Privacy Policy

Last updated: February 2026 — Version 1.0

SwingWatch was built by someone living with bipolar I disorder. Your mental health data is deeply personal. This policy explains exactly how we handle it — plainly, without legal obfuscation.

Who we are

SwingWatch is a personal mood-tracking application built and operated by an individual developer. We are not a healthcare provider, insurance company, or covered entity under HIPAA. We are, however, committed to HIPAA-level data protection as best practice because we believe your mental health data deserves it.

What data we collect

Mood check-ins: mood score, sleep hours/quality, energy, anxiety, irritability, racing thoughts, notes you write
Medications: medication name, dose, prescriber name, schedule times, refill dates
Weather data: temperature, precipitation, barometric pressure and other weather variables for your home location (fetched from Open-Meteo, a free public API)
Location: home latitude/longitude (used for weather fetching only — stored encrypted at rest, never shared)
Account information: email address, display name, timezone, password (hashed with bcrypt)
Device information: browser user agent (for session management), IP address (for rate limiting and security monitoring)
Feedback: if you submit feedback or bug reports, that content is stored (encrypted at rest)

What we do NOT collect

We do not use advertising tracking or analytics services
We do not sell, share, rent, or trade your data with any third party
We do not use your data to train AI or machine learning models
We do not use third-party analytics (no Google Analytics, no Mixpanel)
We do not serve ads

Encryption at rest

Sensitive fields — your journal notes, medication names, doses, and prescriber names — are encrypted in the database using AES-256-GCM. The encryption key is never stored in the database; it lives only in a server environment variable. This means that even if someone obtained a database dump, your sensitive health data would be unreadable without the key.

All data is transmitted over HTTPS (TLS 1.2+). We enforce HSTS.

Where your data is stored

SwingWatch is hosted on a virtual private server in the EU/US. Your data does not leave this server except when you explicitly export it. We do not use any third-party cloud services that process your health data (weather data is fetched from Open-Meteo using only your coordinates, not your identity).

How long we keep your data

By default, we keep your data indefinitely (as long as your account is active). In Settings → Privacy, you can choose a retention period of 1 or 2 years — check-ins and risk scores older than that window will be automatically deleted by a daily process.

You can request complete account deletion at any time (see below).

Anonymous aggregate data

If you opt in (Settings → Privacy → Anonymous data sharing), anonymised mood pattern data may contribute to aggregate statistics accessible via the Global Stats page. This data cannot be linked back to you: it contains no name, email, IP address, or any identifier. You can opt out at any time and your previously contributed data will be removed from the aggregate.

Your right to export your data

You can export all your data at any time from Settings → Export. Available formats: JSON (complete machine-readable export) and PDF (human-readable report). Exports are rate-limited to 3 per day to prevent abuse.

Your right to delete your account

You can delete your account from Settings → Danger Zone. When you do:

All health data is immediately and permanently hard-deleted from our database (check-ins, medications, risk scores, weather data, alerts, sync records, etc.)
Your account record is anonymised — your email and name are replaced with placeholders so the slot cannot be reused
Anonymous aggregate mood data (if you opted in) is not deleted because it cannot be linked to you
Feedback/bug reports you submitted are anonymised (user ID removed) so they remain useful for fixing bugs
We send a confirmation email to your address before it is erased

Deletion is irreversible. There is no grace period or recovery option.

Security monitoring

We run automated monitoring to detect suspicious activity: excessive failed login attempts, login from unusual locations, potential injection attacks. These detections are logged to an audit trail for human review. They do not result in automatic blocking — a human reviews flags before taking any action.

An immutable audit log records who accessed or modified your data, when, and from which IP address. This log is used to investigate potential unauthorised access.

Third-party services

Open-Meteo (open-meteo.com) — weather data API. Your home coordinates are sent to this service. Open-Meteo is free, open-source, and GDPR-compliant. No account or API key is required; requests are anonymous.
IONOS — our email delivery provider (for account notifications). Email addresses used for transactional emails only.

Cookies and local storage

SwingWatch uses browser localStorage to store your authentication tokens (JWT access token and refresh token). No third-party cookies are set. Session data (for CSRF protection on the signup and password reset forms) is stored in a standard PHP session cookie, which expires when your browser closes.

Children's data

SwingWatch is not intended for use by anyone under 16 years of age. We do not knowingly collect data from minors.

Changes to this policy

If we make material changes to this privacy policy, we will notify you by email and update the "Last updated" date above. Continued use of SwingWatch after notification constitutes acceptance of the updated policy.

Contact for privacy requests

To exercise any of your rights (export, deletion, correction), use the self-service options in Settings. For questions, concerns, or to report a privacy issue, email: ross@swingwatch.app

We aim to respond to privacy requests within 72 hours.