Effective Date: February 12, 2026 | Last Updated: February 12, 2026

1. Who We Are

Welcome to SwarmLens! Our website address is: https://swarmlens.com.

We are an Agentic AI development company that lives and breathes AI-based product development and engineering services. Our team builds intelligent, autonomous AI systems that bring together agentic reasoning, multi-agent orchestration, Large Language Model (LLM) integrations, grounded retrieval, and human-in-the-loop judgement to help businesses tackle complex, real-world challenges.

Whether we are developing a custom AI product for you, integrating LLMs into your workflows, or providing engineering services through our platforms like RiskLens and AssureLens, your trust matters to us. This Privacy Policy is our way of being transparent about how we handle your information — what we collect, why we collect it, and what choices you have.

By using our website or any of our services, you are agreeing to the practices described here. If something does not sit right with you, we would rather you reach out to us with questions than walk away with concerns.

2. Information We Collect

We believe in collecting only what we need to serve you well. Here is a straightforward look at the types of information we gather:

2.1 Information You Share With Us

When you sign up for an account, request a demo, reach out to our team, engage us for a project, or apply for a position, you may share details like your name, email address, phone number, company name, job title, billing information, and project requirements. We only ask for what is necessary to help you, and you are always in control of what you share.

2.2 Information We Collect Automatically

Like most websites, ours picks up some technical details when you visit — things like your IP address, browser type, device information, which pages you viewed, how long you stayed, and where you came from. If you interact with any of our AI-powered features, we may also log session-level data such as the queries you submitted and the outputs generated. This helps us understand how people use our services and where we can do better.

2.3 Client Data and Project Data

When you hire us to build an AI product, integrate LLMs into your systems, or use one of our platforms, you will likely share proprietary materials with us — documents, datasets, source code, business logic, knowledge bases, API credentials, and other confidential information. We call this “Client Data,” and we want to be very clear: it belongs to you. We process it only to deliver the work you have asked us to do, and we treat it with the highest level of care and confidentiality.

2.4 AI Interaction and Agent Data

Our agentic AI systems generate their own operational data as they work — reasoning traces, decision logs, inter-agent messages, retrieval queries, and execution records. We call this “Agent Data.” We collect it because transparency and auditability are at the core of how we build AI. If our agents made a decision, we want you (and us) to be able to trace exactly why. Agent Data from your projects is treated with the same confidentiality as your Client Data.

2.5 LLM Interaction Data

As part of our product development and engineering services, we frequently integrate with Large Language Models (LLMs) such as OpenAI’s GPT, Anthropic’s Claude, Google’s Gemini, Meta’s LLaMA, Mistral, and other foundation models. When our systems interact with these LLMs on your behalf, certain data is necessarily transmitted as part of the API call — this may include prompt content, contextual data from your documents or knowledge bases, and configuration parameters. Here is how we handle this responsibly:

  • We minimise the data sent to any LLM to only what is strictly needed for the task at hand.
  • We use enterprise-grade API agreements wherever available, which typically prohibit the LLM provider from using your data to train their models.
  • All data transmitted to LLM providers is encrypted in transit.
  • We never send sensitive credentials, passwords, or payment information to LLM APIs.
  • Where possible, we use self-hosted or private deployment options for LLMs to keep your data within controlled environments.
  • We maintain a record of which LLM providers are used in each engagement and can share this with you on request.

We understand that sending data to third-party AI models is a real concern for many businesses, and we are happy to discuss your specific requirements and agree on an approach that works for you.

2.6 Cookies and Tracking Technologies

We use cookies and similar technologies to keep things running smoothly. Here is what that looks like:

  • Essential Cookies: These keep the website working — login sessions, security checks, and basic functionality. You cannot turn these off without breaking the experience.
  • Analytics Cookies: These help us see how people use our site so we can make it better. We may use tools like Google Analytics for this.
  • Functional Cookies: These remember your preferences, like display settings or language choices, so you do not have to set them every time.
  • Marketing Cookies: If we run any promotional campaigns, these help us understand what is working. They may be placed by advertising partners.

If you leave a comment on our blog, you can choose to save your name, email, and website in a cookie so you do not have to type them again next time. These last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

You are always free to manage cookies through your browser settings, though turning off certain cookies may affect how the site works for you.

2.7 Comments and User-Generated Content

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

2.8 Media Uploads

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Files uploaded through our AI platforms or as part of project engagements are handled according to our security protocols and your service agreement.

