Legal
Privacy Policy
This policy explains how Empress Ecosystems LLC ("Empress", "we"), a New Jersey company, handles data in connection with the Empress behavioral substrate, the empress.eco website, and our own products. Swapp (swapp.eco) is a product of Empress Ecosystems LLC, not a separate entity — this policy and Swapp's own policy describe the same company.
Stated plainly, because it is the product and not a footnote: Empress is a behavioral measurement service. It records detailed user interaction data (xAPI statements) as core functionality — per-interaction, per-moment event streams are the product, not incidental analytics. On surfaces we operate ourselves (such as Swapp), we collect that data as a first party.
Our role: processor, not controller
Empress is infrastructure. Tenants — companies that integrate our API — send us xAPI statements describing behavior in their products. For that tenant data, the tenant is the controller and Empress is the processor: we store and serve it on their instructions and do not repurpose it. Each tenant's data is isolated at the database level (see Security).
What we collect
- Tenant statement data — xAPI statements a tenant sends (actor identifiers, verbs, objects, results, context). By our published guidance, actor identifiers should be opaque platform IDs, not emails or auth-provider IDs.
- Account & billing data for the tenant's team — name, work email, and (when billing exists) payment details handled by our payment processor; we do not store full card numbers.
- Dashboard authentication — sign-in to the Empress dashboard is handled by Clerk.
- Website basics — empress.eco is static and sets no advertising or analytics cookies. Standard server/CDN logs may be processed by our host for security.
How we use it
To provide the service: store the immutable ledger, run the analytics and belief endpoints a tenant queries, authenticate, bill, support, and secure the platform. We do not sell data, and we do not use tenant statement data to train models or for advertising.
Retention and the immutable ledger
Empress's ledger is immutable by design — statements are not rewritten or deleted, which is what makes the audit trail trustworthy. Two consequences we're transparent about:
- Because actor identifiers are opaque (not personal data), a tenant satisfies an erasure request by breaking the link between the person and the opaque ID in their systems; the statements remain as de-identified behavioral records.
- A tenant can retrieve everything via
GET /exportat any time; on account closure we provide a final export and then decommission access.
Sub-processors
Cloudflare (compute, CDN, tenant metadata), Neon (Postgres statement store), Fly.io (ingestion), Clerk (authentication), Resend (email delivery). Questions about the current sub-processor list: [email protected].
Your rights
Under GDPR, UK GDPR, CCPA and similar laws you may have rights to access, correct, export, or delete personal data. For tenant end-user data, direct requests to the tenant (the controller); we assist as processor. For your own account data — and for data we collect as a first party on our own products — contact [email protected].
Transfers, security, and changes
Data is processed in the United States, protected by tenant-scoped isolation, encryption in transit, and the controls described on our Security page. No method is perfectly secure; we hold no formal certification today and say so plainly. Governing law: New Jersey, USA. We'll post changes here with a new effective date. Questions: [email protected].