At Swell, we focus on our platform’s security, availability, and performance. View our DPA.

Privacy

Swell respects privacy and is committed to protecting the privacy of our customers’s data and applying industry best-practices to protect it. Swell does not sell or trade your personal information. Our full privacy policy is available here.

Protecting Data

All customer data is encrypted in transit over the network via TLS and at rest in our databases. Any credit card transactions are processed on networks that adhere to a PCI DSS standard. Personally Identifiable Information (PII) and sensitive data are not captured in logs. Data is backed up regularly and to different geographic regions within our cloud providers to ensure resilience from a regional outage. You can see the health of our systems via the Swell status page.

Monitoring Practices

Swell undergoes periodic third-party audits to inspect our security measures. We conduct annual penetration tests, quarterly security audits, and vet all vendors before onboarding.

Access Management

SSO and MFA are enforced across all internal tools and services. Additional access controls are applied across our infrastructure and services.