3. How We Use Your Information

We are not in the business of collecting data for the sake of it. Everything we gather serves a clear purpose:

  • Delivering our services: This is the big one. We use your information to build AI products, integrate LLMs, provide engineering services, run our platforms, and support you throughout.
  • Developing and improving AI solutions: We design, develop, test, and deploy custom AI products tailored to your needs, including agentic systems and LLM-powered applications.
  • Keeping things running: Account management, payment processing, invoicing, and project milestone tracking all require your information.
  • Making our products better: We use aggregated, de-identified data to improve our AI models, agent architectures, LLM integration pipelines, and engineering processes. We never use your identifiable Client Data for this without your explicit written consent.
  • Staying in touch: Whether it is responding to a support request, sending a project update, or sharing something we think you would find useful (only with your permission for marketing), communication matters.
  • Research and development: We are always exploring new AI capabilities, fine-tuning techniques, prompt engineering methodologies, and agent architectures to stay at the cutting edge.
  • Security and compliance: Detecting fraud, preventing abuse, protecting our systems, and meeting our legal obligations.
  • Honouring our agreements: Enforcing our terms, service agreements, and contractual commitments.

4. Agentic AI, LLM Integration, and Data Practices

This is where things get specific to what we do. Since we build agentic AI systems and integrate LLMs into real business workflows, we think it is important to be especially transparent about how data flows through these systems.

4.1 AI Model Training and Your Data

Let us be direct: we do not use your identifiable Client Data to train general-purpose AI models unless you explicitly give us written permission to do so. We may use aggregated, anonymised data patterns to improve how our systems perform overall, but your confidential information stays confidential. If you are an enterprise client, you can opt out of even aggregated data use through your service agreement.

4.2 How Our Agentic AI Systems Work

Our agentic AI systems are autonomous AI agents that can reason, plan, execute multi-step tasks, and collaborate with each other. We have built them around principles we genuinely care about:

  • Transparency: Every action an agent takes is logged with a full decision trail. You can see what it did, why it did it, and what data it used.
  • Auditability: Agent reasoning chains, tool calls, LLM interactions, and inter-agent conversations are all recorded and reviewable.
  • Human-in-the-Loop: For important decisions, there are always human checkpoints. Our AI is designed to support your judgement, not replace it.
  • Containment: Agents only operate within the boundaries we set for them. They cannot access data or take actions outside their authorised scope.
  • Accountability: Every output and every action can be traced back to a specific agent, workflow, and triggering event.

4.3 LLM Integration Practices

Large Language Models are a core part of many solutions we build. Because LLMs can be powerful but also raise legitimate privacy questions, here is how we approach their integration:

  • Model Selection: We work with leading LLM providers including OpenAI, Anthropic, Google, Meta, Mistral, Cohere, and others. We select models based on your requirements for capability, cost, latency, data residency, and privacy.
  • Data Minimisation: We design our prompts and retrieval pipelines to send only the minimum necessary context to the LLM. We do not dump entire databases into API calls.
  • No Training on Your Data: Where enterprise API agreements are available, we use them to ensure that LLM providers cannot use your data to train or improve their own models.
  • Private Deployments: For clients with strict data sovereignty or compliance requirements, we can deploy open-source LLMs (such as LLaMA, Mistral, or other models) within your own infrastructure or a private cloud, so your data never leaves your control.
  • Prompt Security: We implement safeguards against prompt injection, data leakage through model outputs, and other LLM-specific security risks.
  • Retrieval-Augmented Generation (RAG): Many of our solutions use RAG architectures where the LLM is grounded in your proprietary data through vector databases and retrieval systems. Your documents are embedded and stored securely, and only relevant chunks are passed to the LLM at query time.
  • Fine-Tuning: If we fine-tune an LLM on your data, we do so on a dedicated model instance. Your fine-tuned model is your asset and is not shared with other clients.
  • Logging and Monitoring: We log LLM API calls (prompts, responses, metadata) for auditability and debugging. These logs are protected with the same security controls as your Client Data.

4.4 Multi-Agent Systems and Data Flow

When multiple AI agents collaborate within our systems, data naturally flows between them as part of the workflow. For example, one agent might retrieve information from your knowledge base, another might analyse it, and a third might generate a recommendation — each potentially making LLM calls along the way. All of this happens within our secured infrastructure, and every data transfer between agents is subject to the same protections we apply to your Client Data.

4.5 Third-Party AI Models and APIs

Beyond LLMs, we may integrate with other third-party AI services — embedding models, speech-to-text engines, computer vision APIs, vector databases (such as Pinecone, Weaviate, Qdrant, or Milvus), and other specialised tools. When we do, we make sure that data processing agreements are in place, data is encrypted in transit and at rest, access is limited to what is necessary, and we can tell you exactly which services are involved in your project.

4.6 AI Output Accuracy and Limitations

We will always be honest with you: AI is powerful, but it is not perfect. Outputs from our agentic systems and LLM integrations can sometimes contain errors, inaccuracies, or what the industry calls “hallucinations” — confident-sounding statements that are actually wrong. We build in safeguards like confidence scoring, source attribution, fact-grounding through RAG, and uncertainty flags, but we strongly recommend that you verify AI outputs before acting on them in critical situations. Our systems are designed to support human decision-making, not replace it.

