1 Who We Are
SwornIn LLC ("SwornIn," "we," "our," or "us") is a Delaware limited liability company operating an online marketplace at swornin.io that connects law firms and attorneys ("Firms") with independent expert witnesses ("Experts"). SwornIn LLC is the data controller for personal information processed through the Platform.
Our designated privacy contact is reachable at hello@swornin.io. We do not currently maintain a separate Data Protection Officer, but all privacy inquiries are reviewed and responded to by senior personnel.
2 Scope & Applicability
This Privacy Policy applies to all personal information collected by SwornIn LLC through:
- The SwornIn website and web application at swornin.io and any subdomains;
- Email communications sent to or from SwornIn;
- Customer support interactions; and
- Any other services, products, or features we offer (collectively, the "Platform" or "Services").
This policy does not apply to third-party websites or services that may be linked to or accessible through our Platform. Those third parties have their own privacy practices and we encourage you to review them independently.
By creating an account, using the Platform, or submitting information through any SwornIn interface, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, you should not use our Services.
3 Information We Collect
We collect information in three primary ways: information you give us directly, information generated automatically by your use of the Platform, and information received from third-party services you authorize.
3.1 Account & Registration Information
When you register for a SwornIn account, we collect:
- Identity data: Full name, professional title, and the user type you select (Expert Witness or Law Firm).
- Contact data: Primary email address, phone number (optional), and business mailing address.
- Credentials: Password (stored as a salted hash — we never store plaintext passwords) and any linked OAuth provider tokens (e.g., Google Sign-In).
- Organization data: For Firm accounts — firm name, bar association membership, state(s) of licensure, and billing contact details. For Expert accounts — professional designation, academic degrees, and primary area(s) of expertise.
3.2 Expert Witness Profile Data
Experts who complete a SwornIn profile voluntarily provide additional professional information that is displayed to Firm users and/or used in our matching algorithm:
- Curriculum vitae (CV) and resume documents;
- Academic credentials: degrees, institutions, graduation years;
- Professional certifications, licenses, board certifications, and memberships;
- List of past cases in which the Expert has testified or consulted (without privileged case details);
- Deposition and trial testimony history;
- Publications, peer-reviewed articles, books, and conference presentations;
- Specialty areas and sub-specialties tagged from our taxonomy;
- Geographic availability and travel preferences;
- Compensation/fee rate information (optional, visible only to authenticated Firm users); and
- A professional photograph (optional).
Important: Expert profile information is a core feature of the marketplace. By submitting profile data, you represent that all information is accurate, current, and does not disclose any information that is subject to a court order, NDA, or professional privilege obligation.
3.3 Case Inquiry Data
When a Firm submits a case inquiry or initiates contact with an Expert through the Platform, we collect and store:
- Case type, jurisdiction, and practice area;
- A matter description provided by the Firm (which may contain general case information);
- Dates and timestamps of inquiry submission and Expert response;
- Messages exchanged between Firm and Expert through the SwornIn in-platform messaging system; and
- Inquiry status and outcome data (e.g., whether an engagement proceeded).
Attorney-Client Privilege Notice: SwornIn is a technology platform — not a law firm. Communications transmitted through our messaging system do not carry any attorney-client privilege, work product protection, or other legal privilege. Do not transmit privileged communications, confidential client information, or protected case strategy through the SwornIn messaging system.
3.4 Payment & Billing Information
SwornIn processes all payment transactions through Stripe, Inc., a third-party payment processor. We do not directly collect, store, or transmit credit card numbers, bank account numbers, or other payment instrument details. When you enter payment information:
- Payment data is transmitted directly to Stripe over encrypted connections;
- Stripe tokenizes your payment method and returns a secure token to SwornIn;
- We store only that token, your subscription tier, billing cycle dates, and payment history (amounts and dates of charges); and
- Stripe's handling of payment data is governed by Stripe's Privacy Policy.
