Privacy Policy

1. Introduction and Scope

Swarm Capital LLC ("Swarm Capital," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit our website at swarm-us.com (the "Site"), interact with us as a potential or current portfolio founder, communicate with us as an investor or limited partner, or otherwise engage with Swarm Capital.

This Privacy Policy applies to all users of the Site and to individuals who interact with Swarm Capital in a professional context, including founders, entrepreneurs, co-investors, advisors, service providers, and potential limited partners. This Privacy Policy does not apply to the privacy practices of companies in which Swarm Capital has invested, which are governed by their own privacy policies.

By accessing the Site or engaging with Swarm Capital, you acknowledge that you have read this Privacy Policy and understand our data practices. If you do not agree with the terms of this Privacy Policy, please do not use the Site or provide us with your personal information.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you directly provide to us, including but not limited to:

• Contact Information: Name, email address, telephone number, postal address, company name, and job title when you fill out contact forms, subscribe to our newsletter, or communicate with us.
• Pitch and Company Information: Business plans, pitch decks, financial projections, team profiles, product descriptions, and other materials you share when submitting a pitch or engaging in our investment evaluation process.
• Professional Background: Employment history, educational background, professional references, LinkedIn profile information, and other professional information you share as part of our due diligence process.
• Investor Information: Accreditation status, investment preferences, portfolio information, and financial information provided in connection with a potential or existing limited partner relationship.
• Communications: Content of emails, letters, and other communications you send to us, including attachments, and records of calls and meetings.
• Survey and Feedback Data: Responses to surveys, questionnaires, or feedback requests we may send.
• Event Registration Information: Information you provide when registering for events, webinars, or conferences hosted by Swarm Capital.

2.2 Information Collected Automatically

When you visit our Site, we automatically collect certain information about your device and your use of the Site, including:

• Log Data: IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, and the date and time of your visit.
• Device Information: Information about the device you use to access the Site, including hardware model, operating system version, unique device identifiers, and mobile network information.
• Cookie Data: Information collected through cookies and similar tracking technologies. Please see our Cookie Policy for more information.
• Analytics Data: Aggregated and anonymized information about how users interact with the Site, collected through analytics tools such as Google Analytics.
• Location Data: General location information inferred from your IP address.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Professional Networks: Information from LinkedIn and other professional networking platforms when you connect with us or when we research potential investment opportunities.
• Reference Checks: Information provided by professional references you have authorized us to contact.
• Co-investors and Advisors: Information shared by co-investors, advisors, and other venture capital professionals in connection with investment opportunities.
• Background Check Providers: Depending on the nature of our relationship, we may receive information from background check service providers.
• Public Sources: Information available in public databases, press releases, news articles, government filings, and other publicly available sources.
• Data Brokers: In limited circumstances, we may receive information from data enrichment services that supplement information you have provided to us.

3. How We Use Your Information

3.1 Investment Evaluation and Management

We use your information to evaluate potential investment opportunities, conduct due diligence on companies and founders, communicate with you throughout our investment process, manage our relationship with portfolio companies, and fulfill our fiduciary and contractual obligations as investors.

3.2 Communication and Relationship Management

We use your information to respond to your inquiries and requests, send you updates about Swarm Capital's activities and portfolio, invite you to events and webinars, conduct market research and surveys, and maintain ongoing relationships with founders, investors, advisors, and service providers.

3.3 Site Improvement and Analytics

We use automatically collected information to analyze how the Site is used, improve the Site's functionality and user experience, troubleshoot technical issues, monitor for security threats and unauthorized access, and optimize our content and communications.

3.4 Legal and Compliance Purposes

We use your information to comply with applicable laws and regulations, including securities laws, anti-money laundering regulations, and know-your-customer requirements. We also use it to enforce our legal rights, respond to legal proceedings, prevent fraud and other prohibited activities, and protect the safety and security of our employees, partners, and the public.

4. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for collecting and using personal information depends on the specific information involved and the context in which we collect it.

• Legitimate Interests (Article 6(1)(f)): For investment evaluation, relationship management, direct marketing to professionals, and fraud prevention, we process personal data based on our legitimate business interests, which we have determined do not override your rights and freedoms.
• Contract Performance (Article 6(1)(b)): Where we have a contractual relationship with you (such as a term sheet, investment agreement, or limited partner agreement), we process your personal data to fulfill our contractual obligations.
• Legal Obligation (Article 6(1)(c)): We process certain data to comply with applicable laws and regulations, including securities laws, anti-money laundering requirements, and tax obligations.
• Consent (Article 6(1)(a)): Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time by contacting us at privacy@swarm-us.com.
• Vital Interests (Article 6(1)(d)): In exceptional circumstances, we may process personal data to protect your vital interests or those of another person.

5. Sharing of Your Information

5.1 Within Swarm Capital

We share your information among Swarm Capital team members and advisors who need access to it to perform their responsibilities and provide services to you.

5.2 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud computing and IT infrastructure providers (including Amazon Web Services and Google Cloud Platform)
• Customer relationship management software providers
• Email communication and marketing automation services
• Legal and accounting professionals
• Background check and due diligence service providers
• Analytics and website optimization services
• Payment processing services

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

5.3 Co-investors and Syndicate Partners

In connection with investment opportunities, we may share limited founder information with co-investors, syndicate partners, and other venture capital firms, consistent with standard industry practice and subject to appropriate confidentiality obligations.