4.7 Responsible AI and Ethics

Building AI responsibly is not just a policy checkbox for us — it is how we operate. We regularly audit our systems for bias and unintended outcomes. We design for explainability, so users can understand why the AI said what it said. We do not build AI systems for mass surveillance, autonomous weapons, social scoring, or anything that violates fundamental human rights. And we hold ourselves to an internal AI ethics framework that guides every product we develop and every engineering engagement we take on.

4.8 Data Retention for AI and LLM Services

We keep your Client Data only as long as we need it to deliver the work you hired us to do. Once an engagement ends, we follow the retention terms in your service agreement — which typically means securely deleting or returning your data. AI interaction logs, LLM call logs, and agent traces are retained for a maximum of 24 months (or whatever period your agreement specifies) before they are anonymised or deleted. You can ask us to delete your data at any time, and we will honour that request subject to any legal obligations we need to meet.

5. Who We Share Your Data With

We do not sell your data. Period. But there are situations where we do need to share information with others:

  • Cloud and Infrastructure Providers: Our services run on platforms like AWS, Azure, and Google Cloud. Your data is stored and processed on their infrastructure under strict security controls and data processing agreements.
  • LLM and AI Providers: As described in Section 4, when our products make calls to LLM APIs or other AI services, certain data is shared with those providers under enterprise agreements that protect your information.
  • Service Providers: We work with third parties for things like payment processing, email delivery, analytics, and customer support. They only get access to what they need to do their job, and they are contractually bound to protect your data.
  • Engineering Partners: On some projects, we may bring in trusted subcontractors or partner firms. They are held to the same confidentiality and data protection standards as our own team.
  • Business Transitions: If SwarmLens is ever involved in a merger, acquisition, or sale of assets, your information may be part of what transfers. We would notify you and give you choices if that ever happens.
  • Legal Requirements: If the law requires it — through a court order, regulation, or government request — we may need to share your information. We will only do so to the extent legally required.
  • With Your Permission: For anything else, we will ask you first.

One small technical note: if you request a password reset, your IP address will be included in the reset email.

6. Embedded Content from Other Websites

Our website sometimes includes embedded content from other platforms — things like YouTube videos, social media posts, or interactive tools. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

7. How Long We Retain Your Data

We do not hold onto your information longer than we need to. Here is a practical breakdown:

  • Account information stays active as long as your account is open, plus a reasonable wind-down period for legal compliance.
  • Client and project data is retained for the duration of our engagement and then securely deleted or returned to you, as specified in your service agreement.
  • Comments and their metadata are kept indefinitely so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
  • User profiles: For users that register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
  • AI logs, LLM call logs, and agent traces are kept for up to 24 months (or as agreed) before being anonymised or deleted.
  • Aggregated analytics data (with no personal identifiers) may be kept indefinitely.
  • Marketing preferences are retained until you tell us otherwise.

8. Data Security

We take security seriously — not just because we have to, but because we handle sensitive client data and AI systems that need to be trustworthy. Here is what we have in place:

  • Encryption everywhere: Data is encrypted both in transit (TLS/SSL) and at rest (AES-256 or equivalent).
  • Strict access controls: Role-based access, multi-factor authentication, and the principle of least privilege mean people only see what they need to see.
  • Network security: Firewalls, intrusion detection, and secure VPN access protect our infrastructure.
  • Secure development practices: Code reviews, static analysis, dependency scanning, and secure deployment pipelines are standard for every project.
  • Regular testing: We conduct security assessments, penetration tests, and vulnerability scans on a regular basis.
  • AI-specific protections: We guard against prompt injection, model output leakage, agent boundary violations, and other risks unique to AI systems and LLM integrations.
  • Incident readiness: We have breach notification and incident response procedures ready to go.
  • Team training: Everyone at SwarmLens — employees and contractors alike — undergoes training on data protection, AI safety, and security practices. Everyone with access to Client Data signs a confidentiality agreement.

That said, no system is 100% bulletproof. We cannot guarantee absolute security, but we can promise that we work hard to protect your data every day.

9. Intellectual Property and Ownership

Your data and your custom-built products are yours. Unless your service agreement says otherwise, all intellectual property in custom AI products, models, fine-tuned LLMs, and solutions we develop for you belongs to you once you have paid in full. We retain ownership of our pre-existing tools, frameworks, agent architectures, prompt libraries, and proprietary methodologies — the foundation we build on. General knowledge and skills we pick up during an engagement stay with us, but we will never disclose or reuse your confidential Client Data in other projects.

