logo
  • Product
  • Solutions
  • Developers
  • Resources
  • Pricing
  • Log in
  • Create a store
  • Product

  • Pricing
  • Try for free
  • Log In
  • Merchandising

  • Operations

  • Building

  • Integrations

  • Products

    Powerful modeling and versatile presentation of your entire catalog.

  • Subscriptions

    Sell recurring physical and virtual products alongside one-time offerings.

  • Discounts

    Get the sale with coupons, BXGY promotions, and automatic discounts.

  • Wholesale

    Sell B2B like it's DTC, along with volume pricing, customer groups, and invoicing.

  • Content

    Manage all your products content through the admin dashboard.

  • Users

    Multi-store admin accounts and role-based permission controls.

  • Customers

    Manage customer info, generate reports, and see buyer activity.

  • Orders

    Edit orders anytime and get the right information for smooth fulfillment.

  • Fulfillment

    Ship from multiple locations, track inventory, and split shipments.

  • Reporting

    Monitor your store's performance to ensure you have visibility across the business.

  • Storefronts

    Swell storefronts are fully customizable, allowing you to create just the right experience.

  • Checkouts

    Use our hosted checkout, integrate with a partner, or build a custom flow.

  • Payments

    Connect multiple gateways simultaneously, store cards, and split payments.

  • Internationalization

    Go global with region-specific languages, pricing, and payment methods.

No-code integrations

Connect with 40+ services for marketing, payments, fulfillment, automation, and more.

See all integrations →

Use Cases

  • Direct-to-consumer

    Tell your story and give customers a unique shopping experience

  • Subscriptions

    Sell personalized subscription bundles, memberships, and one-time items together

  • B2B/B2C

    Support retail and wholesale customers from one catalog and dashboard

  • Marketplaces

    Create a B2B or B2C marketplace with multi-vendor carts and split payouts

Customer Stories

  • Spinn Coffee

    A coffee revolution sparked by a connected machine and marketplace

  • Smashing magazine

    Global tax and shipping for complex product bundles

  • Infinitas Learning

    Delievering leading educational experiences in Europe

All customer stories →

Documentation

  • Quickstart

  • Backend API reference

  • Frontend API reference

  • Guides

  • Core concepts

  • Storefronts

Community

  • GitHub

  • Discussion forum

  • Changelog

  • API status

Resources

  • Help Center

    The latest industry news, updates and info.

  • Customer stories

    Learn how our customers are making big changes.

  • Become a partner

    For agencies creating innovative commerce experiences.

  • Changelog

  • API Status

  • Contact us

Swell Security and Privacy

We at Swell focus on our platform’s security, availability, and performance. View our DPA.

Information Security and compliance

Swell maintains a robust Information Security program that consists of policies, procedures, and controls to maintain the confidentiality, integrity, and availability of information and information assets.

Swell has a strong information security program made up of policies, processes, and controls to protect the privacy, availability, and integrity of data and information assets.

Policies, practices, and standards of Compliance Swell are in line with relevant security standards, such as GDPR.

Privacy

Swell respects privacy and is committed to protecting the privacy of our customers’ data and applying industry best practices to protect it. Swell does not sell or trade your personal information and fully adheres to GDPR's privacy obligations. Our full privacy policy is available here.

Protecting Data

All customer data is encrypted in transit over the network via TLS and at rest in our databases. Any credit card transactions are processed on networks that adhere to a PCI DSS standard. Personally Identifiable Information (PII) and sensitive data are not captured in logs. Data is backed up regularly to different geographic regions within our cloud providers to ensure resilience from a regional outage. You can see the health of our systems via the Swell status page.

Encryption and Logical Separation

All data is encrypted at rest and stored in the Cloud Service.. This is accomplished using industry standards for enterprise-grade encryption that are applied to the storage backend. With the proper encryption standards for data in motion, communications between the Customer's endpoints and the Cloud Service are encrypted in transit.

Data between clients is logically separated by the Cloud Service (AWS).

Infrastructure Access Management

Least Privilege

Access to the systems and infrastructure that support the Cloud Service (AWS) is restricted to individuals who require such access as part of their job responsibilities.

Only individuals who need such access as part of their job duties have access to the infrastructure and systems that enable the Cloud Service.

Unique User IDs are assigned to such individuals as part of their hiring and onboarding process.

Password Requirements

The password policy for the Cloud Service adheres to Swell password requirements and is in accordance with industry standards and best practices.

Access Reviews

Access reviews are performed on a periodic basis, Access privileges of terminated Swell personnel are disabled promptly. Access privileges of persons transferring to jobs requiring reduced privileges are adjusted accordingly.

Periodically, access credentials are reviewed, and access privileges of terminated employees are deactivated swiftly. Access rights of individuals transitioning to roles that require less access rights are adjusted accordingly.

Remote access review & networking

All-access to the Cloud Service networks and sensitive information requires authentication and other access-related security controls such as MFA and regularly rotated keys.

Vulnerability Management

The latest applicable patches and updates are applied promptly after becoming available and being tested in the Cloud Service’s pre-production environments.

Security Operations monitors or subscribes to trusted vulnerability reports and threat intelligence sources.

At least once a year, independent third parties conduct penetration testing to highlight application-related vulnerabilities. Only Swell personnel who need to know are provided access to the full findings of external penetration testing. In compliance with any non-disclosure agreements, redacted summaries are provided to customers

Secure Software Development

Based on industry standards like the OWASP, the Swell Software Development Life Cycle (SDLC) architecture ensures that secure design principles are included right into the design and development process of the Swell systems.

Risk Management

Swell maintains a risk management program based on industry guidance.

Annually, Swell conducts a risk assessment to ensure risks are appropriately defined and controls are applied accordingly.

Threats are monitored through various means, including threat intelligence services, vendor notifications, and trusted public sources.

Security Training and Personnel

For the benefit of its employees, Swell maintains a security awareness program that offers initial training, continuous awareness, and individual staff acknowledgment of the desire to abide by Swell's corporate security rules.

New hires complete initial training on security, sign a proprietary information agreement, and digitally sign the information security policy that covers key aspects of the Swell information security policy.

All Swell personnel are required to complete security training annually satisfactorily.

Notification of Security Breach

Swell will notify customers in writing within seventy-two (72) hours of a confirmed security breach.

Notifications will summarize the known details of the Security Breach and the status of Swell’s investigation.

Swell will take appropriate actions to contain, investigate, and mitigate any such Security Breach.

Availability and Disaster Recovery

Swell maintains a Disaster Recovery Plan (DRP) for the Cloud Service. The DRP is tested annually.

In addition, Swell has policies, practices, and security controls in place to guarantee that crucial company operations will continue in the case of a catastrophic disaster. For the Swell Cloud service, this involves data redundancy and resilient data centers.

Vulnerability Reporting

In accordance with reasonable disclosure, we continue to respond to submitted security issues and encourage anyone to report bugs on our platform.

To submit a bug for review, please send an email to [email protected]


Next-level commerce for everyone.

X.comGitHubLinkedIn

Subscribe to our newsletter for product updates and stories

Subscribe

Resources

Help CenterDeveloper CenterCommunityAgenciesChangelog

Use cases

SubscriptionsB2B WholesaleMarketplaceOmnichannelDirect-to-consumer

Explore

FeaturesPricingIntegrationsCustomer stories

Developers

OverviewDocumentationGuidesStorefrontsHeadlessSwell Apps

Company

About usPartners

© 2025 Swell. All rights reserved.

Privacy PolicyTerms of Service