Swimly

Privacy policy

Last updated: 19 June 2026

Swimly Pty Ltd ("Swimly", "we", "us") collects, stores and uses your personal information to deliver swim coaching services. This policy explains what we collect, why, how we protect it, and your rights under the Australian Privacy Principles (APPs).

What we collect

  • Your name, email and phone number (the family billing contact)
  • Each swimmer's name, date of birth and coaching tier
  • Intake form responses: swim experience, goals, medical conditions, medications, injuries, emergency contact
  • Booking history, attendance and coach notes
  • Payment records held by Stripe — we do not store card numbers
  • Marketing engagement (emails opened, links clicked) via Mailchimp

How we use it

  • To deliver coaching sessions safely and effectively
  • To send booking confirmations, reminders and cancellation notices
  • To process payments through Stripe
  • To send marketing communications you've opted in to
  • To improve our service and respond to support requests

Who we share it with

We share only the minimum required, with these processors:

  • Supabase (US) — database, auth, file storage
  • Stripe (US/AU) — payments and billing
  • Resend (US) — transactional email
  • ClickSend (AU) — SMS reminders
  • Mailchimp (US) — marketing email (opt-in only)
  • Vercel (US) — hosting

We never sell your information.

How we protect it

Data is encrypted at rest (AES-256) and in transit (TLS). Access is restricted to authorised staff. Card numbers never touch our servers — Stripe holds them. Privileged actions are audit-logged. Full security posture documented at docs/security.md in our repository.

Children's data

For swimmers under 18, the parent or legal guardian holds the account and consents to data collection. We collect only what's needed for safe coaching (age, medical notes, emergency contact). We do not market directly to children.

Your rights

Under the APPs you can:

  • Access your data — we'll send a copy on request
  • Correct anything that's inaccurate
  • Delete your account and all associated data
  • Unsubscribe from marketing at any time (link in every email)
  • Complain to the OAIC if you think we've mishandled your data

To exercise any of these, email bookings@swimly.com.au. We'll respond within 30 days.

How long we keep it

Active client records: as long as you're a client plus 7 years (to meet Australian tax record-keeping obligations). Marketing data: until you unsubscribe. Audit logs: 2 years.

Contact

Swimly Pty Ltd
Sydney, Australia
bookings@swimly.com.au

← Back to Swimly