At Swell, we focus on our platform’s security, availability, and performance. View our DPA.
All customer data is encrypted in transit over the network via TLS and at rest in our databases. Any credit card transactions are processed on networks that adhere to a PCI DSS standard. Personally Identifiable Information (PII) and sensitive data are not captured in logs. Data is backed up regularly and to different geographic regions within our cloud providers to ensure resilience from a regional outage. You can see the health of our systems via the Swell status page.
Swell undergoes periodic third-party audits to inspect our security measures. We conduct annual penetration tests, quarterly security audits, and vet all vendors before onboarding.
SSO and MFA are enforced across all internal tools and services. Additional access controls are applied across our infrastructure and services.