: Customize Your Privacy Settings on Instagram.
- LinkedIn:
  - Privacy Policy: Linkedin’s Privacy Policy.
  - Manage Privacy: Customize Your Privacy Settings on LinkedIn.
- TikTok:
  - Privacy Policy: TikTok’s Privacy Policy.
  - Manage Privacy: Customize Your Privacy Settings on TikTok.

By visiting and interacting with our social media profiles, you can stay updated and engaged with our latest offerings and announcements. We are committed to ensuring your data is handled in accordance with the best privacy practices.

How Your Data is Used by SwitchIt on Social Media

Enhancement of Products and Services: We process your data to improve SwitchIt’s offerings, ensuring that our products, services, and social media interactions meet your needs and preferences.
Data Analysis and Statistics: Your data aids in generating statistics and analysis, helping us understand user trends and preferences, thereby guiding our strategic decisions and service improvements.
Communication: If you engage with us through comments, reviews, or direct messages on social media, we use your data to respond and communicate effectively with you.
Marketing Initiatives: Your data helps us in crafting and delivering marketing content that is relevant and tailored to your interests.

How Social Media Providers Use Your Data

Ad System Improvement: Social media platforms use your data to refine their advertising systems, ensuring more relevant and targeted ad experiences.
Providing SwitchIt with Insights: These platforms generate and provide us with analytical data based on your interactions with our profiles. This information is crucial for us to understand the impact and reach of our content.
Customization of Activities: Your data helps social media platforms in personalizing and enhancing your experience on their sites, including the content and ads you see.

Legal Basis for Processing Your Data on Social Media

Legitimate Interests (GDPR Article 6(1)(f)):
- SwitchIt’s Use: We process your personal data based on legitimate interests, which include communicating with you and marketing our services through our social media profiles. This also extends to our efforts in continually improving our products and services.
- Social Media Providers’ Use: Similarly, social media platforms process your data based on their legitimate interests. This includes enhancing their advertising systems, providing us with analytics based on your interactions, and offering a customized, secure, and efficient user experience on their platforms.
Consent (GDPR Article 6(1)(a)): Social media providers may also process certain aspects of your personal data based on your consent, particularly for specific advertising and customization purposes. You have the right to withdraw this consent at any time through the privacy settings on the respective social media platforms.

Data Retention Period

On SwitchIt: We store your personal data until it is no longer necessary for the purposes for which it was collected, or until you request its deletion.
Anonymization: In some cases, we may retain your data in an anonymized form for a longer period, particularly for statistical analysis or historical record purposes.
Social Media Platforms: The duration for which social media providers store your data is governed by their respective privacy policies. We recommend reviewing their policies for specific retention details.

Data Sharing by Social Media Providers

Social media platforms may share your personal data with various parties, including:

Within Their Corporate Group: Data might be shared with other companies or divisions within the same corporate group as the social media provider.
External Partners: This includes companies that provide analysis and survey services, assisting the platforms in understanding user behavior and improving services.
Advertisers: Your data may be used to tailor advertising to your interests, both on and off the social media platforms.
Publicly Visible Data: Information that you make publicly available on our social media profiles or pages can be seen by other users.
Research and Academia: Occasionally, data may be shared with researchers for academic or study purposes.

For specific details on data sharing practices, please refer to the privacy policy of each social media provider.

International Data Transfers

Social media providers may transfer personal data outside the EU/EEA, in compliance with applicable data protection laws. For more information on these practices, please consult the individual privacy policies of the social media platforms.

Changes to Our Privacy Policy

SwitchIt reserves the right to update or modify this privacy policy. In the event of significant changes, we will notify you and may request your acceptance of the new terms, ensuring you are always informed about how your data is being used.

This revision aims to clearly articulate the data sharing practices of social media providers and the protocol for updating our privacy policy. Let me know if there are other aspects you’d like to focus on or if further revisions are needed!

Contact us

If you have questions or comments about this Privacy Policy, please contact us at:

SwitchIt ApS 43896350
Copenhagen
jri@switchit.ai