5.4 Legal Requirements

We may disclose your information when required by law, regulation, court order, subpoena, or government demand, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.5 Business Transfers

If Swarm Capital undergoes a merger, acquisition, reorganization, bankruptcy, or other sale or transfer of some or all of its assets, your information may be transferred as part of that transaction. We will notify you by email and/or a prominent notice on the Site of any such change in ownership and your choices regarding your information.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest using AES-256 encryption
• Role-based access controls limiting access to personal data to authorized personnel
• Multi-factor authentication for access to systems containing personal data
• Regular security assessments and penetration testing
• Employee security awareness training
• Incident response procedures, including notification protocols in the event of a data breach
• Physical security measures at our facilities

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your rights and freedoms, we will notify you in accordance with applicable law, which for EU residents means within 72 hours of becoming aware of the breach where feasible.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to maintain our business records, to comply with our legal obligations, and to resolve disputes. Specific retention periods include:

• Investor information and limited partner records: 10 years after the termination of the investment relationship or fund winding down, as required by securities law.
• Founder pitch and due diligence materials: 3 years from the date of final investment decision for declined investments; for portfolio companies, the duration of the investment plus 7 years.
• Contact and communication records: 3 years from last interaction, unless a longer retention period is required by law.
• Website analytics data: 26 months, consistent with Google Analytics default retention settings.
• Cookie data: As specified in our Cookie Policy, typically between 30 days and 2 years depending on cookie type.
• Financial and tax records: 7 years, as required by US tax law.

When your information is no longer needed, we will securely delete or anonymize it.

8. Your Privacy Rights

8.1 Rights Under GDPR (EU/EEA/UK Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable national data protection laws:

• Right of Access (Article 15): You have the right to request a copy of the personal information we hold about you and information about how we process it.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate personal information or completion of incomplete personal information.
• Right to Erasure (Article 17): You have the right to request deletion of your personal information in certain circumstances, such as when the information is no longer necessary for the purpose for which it was collected, or when you have withdrawn consent.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict our processing of your personal information in certain circumstances.
• Right to Data Portability (Article 20): Where processing is based on your consent or contract, you have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit that data to another controller.
• Right to Object (Article 21): You have the right to object to our processing of your personal information where processing is based on legitimate interests, including for direct marketing purposes.
• Rights Related to Automated Decision Making (Article 22): You have the right not to be subject to solely automated decisions that have legal or similarly significant effects on you.
• Right to Withdraw Consent: Where our processing of your personal information is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer at dpo@swarm-us.com. We will respond to your request within 30 days, or within 72 hours for data breach notifications.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. Swarm Capital does not sell your personal information. However, certain advertising-related data sharing may constitute "sharing" under the CPRA. You may opt out by visiting our Cookie Preferences page.
• Right to Limit Use of Sensitive Personal Information: You have the right to direct us to limit our use of your sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your CCPA rights.

To submit a CCPA request, please email privacy@swarm-us.com or call +1 (415) 555-0182. We will respond within 45 days. You may also designate an authorized agent to submit requests on your behalf.

8.3 Rights for Other US Residents

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws have similar rights to those described above. We honor these rights to the extent required by applicable state law. Please contact privacy@swarm-us.com to exercise your rights under applicable state privacy laws.

9. International Data Transfers

Swarm Capital is headquartered in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses (2021/914/EU) for transfers to the United States.
• Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.
• UK International Data Transfer Agreements: For transfers from the United Kingdom, we use UK-approved International Data Transfer Agreements.

You may request a copy of the safeguards we use for international data transfers by contacting dpo@swarm-us.com.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Site. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. Children's Privacy

Our Site and services are not directed to individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected personal information from a child, please contact privacy@swarm-us.com and we will promptly delete the information.

12. Third-Party Websites and Services

Our Site may contain links to third-party websites, services, or applications that are not owned or controlled by Swarm Capital. This Privacy Policy does not apply to those third-party sites and services. We encourage you to review the privacy policies of any third-party sites or services you access. Swarm Capital has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes to this Privacy Policy, we will notify you by email (if we have your email address on file) and/or by posting a notice on the Site prior to the effective date of the changes. We encourage you to review this Privacy Policy periodically to stay informed about our information practices and the choices available to you.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, or if you wish to exercise any of your privacy rights, please contact us as follows:

• General Privacy Inquiries: privacy@swarm-us.com
• Data Protection Officer: dpo@swarm-us.com
• EU Representative (GDPR Article 27): For individuals in the European Economic Area, our EU representative can be reached at eu-rep@swarm-us.com
• UK Representative (UK GDPR): For individuals in the United Kingdom, our UK representative can be reached at uk-rep@swarm-us.com
• Postal Address: Swarm Capital LLC, Privacy Team, 340 Pine Street, Suite 1800, San Francisco, CA 94104, United States
• Phone: +1 (415) 555-0182

15. Supervisory Authority Complaints

If you are located in the European Economic Area and believe that we have violated your GDPR rights, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at https://edpb.europa.eu.

UK residents may lodge complaints with the Information Commissioner's Office (ICO) at https://ico.org.uk.

16. California "Shine the Light" Law

California residents have the right to request information from us once per calendar year about whether we share their personal information with third parties for those third parties' direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes without your consent. To submit a request under California Civil Code Section 1798.83, please email privacy@swarm-us.com with "Shine the Light Request" in the subject line.

17. Do Not Track Signals

Some web browsers transmit "Do Not Track" signals to websites. Because there is currently no universally accepted standard for interpreting these signals, our Site does not currently respond differently to browser "Do Not Track" signals. However, you can use the privacy settings in your browser and our Cookie Preferences tool to control the collection of certain information while visiting our Site.