We retain billing records (invoices, receipts, charge history) for a period of seven (7) years to comply with applicable tax and accounting obligations.
3.5 Usage & Analytics Data
We automatically collect certain information when you access or use the Platform:
- Log data: IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and timestamps of access.
- Device data: Device type (desktop, mobile, tablet), screen resolution, and time zone.
- Behavioral data: Features used, search queries submitted within the Platform, filters applied, profiles viewed, inquiries initiated, and other in-app interactions.
- Performance data: Page load times, errors encountered, and API response data used for debugging and service improvement.
This data is collected in part through Google Analytics 4 (GA4), subject to Google's data processing terms. GA4 data is used in aggregate and pseudonymized form. You may opt out of GA4 measurement via the Google Analytics Opt-Out Browser Add-on.
3.6 Communications Data
We retain records of:
- Emails you send to hello@swornin.io or other SwornIn addresses;
- Support tickets and chat transcripts;
- Feedback, reviews, or survey responses you submit; and
- Notifications sent to you by SwornIn (e.g., inquiry alerts, subscription reminders, platform announcements).
4 How We Use Your Information
We use collected information only for legitimate business purposes necessary to operate the Platform and provide our Services. Specifically:
4.1 To Operate the Marketplace
- Create, authenticate, and maintain your account;
- Display Expert profiles to Firm users in search results and direct browsing;
- Power our matching algorithm that surfaces relevant Experts based on case type, jurisdiction, specialty, and availability;
- Facilitate communications between Firms and Experts through our in-platform messaging system;
- Track Case Inquiry Credits and enforce plan limits; and
- Administer the Case Match Fee and related billing events.
4.2 To Process Payments and Manage Subscriptions
- Process subscription fees, Case Match Fees, and any other charges through Stripe;
- Issue invoices and receipts;
- Manage plan upgrades, downgrades, and cancellations; and
- Detect and prevent fraudulent transactions.
4.3 To Send Notifications and Service Communications
- Deliver transactional emails (e.g., account confirmation, password reset, inquiry notifications, billing receipts);
- Alert Experts to new case inquiries matching their profile;
- Inform Firms when Experts respond to their inquiries;
- Send subscription status notifications (renewal, expiration, payment failure); and
- Deliver product updates, new feature announcements, and legal/compliance notices.
You may opt out of non-transactional marketing communications at any time by using the unsubscribe link in any marketing email or by contacting us at hello@swornin.io. You cannot opt out of transactional communications that are necessary for operation of your account.
4.4 To Improve and Develop the Platform
- Analyze aggregate usage patterns to identify areas for improvement;
- Conduct A/B testing and feature experiments (using anonymized or pseudonymized data);
- Debug technical errors and resolve support issues;
- Train and improve our search, matching, and recommendation algorithms using aggregated, de-identified data derived from user profiles, inquiry patterns, engagement outcomes, and behavioral data; and
- Create Aggregated Data (as defined in Section 5.5) that SwornIn may use, share, and exploit commercially without restriction, including as a transferable business asset.
4.5 To Ensure Compliance and Safety
- Verify the professional credentials of Expert users (where SwornIn performs verification steps);
- Investigate reports of policy violations, fraudulent profiles, or other misuse;
- Enforce our Terms of Service and other agreements;
- Comply with legal obligations, court orders, and governmental requests; and
- Protect the rights, property, or safety of SwornIn, our users, and the public.
5 How We Share Your Information
SwornIn does not sell personal information to third parties. We do not monetize your data through advertising networks or data brokers. We share data only in the following circumstances:
5.1 With Other Platform Users (By Design)
The core function of the SwornIn marketplace requires sharing certain data between users:
- Expert profile data (name, credentials, specialty, availability, testimony history, photo, and fee information) is visible to authenticated Firm users browsing the Expert directory or reviewing search results.
- Firm identity (firm name and the name of the attorney submitting an inquiry) is disclosed to the Expert when a case inquiry is submitted.
- In-platform messages are visible to both the sending and receiving parties.
