Last updated: 16 May 2026

Privacy Policy

How Swift Health Limited handles your personal data when you join the Kin by Swift waitlist.

1. Who we are

Swift Health Limited ("Swift", "we", "us", "our") operates Kin by Swift, the diaspora health-insurance site at getswift.health/kin. Swift is a pre-launch Health Maintenance Organisation working toward National Health Insurance Authority (NHIA) accreditation in Nigeria. Final regulatory framework will be confirmed before enrolment opens.

This site collects pre-launch interest only. No health insurance policies are sold or activated through Kin until enrolment opens publicly. Any data collected on this site is used only to keep you informed about the launch and to pre-populate enrolment if you later choose to activate cover.

2. What data we collect on the waitlist

When you submit the waitlist form we capture:

  • Your contact details: full name, email address, phone number (optional).
  • Your location: country of residence and city.
  • Who you'd cover: for each family member you list: name, relationship to you, age range, and the city and state they live in.
  • Optional notes: anything you write in the "What matters most to you" box, and how you heard about Swift.
  • Technical metadata: the IP address your request came from and your browser's user-agent string, captured automatically as a basic spam-prevention measure.

We do not collect any health data on this site. No medical history, no NIN, no payment card details. Those are only relevant at the point you decide to activate cover, and you'd see a separate consent flow then.

3. How we use it

  • To email you when Kin opens for enrolment in your family's country.
  • To pre-populate the enrolment form so you don't have to re-enter family details if you choose to activate cover.
  • To understand which markets have the strongest diaspora demand, so we know where to launch first.
  • To occasionally write to you about genuine progress on Kin (provider partnerships, regulatory milestones). You can unsubscribe from any email.

We will never sell your data, and we will never share it with advertising networks. Aggregate signup counts by country may appear in pitches or investor materials, but never with identifying detail.

4. Legal basis

If you're in the UK or EU, we process your data under UK GDPR and EU GDPR. The legal basis is your consent, given when you submit the form. You can withdraw consent any time (see section 6).

If you're in Nigeria, the Nigeria Data Protection Act 2023 (NDPA) and the NDPR apply, on the same consent basis.

For all other jurisdictions we apply the strictest of the three regimes that could plausibly apply.

5. Who else sees your data

Only the following parties have any access:

  • Supabase, our database host. Data is stored in their EU region, encrypted at rest.
  • Resend, our transactional email provider. Used only to deliver your confirmation email and (later) launch notifications.
  • Vercel, our application host. Sees request metadata (IP, user-agent) but not the form contents.
  • Swift Health Limited staff, internal team members involved in launch operations, on a strict need-to-know basis.

No advertising networks. No data brokers. No other third parties.

6. Your rights

You can at any time:

  • Access a copy of everything we hold about you.
  • Correct anything wrong (e.g. a typo in a family member's name).
  • Delete your waitlist record entirely. We'll do this within 30 days and confirm by email.
  • Withdraw consent for launch emails. Just reply to any email asking to be removed.

To exercise any of these, email hello@getswift.health with the request. We aim to respond within seven days, and will always respond within thirty.

You can also lodge a complaint with the relevant regulator: the UK ICO, your EU country's data protection authority, or the Nigeria Data Protection Commission (NDPC), though we'd ask you to come to us first.

7. Data retention

Waitlist signup records are held until either: (a) Kin launches in your family's country and you activate cover, in which case your record moves into the live member system under its own retention policy; or (b) you ask us to delete it; or (c) three years from your signup date, after which we purge any signup that never converted, on the basis that the product's clearly not for you and we shouldn't be holding the data indefinitely.

8. Cookies

We use one cookie: a session cookie required for the waitlist form to submit successfully. No tracking cookies, no third- party advertising cookies, no fingerprinting.

9. Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256 via Supabase). Access to the production database is restricted to named Swift staff with two-factor authentication. We never store payment card details on this site. There's no payment flow.

10. Contact

Data protection queries: hello@getswift.health

Our registered postal address will be published here once Swift Health Limited's incorporation completes.

See also our Terms of Service.