Security and Trust at SwiftComply

At SwiftComply, we place the highest importance on data security. We are proud to have earned SOC 2 Type II certification and have undergone rigorous security processes to ensure the utmost protection of your data. When moving to SwiftComply we offer personalized support to ensure a seamless experience. And if you ever have any questions about our security, we’re always here to chat and put your mind at ease

Book a call to learn more

Security controls

Our products are designed with multiple layers of technical and operational controls to ensure your data is always protected. We have implemented a comprehensive information security management system that includes policies and procedures related to network security, data security, access control, incident response, backups, change management, risk management, vulnerability and patch management, and vendor risk management. You can trust SwiftComply to keep your data safe and secure.

The logo for aicpa soc.

We’re SOC 2 Type 2 Security Compliance Certified

Since October 2021, we have held SOC 2 Type 2 certification for our third generation of software, one of the highest accolades for SaaS companies in cybersecurity. This certification assures you that our strict security and data privacy controls are in place to protect your data and earn your trust.

Security Overview

Risk Management

We use ISO 31000 to identify assets, assess threats and vulnerabilities, and implement controls to safeguard your data. Our proactive risk management approach ensures the security of our platform.

Information Security

We prioritize data security with comprehensive policies for storage, transmission, usage, and monitoring. We enhance our platform security by adopting Google Cloud Platform's policies.

Operational Security

We limit access to the production network and superuser functions. We use GCP for logging, monitoring, and intrusion detection. Critical data is backed up daily and stored for 7 days using PostgreSQL. All changes undergo automated testing before deployment.

Access Control

We prioritize data protection with strict access control policies. Network access is limited to personnel who maintain stability. We follow NIST SP 800-53 guidelines for effective security management.

Incident Management

Our incident response processes detect, triage, respond, and recover from incidents to safeguard data and maintain platform security. We continuously improve our capabilities to respond effectively in the future.

Business Continuity

Our Business Continuity Plan prepares and protects you from disasters. It includes emergency response policies for safeguarding personnel and assets. Our leadership team reviews the BCP annually to address any weaknesses.

Access our security documents

Get in touch to request SwiftComply's detailed security documents.

Request security docs

Our Security Commitment to You

Comprehensive Protection

We prioritize the security of your data with comprehensive policies for storage, transmission, and usage

Proactive Risk Management

We take a proactive approach to risk management to safeguard your data and ensure platform security

Robust Incident Response

We have established incident response processes to effectively detect, analyze, respond to, and recover from incidents.

Frequently Asked Questions

Who owns my data?

You retain complete ownership rights over your data. Rest assured, we will only utilize your data to provide the services outlined in your service agreement.

Where will my data be stored?

We store and process all data on the secure Google Cloud Platform (GCP). GCP ensures reliable and robust infrastructure, offering a trustworthy environment for your data.

What is SwiftComply's data retention policy?

Our daily database backups are retained for a period of seven days. The management of these backups is handled by the Google Cloud Platform.

Who has the ability to delete customer data?

We provide a self-serve platform that grants your application admin complete control over deleting or archiving customer data. Additionally, our support team is available to assist with any specific requests you may have.

Does SwiftComply utilize encryption?

Yes. During transit, your data is encrypted using HTTP over TLS, which ensures a secure connection. When at rest, your data is protected by GCP encryption keys. GCP services tightly control the physical security of our infrastructure.

Do you conduct vulnerability audits & penetration tests?

Absolutely! Our team conducts regular security tests, including vulnerability audits and penetration tests. We leverage third-party tools like OWASP ZAP to perform comprehensive security assessments. These tests are carried out weekly to ensure the ongoing strength of our security measures.

Does SwiftComply maintain an incident response program?

Yes, we have a well-defined incident response program in place. This program establishes clear processes for effectively managing information security incidents and events. Rest assured; our team is prepared to handle any security incidents promptly and efficiently.