You control the information on your profile. Experts may edit, restrict, or remove profile fields at any time through their account settings, subject to the requirements of our Terms of Service.
5.2 With Service Providers (Processors)
We engage vetted third-party service providers to operate the Platform. These providers act as data processors under our instruction and are contractually prohibited from using your data for their own purposes:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription management, invoicing | Name, email, billing address, payment token |
| Supabase, Inc. | Database hosting, authentication, file storage | All user account and profile data stored on the Platform |
| Google LLC (GA4) | Analytics — aggregate usage measurement | Pseudonymized usage events, IP address (truncated) |
| Email delivery provider | Transactional and notification emails | Email address, name, notification content |
We maintain data processing agreements with each of these providers. We will update this table if we add or replace significant data processors.
5.3 For Legal Compliance and Protection
We may disclose personal information if we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or enforceable governmental request;
- Enforce our Terms of Service or other applicable agreements;
- Detect, prevent, or address fraud, security incidents, or technical issues; or
- Protect the rights, property, or safety of SwornIn, our users, or the public as required or permitted by law.
5.4 In Connection with a Business Transfer
If SwornIn LLC is involved in a merger, acquisition, reorganization, asset sale, corporate conversion, or similar transaction — including a sale of all or substantially all of our business or assets — all user information held by SwornIn (including account data, Expert profiles, case inquiry records, and Aggregated Data) may be transferred to the acquiring or successor entity as a business asset, without your prior consent. This includes transfers in connection with SwornIn's conversion from a limited liability company to a corporation or any other entity restructuring.
In such an event, we will provide notice to registered users via email and/or a prominent notice on the Platform within a reasonable time following the transaction. The successor entity will be bound to honor this Privacy Policy with respect to your personal information, or will provide you with notice of any material changes and an opportunity to delete your account before those changes take effect. You acknowledge and agree, by using the Platform, that SwornIn's user data — including your profile, account data, and inquiry history — constitutes a core business asset that may be transferred in connection with any such transaction.
5.5 Aggregated and Anonymized Data
SwornIn creates aggregate, de-identified statistical data derived from user activity and profile information on the Platform ("Aggregated Data"). Aggregated Data does not identify any individual user and is not personal information under applicable privacy law. We may share, license, publish, or transfer Aggregated Data to third parties — including in connection with a business transfer described in Section 5.4 — for any purpose without restriction, including industry benchmarking, product development, and business analytics. Your use of the Platform constitutes your acknowledgment of SwornIn's right to create and use Aggregated Data derived in part from your usage and profile data.
5.5 With Your Consent
We may share your information with third parties not described above if we have your express consent to do so.
6 Cookies & Tracking Technologies
6.1 What Are Cookies
Cookies are small text files placed on your device by websites you visit. We also use related technologies such as localStorage, sessionStorage, and pixel tags. We refer to all of these collectively as "cookies" in this section.
6.2 Cookies We Use
| Category | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly Necessary | Session management, authentication state (e.g., keeping you logged in via Supabase auth tokens), CSRF protection, and security cookies. Without these, the Platform cannot function. | No — required for service operation |
| Functional / Preference | Remembering your UI preferences (e.g., filter settings, display mode), and session continuity across page loads. | Partially — disabling may degrade experience |
| Analytics | Google Analytics 4 cookies (_ga, _gid, _ga_*) that measure aggregate page traffic, feature usage, and user flow through the Platform. Data is pseudonymized. | Yes — via GA Opt-Out Add-on or browser settings |
| Payment (Stripe) | Stripe uses cookies and device fingerprinting for fraud detection and to maintain checkout state. | No — required for payment processing |
6.3 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block, delete, or receive alerts about cookies. Note that blocking strictly necessary cookies will prevent you from logging in and using authenticated features of the Platform. Browser-level cookie controls vary — consult your browser's documentation for instructions.
For Google Analytics specifically, you may install the Google Analytics Opt-Out Browser Add-on to prevent GA4 from collecting data about your visits.
