At Swrve, our reach is universal—we touch billions of devices in multiple channels, impacting consumers worldwide. That requires the highest levels of security and reliability. Here's how we do it.
At Swrve we work with some of the world’s largest organizations - organizations that handle data relating to millions of consumers. We understand that trust is important, and we place the highest possible emphasis on both data security and ensuring the best possible service levels.
For full details on our approach, you can read our Information Security Policy here. The information on this page presents information commonly requested by potential customers and partners relating to our approach to security, scalability and uptime.
Swrve’s sophisticated architecture, robust processes, and operations team mean we are able to deliver uptime levels unrivalled in the industry: Over 99.99% in calendar year 2019, and consistently 99.9%+. We believe we are the only customer interaction engine publicly reporting this number. Swrve uses multiple availability zones (AZ) within AWS for redundancy to guard against single AZ failure - this is not standard in the industry.
Similarly, our platform is built to support the collection and processing of billions of events a day, in some cases from a single app. We are able to scale rapidly to meet any challenge without loss of performance.
Please visit https://uptime.swrve.com for full details on our uptime stats and https://status.swrve.com/ for our service status information.
Our core objective is to provide a an always-on service. But if something goes wrong, we’re proactive about fixing it immediately and prioritize sharing information with our customers. That information is publicly available on our status page here. Just don’t expect to find anything other than “Operational” when you click that link!
We restrict access to your data to the greatest extent possible whilst still doing our job. At all times, Swrve endeavours to implement a “minimum necessary access” approach, where all employees and contractors have access only to those systems and data required for them to do their jobs. We secure all equipment used to access and transport data.
All new employees undergo training and are made aware of their obligations when it comes to customer and end user data. All employees are required to comply with the terms of the Swrve Security Policy as a condition of employment or hire.
All Swrve offices are secured and may only be accessed via security keycard. Swrve offices are located exclusively within buildings with security personnel during office hours, and secured for “authorized staff only access” out of hours. Visitor access to the buildings and to Swrve offices requires registration at a security desk, and all non Employee/Contractors access is logged.
Swrve exclusively uses 3rd party Cloud service providers for all of its services and operates no servers within its premises. Swrve only uses providers with world-leading security credentials, including Amazon Web Services - see below for more detail.
All end user data is stored securely on AWS servers and can only be accessed by Swrve employees or contractors who require access to that data in order to provide service to the customer. All access to end user data is controlled via access permissions and is protected by two-factor authentication and passwords.
At no time will end user data be shared with any 3rd party without the specific consent of the customer.
In some cases Swrve customers will wish to send us end user data which is categorized as ‘personal data’ for processing and storage. By default, Swrve does not collect this data, however when requested we take additional precautions in relation to the receipt and storage of this data. We employ Secure Socket Layer transmission, by default, from the devices and servers to the Swrve Service. Customer can further encrypt or protect end user personal data as required.
It is not permitted at any time to download end user personal data to any Swrve employee or contractor laptop or other storage device.
Any transfer of personal data from EU end user devices to Swrve’s US office and to AWS servers in the US is safe harbor compliant.
Customers can also choose to store and process all end user personal data within the EU, within the Swrve EU data center, located in Dublin, Ireland (AWS EU-West region). In this way all end user personal data resides entirely within the EU jurisdiction, and only EU based Swrve employees will have access to this data.
AWS provides extensive security features and compliance with security certification as well as data regulation in multiple jurisdictions. Swrve uses a Virtual Private Cloud within AWS ensuring Swrve server instances and internal traffic are separated from all other AWS customers.
Their full compliance documentation can be viewed here.
The Swrve SDK is distributed in source code form to Swrve customers for inclusion in their apps. Production versions of the SDK include integrity checks such as checksums that can be used to verify its integrity. A clear auditable revision history is maintained to ensure that no unauthorized changes have been made.
Swrve additionally employs fingerprint checks of all content downloaded to the end user device to determine that it has not been tampered with or become corrupt in transit.