Security and trust at SWC CRM
Certification teams trust SWC CRM with sensitive client and audit data. We protect it with encryption, database-level isolation, strict access controls, audit logging, and continuous monitoring — the same disciplined approach the standards you certify expect.
Encryption in transit & at rest
All connections to SWC CRM are encrypted with TLS, enforced by HTTP Strict Transport Security. Data is stored in managed PostgreSQL, and sensitive credentials such as calendar tokens are encrypted at rest.
Data isolation with row-level security
SWC CRM uses PostgreSQL Row Level Security so each organization's data is isolated at the database layer — not just in the application. One customer can never see another's records.
Role-based access control
Access is governed by roles and permissions, so people see only what their job requires. Enterprise plans add SSO and advanced RBAC.
Audit logging
Key activity is recorded in an audit log, giving you an accountable trail of who did what and when — useful for your own ISO audits as well as ours.
Hardened application security
Every response carries a strict security-header set — Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — and sensitive endpoints are rate-limited.
Monitoring & reliability
The platform is continuously monitored for errors and performance, with health checks and alerting so issues are caught early.
Secure payments
Card payments are processed by PCI-DSS-compliant providers (Stripe, PayPal, and Cashfree). SWC CRM never stores full card numbers.
Backups & recovery
Customer data is held on managed database infrastructure with automated backups, supporting recovery in the event of a failure.
Subprocessors
We use a small set of trusted providers to run the platform. Each processes data only for its stated purpose.
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, storage |
| Resend | Transactional email |
| Calendar sync (only if connected) | |
| PostHog (EU) | Product analytics |
| Stripe | Payments |
| PayPal | Payments |
| Cashfree | Payments |
| Sentry | Error monitoring |
For data handling details, see our Privacy Policy and Cookie Policy.
Trust & security FAQ
Is my data isolated from other customers?
Yes. SWC CRM enforces PostgreSQL Row Level Security, so each organization's data is separated at the database layer. Access is also controlled by roles within your organization.
Is SWC CRM data encrypted?
Yes. All traffic is encrypted in transit with TLS and enforced by HSTS. Data is stored in managed PostgreSQL, and sensitive credentials such as integration tokens are encrypted at rest.
Is SWC CRM SOC 2 or ISO 27001 certified?
SWC CRM runs on cloud infrastructure from providers that maintain certifications such as ISO 27001 and SOC 2, and follows SOC 2-ready practices. Enterprise customers can discuss dedicated infrastructure and compliance needs with our team.
Do you store credit card details?
No. Card payments are handled by PCI-DSS-compliant providers (Stripe, PayPal, and Cashfree). SWC CRM does not store full card numbers on its systems.
Can I export or delete my data?
Yes. You can export your data from the platform, and you can request deletion. See our Privacy Policy for how data is retained and removed.
Have a security or compliance question?
Talk to our team about data protection, dedicated infrastructure, SSO, and enterprise compliance needs.