Security

How Swvle protects your data and meets compliance requirements.

Data Encryption

At Rest

All data stored by Swvle is encrypted at rest using AES-256. This includes workspace content, audience data, conversation logs, and analytics records.

In Transit

All data transmitted between clients and Swvle servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints and reject unencrypted connections.

Access Control

Swvle uses role-based access control (RBAC) at the workspace level. Workspace owners control member permissions, data visibility, and integration access. API tokens are scoped per workspace and can be revoked at any time.

Internal Swvle staff access to customer data is restricted to authorized personnel, requires multi-factor authentication, and is logged for audit purposes.

Data Retention

Workspace data is retained for the duration of your subscription. Upon account deletion, data is purged within 30 days unless legal obligations require longer retention. Conversation logs and analytics are retained according to your plan's data window.

GDPR & Privacy Compliance

Swvle is designed with privacy by default. We process personal data only as necessary to provide the service, and we provide mechanisms for data export and deletion in compliance with GDPR, CCPA, and similar regulations.

Fan interaction data collected through embedded SuperFans is subject to your organization's own privacy policy. Swvle acts as a data processor on your behalf.

Responsible Disclosure

If you discover a security vulnerability in Swvle, please report it responsibly before public disclosure. We investigate all reports and respond within 5 business days.

security@swvle.com