Security & Privacy Center

We take the security of your data seriously. Learn how Swiftdesign CRM protects you and your clients.

GDPR & Data Processing (DPA)

Swiftdesign CRM is fully committed to compliance with European data protection laws, including the General Data Protection Regulation (GDPR).

For the purposes of GDPR, you (our customer) act as the Data Controller, and Swiftdesign LLC acts as the Data Processor. This means you own and control all personal data (such as client information or leads) that you upload or store in the CRM. We process this data strictly to provide the Service to you, following your instructions.

By agreeing to our Terms of Use, you automatically enter into our Data Processing Agreement (DPA), ensuring legal protection and compliance for your business operations worldwide.

Data Encryption

All customer data is encrypted using industry-standard protocols.

  • In Transit: Data is encrypted during transfer across all networks using Transport Layer Security (TLS 1.2+).
  • At Rest: Data stored in our databases and document storage is heavily encrypted using Advanced Encryption Standard (AES-256).

Infrastructure & Certifications

Swiftdesign CRM leverages world-class infrastructure providers to guarantee reliability and strict security standards.

Our application architecture runs on Vercel and our databases are powered by Supabase (AWS). Both of these cloud infrastructure providers are proudly ISO 27001 and SOC 2 Type II certified, ensuring continuous enterprise-grade security and auditing for your data.

Authentication & Security

We utilize secure password authentication backed by Supabase's identity platform. Passwords are cryptographically hashed and never stored in plain text. Additionally, all users on the platform have full access to configure Two-Factor Authentication (2FA), adding an extra layer of defense to their workspace access.

Tenant Isolation

Our database implements strict Row Level Security (RLS) policies. Every query is evaluated at the database core to ensure data from one workspace can never leak or be accessed by another workspace. Client portal and document sharing links are sandboxed and generated via cryptographically secure UUIDs.

Sub-Processors

To provide our service, we use a carefully selected list of third-party sub-processors. We have established DPAs with all of them to ensure your data remains protected under GDPR standards:

  • Vercel Inc. (USA/EU) - Hosting and edge network infrastructure.
  • Supabase (USA/EU) - Database and identity infrastructure.
  • Cloudflare (USA/EU) - R2 file storage infrastructure and Turnstile security.
  • Stripe (USA/EU) - Secure payment processing.
  • Resend (USA/EU) - Transactional email delivery.

Data Deletion & Incident Management

  • Right to Erasure: If you close your account or request data deletion, all your associated workspace data, files, and client profiles are permanently purged from our active databases.
  • Incident Response: In the highly unlikely event of a data breach, we adhere to GDPR article 33 and will notify affected Data Controllers (our customers) without undue delay, and no later than 72 hours after becoming aware of it.