6.4 Do Not Track
Our Platform does not currently respond to "Do Not Track" (DNT) browser signals, because there is no universally accepted standard for how DNT signals should be interpreted. We will reassess this position if a consensus standard emerges.
7 Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Our general retention practices are:
| Data Category | Retention Period | Basis |
|---|---|---|
| Active account data (profile, credentials) | Duration of account + 30 days post-deletion request | Service necessity |
| Case inquiry records and messages | 3 years from last activity | Dispute resolution, legal compliance |
| Billing records and invoices | 7 years | Tax and accounting obligations |
| Payment tokens (Stripe) | Retained by Stripe per their policy; token removed from SwornIn on account deletion | Service necessity / Stripe policy |
| Server access logs | 90 days | Security, debugging |
| Analytics data (GA4) | Up to 14 months (GA4 default, pseudonymized) | Product improvement |
| Support communications | 3 years from resolution | Quality assurance, dispute resolution |
After the applicable retention period, data is either securely deleted or anonymized such that it can no longer be associated with an individual. We may retain certain information for longer periods where required by applicable law, regulation, or to defend legal claims.
8 Data Security
SwornIn implements technical and organizational security measures appropriate to the sensitivity of the personal information we process and the risks involved in our processing activities. Our security measures include:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). We enforce HTTP Strict Transport Security (HSTS).
- Encryption at rest: Database data is encrypted at rest by Supabase using AES-256 encryption on managed infrastructure.
- Authentication: Passwords are hashed using industry-standard bcrypt algorithms. We support and encourage multi-factor authentication (MFA) for all user accounts.
- Access controls: Platform data is accessible only to authenticated users in accordance with their account type (Expert or Firm). Internal access to production data by SwornIn personnel is restricted on a need-to-know basis and logged.
- Payment security: We use Stripe, a PCI-DSS Level 1 compliant payment processor, and do not store payment card data on our own infrastructure.
- Infrastructure security: Our database and application infrastructure is hosted on Supabase, which operates on cloud infrastructure with enterprise-grade physical security, network security, and availability controls.
- Incident response: We maintain an internal incident response process. In the event of a data breach affecting your personal information, we will notify affected users and applicable regulators as required by law.
Limitation: No data transmission over the internet or storage system can be guaranteed to be 100% secure. While we take substantial precautions, we cannot warrant the absolute security of information you transmit to us. You transmit information at your own risk, and we encourage you to use strong, unique passwords and to enable MFA on your account.
9 Your Privacy Rights (General)
Regardless of your jurisdiction, SwornIn provides the following rights to all users with respect to their personal information:
- Right to Access: You may request a copy of the personal information we hold about you. We will provide this in a common machine-readable format (e.g., JSON or CSV) within thirty (30) days of a verified request.
- Right to Correction: You may correct inaccurate or incomplete personal information at any time by logging into your account and updating your profile, or by contacting us at hello@swornin.io.
- Right to Deletion ("Right to Be Forgotten"): You may request deletion of your account and associated personal information. We will process deletion requests within thirty (30) days. Note that certain information may be retained as described in Section 7 (Data Retention) for legal and compliance purposes.
- Right to Portability: Upon request, we will provide your profile and account data in a structured, commonly used, machine-readable format.
- Right to Withdraw Consent: Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
- Right to Object: You may object to certain types of processing, including direct marketing, at any time.
To exercise any of these rights, contact us at hello@swornin.io with "Privacy Request" in the subject line. We will verify your identity before processing your request. We do not charge fees for reasonable access requests. If your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or decline the request.
10 GDPR — Users in the European Economic Area
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, additional rights and protections apply under the General Data Protection Regulation (GDPR) and applicable national implementations.
10.1 Legal Bases for Processing
We process personal data only where we have a lawful basis to do so. Our principal legal bases are:
- Contract performance (Art. 6(1)(b) GDPR): Processing necessary to perform our contract with you — operating your account, providing the marketplace service, and processing payments.
- Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, including fraud prevention, security, service improvement, and analytics, where such interests are not overridden by your fundamental rights.
- Compliance with legal obligations (Art. 6(1)(c) GDPR): Processing required by applicable law, such as retaining billing records for tax purposes.
- Consent (Art. 6(1)(a) GDPR): Marketing communications and non-essential analytics cookies, where you have provided specific, informed, and freely given consent.
10.2 International Transfers
SwornIn operates primarily from the United States. If you are located in the EEA or UK, your personal data will be transferred to and processed in the United States. We rely on the following transfer mechanisms to ensure adequate protection:
- Standard Contractual Clauses (SCCs) approved by the European Commission in our agreements with data processors; and
- The EU-U.S. Data Privacy Framework (where applicable to our processors).
10.3 EEA/UK Rights
In addition to the rights described in Section 9, EEA and UK users have the right to:
- Restriction of processing: Request that we restrict processing of your data in certain circumstances (e.g., while accuracy is contested);
- Object to automated decision-making: Not be subject to solely automated decisions that produce significant effects; and
- Lodge a complaint: File a complaint with your national supervisory authority. In the UK, this is the Information Commissioner's Office (ICO); in Ireland, the Data Protection Commission (DPC).
Contact our privacy team at hello@swornin.io to exercise any of these rights.
11 CCPA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.
11.1 Categories of Personal Information Collected
In the preceding twelve months, SwornIn has collected the following categories of personal information as defined by the CCPA: identifiers (name, email, IP address); professional or employment-related information (credentials, work history); commercial information (subscription records, payment history); internet or other electronic network activity (usage logs, analytics); and inferences drawn from this information to create a profile about preferences and professional relevance.
11.2 We Do Not Sell or Share Personal Information
SwornIn does not "sell" personal information as defined by the CCPA. We do not share personal information with third parties for cross-context behavioral advertising.
11.3 California Consumer Rights
California residents have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collection, and the categories of third parties with whom we share information.
- Delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Correct: Request correction of inaccurate personal information.
- Opt Out: Because we do not sell personal information, no opt-out mechanism is required, but you may contact us to confirm our practices.
- Non-Discrimination: We will not discriminate against you for exercising any CCPA rights — you will not receive different prices, degraded service, or any other adverse treatment.
To submit a CCPA request, email hello@swornin.io with "CCPA Request" in the subject line. We will verify your identity before processing the request. You may designate an authorized agent to make a request on your behalf, subject to verification of the agent's authorization.
12 Children's Privacy
The SwornIn Platform is intended exclusively for professional use by adults aged 18 years and older. Our Services are specifically designed for licensed attorneys, law firms, and professional expert witnesses — all of whom must be adults and licensed professionals.
We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected personal information from a minor, we will delete that information promptly. If you believe that a minor has provided personal information through our Platform, please contact us immediately at hello@swornin.io.
13 Third-Party Links & Integrations
Our Platform may contain links to third-party websites, resources, or services (such as Stripe's payment portal, LinkedIn profile links on Expert profiles, or external publication links). These third-party sites are not operated by SwornIn and are not covered by this Privacy Policy.
We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every website you visit or service you use.
14 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, service features, applicable law, or regulatory requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy;
- Post a prominent notice on the Platform; and
- Send an email notification to all registered users at the email address associated with their account.
Your continued use of the Platform after the effective date of a revised policy constitutes your acceptance of the updated terms. If you do not agree with any changes, you should stop using the Platform and may request deletion of your account.
We encourage you to periodically review this page to stay informed about our privacy practices.
15 Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
SwornIn LLC — Privacy
Email: hello@swornin.io
Website: swornin.io
Please use "Privacy Request" or "CCPA Request" or "GDPR Request" in your subject line so we can route your inquiry appropriately. We aim to respond to all privacy inquiries within five (5) business days and to resolve all requests within thirty (30) days.