Last updated: June 7, 2026
SWC CRM ("we", "us") is an ISO certification management platform operated by SWC Group. This policy explains how we handle personal data when you use our website and platform at crm.avantcert.com.
We collect information you provide directly — your name, email address, company details, and the business data you enter into the platform, such as leads, projects, audits, and invoices.
We also collect limited usage data, such as login times, feature usage, and pages visited, to operate and improve the service.
We use your information to provide and improve the certification management service, process transactions, send service-related communications, and keep the platform secure.
We do not sell your personal data, and we do not share it with third parties for their own marketing.
We use trusted providers to run the platform: Supabase for database and authentication, Resend for transactional email, Google Calendar (only if you connect it) for scheduling, PostHog for privacy-conscious product analytics, and Stripe, PayPal, and Cashfree for payments.
Each provider processes data only as needed to deliver its function, under its own security and privacy commitments.
Data is stored in Supabase (PostgreSQL) with Row Level Security policies that isolate data between organizations and roles. All connections are encrypted in transit using TLS, and sensitive credentials such as calendar tokens are encrypted at rest.
We apply role-based access controls, maintain audit logs of key activity, rate-limit sensitive endpoints, and monitor the platform continuously. See our Trust Center for more detail.
Card payments are processed by PCI-DSS-compliant providers (Stripe, PayPal, and Cashfree). We do not store full card numbers on our systems.
You have the right to access, correct, export, and delete your personal data. You can export your data from the platform or contact us, and we will respond within 30 days.
Depending on your location, you may have additional rights under laws such as the GDPR or India's Digital Personal Data Protection Act.
We retain your data while your account is active. After account deletion, personal data is anonymized or deleted within 30 days, except where we must retain business records to meet legal obligations.
We serve customers across India, the GCC, and the UK. Where data is transferred across borders, we use providers and safeguards designed to protect it to a comparable standard.
We use essential cookies for authentication and session management, and privacy-conscious analytics to understand product usage. We do not use advertising cookies. See our Cookie Policy for details.
For any privacy question or request, email hello@avantcert.com and we will be glad to help.