1. Who we are
Swippee ("Swippee", "we", "us") is a developer API based in Nepal. Our service converts bank statement documents into structured data on behalf of our developer customers.
Contact: hello@swippee.com.
2. What we are, and what we are not
- We are a document-parsing service. Our customers (developers, MFIs, fintechs, accounting firms) send us bank statement files they obtained from their own end users.
- We are not a bank, payment company, or licensed financial institution.
- We do not screen-scrape, log into, or access any bank portal on behalf of any user. We never handle bank credentials.
- We do not send your statement data to any large language model or third-party AI service. Parsing runs on our own code. Your financial data is never used to train, fine-tune, or prompt an AI system.
3. What data we process
For each parse request we receive and briefly process:
- The bank statement file (PDF / image / spreadsheet).
- The structured data extracted: account holder name, account number, period, transactions, balances, derived signals.
- API metadata: customer organization ID, API key ID, file name, file size, timestamps, IP address.
For each customer organization we store:
- The owner's email address (used for sign-in only).
- API keys (stored only as one-way hashes, never as plaintext).
- Plan, quota, and usage counters.
4. Retention
- Raw statement files: retained briefly to complete the parse and any webhook redelivery, then deleted. Default: 24 hours.
- Structured parse results: retained for the lifetime of the originating organization so it can be re-fetched via
GET /v1/reports/:id. Deleted on request. - API metadata / usage events: retained for billing and abuse-prevention, typically 24 months.
5. Sharing and disclosure
We do not sell personal information. We share data only:
- With sub-processors strictly required to run the service: hosting, database, email, and payment processing.
- With our customer (the organization that submitted the file) by returning the parse result.
- With law enforcement only when compelled by valid legal process under Nepali law.
6. Security
We protect your data with appropriate technical and organizational measures — including encryption in transit and at rest, credentials stored only as one-way hashes (never in plaintext), least-privilege internal access, and audit logging. We can produce an access audit on request. For the specifics, see our Trust & security page.
7. Your rights
End users whose statements are processed: contact the organization that uploaded your statement. They are the data controller; Swippee is the processor.
Customer organizations: you may export or delete all data associated with your organization at any time by emailing hello@swippee.com. Deletion requests are honoured within 30 days.
8. If you use Swippee directly (the Vault)
Some people use Swippee for themselves rather than through a developer customer — uploading their own statements or forwarding their own bank alert emails. When you use Swippee this way, we act as the controller of that data, and:
- It is your own data, kept in your own private space and shown only to you — never sold, and never shared with another party unless you explicitly grant them access.
- You can delete any statement, or your entire account and all its data, yourself at any time. Deletion is immediate and permanent.
- The no-AI commitment above applies in full: your statements and alerts are never sent to any large language model or external AI service.
9. International users
Swippee's infrastructure is hosted outside Nepal with reputable cloud providers. By using Swippee you consent to your data being processed outside Nepal.
10. Changes to this policy
We may update this policy from time to time. The current version always lives at this page, with the "Last updated" date above. For material changes we will give reasonable notice — by email to customer organizations, or an in-product notice for people who use the Vault directly — before they take effect.