10. International Data Transfers

Because our team, clients, cloud infrastructure, and AI service providers may be located in different countries, your data may cross borders. We understand this matters, especially when different countries have different levels of data protection. When we transfer data internationally, we put safeguards in place — like Standard Contractual Clauses, data processing agreements, and recognised certifications — to make sure your data gets the protection it deserves regardless of where it ends up.

11. Your Rights Over Your Data

Depending on where you are in the world, you have rights over your personal data. We respect all of them:

  • Access: Ask us for a copy of the personal data we hold about you.
  • Correction: If something is wrong or incomplete, let us know and we will fix it.
  • Deletion: Ask us to erase your personal data. (We may need to keep some data for legal or security reasons, but we will tell you if that is the case.)
  • Restrict Processing: Tell us to limit how we use your data.
  • Data Portability: Request your data in a structured, commonly used format so you can take it elsewhere.
  • Object: Say no to certain types of processing, including direct marketing.
  • Withdraw Consent: Changed your mind? You can withdraw consent at any time. It will not affect anything we did before you withdrew it.
  • Automated Decision-Making: Ask for a human to review any decision made solely by our AI systems that significantly affects you.
  • Right to Explanation: If our agentic AI or LLM-powered systems played a significant role in a decision affecting you, you can ask us to explain the logic, the data, and the reasoning behind it.
  • Export: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

To exercise any of these rights, just email us at privacy@swarmlens.com. We will get back to you within the timeframe your local laws require.

12. For Our Friends in Europe (GDPR)

If you are in the European Economic Area, the UK, or Switzerland, here is the legal basis for how we process your data: we do it to fulfil our contract with you, to pursue our legitimate business interests (as long as they do not override your rights), to comply with the law, and sometimes because you have given us your consent. For our agentic AI and LLM integration work, we rely primarily on contractual necessity and legitimate interest, backed up by the transparency and auditability measures we described in Section 4. You can exercise all your GDPR rights by getting in touch with us, and you always have the right to complain to your local data protection authority if you feel we have got something wrong.

13. For California Residents (CCPA/CPRA)

If you live in California, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act. You can ask us what personal information we collect and why, request deletion of your data, opt out of the sale or sharing of your personal information, and expect equal treatment regardless of whether you exercise these rights. For the record: we do not sell your personal information. To exercise your California privacy rights, reach out to us using the contact details below.

14. Keeping Up With AI Regulations

The regulatory landscape for AI is evolving rapidly, and we are committed to staying ahead of it. We actively monitor compliance with the EU AI Act, and we classify our AI systems according to the risk categories that regulations define. For higher-risk applications, we maintain detailed technical documentation, conduct conformity assessments, implement human oversight, and ensure our AI operations are transparent and explainable. As new AI regulations emerge around the world, we will continue adapting our practices to meet them.

15. Children’s Privacy

Our services are designed for businesses and professionals, not for children. We do not knowingly collect personal information from anyone under 18. If we discover that we have, we will delete it right away. If you think we might have collected information from a minor, please let us know immediately.

16. Third-Party Links and Services

You might find links to other websites or services on our site. We do not control those sites, and we are not responsible for how they handle your data. We encourage you to check their privacy policies before sharing any information with them.

17. Open-Source Components

Many of our AI products use open-source software, including open-source LLMs (such as LLaMA, Mistral, Falcon, and others), frameworks, and libraries. These components are used under their respective licences. Using open-source software does not weaken any of the protections described in this policy, and we never contribute your Client Data or personal information to any open-source project.

18. Where Your Data Is Sent

Visitor comments may be checked through an automated spam detection service. We do this to keep our site clean and secure — it is a legitimate business interest, and we hope you will agree it makes the experience better for everyone.

Additionally, when you use our AI-powered services, data may be transmitted to LLM providers and AI infrastructure services as described in Section 4. All such transmissions are governed by enterprise data processing agreements and the security measures outlined in this policy.

19. Do Not Track Signals

Some browsers send a “Do Not Track” signal to websites. Since there is no universal standard for how to interpret these signals yet, we do not currently respond to them. If a standard emerges, we will update our practices accordingly.

20. Changes to This Privacy Policy

We may update this policy as our practices, technology, AI capabilities, or the law evolves. When we make significant changes, we will post the updated version on our website and update the date at the top. If you are an enterprise or engineering services client, we will reach out to you directly about material changes. We encourage you to check back periodically — though we promise not to sneak in anything surprising.

21. Get in Touch

We genuinely welcome questions about this policy, our AI data practices, or anything else privacy-related. Do not hesitate to reach out:

SwarmLens
Website: https://swarmlens.com
Email: hello@swarmlens.com

We are here because we believe that building great AI and respecting privacy are not competing goals — they go hand in hand.

This Privacy Policy was last updated on February 12, 2026.