Security

How we protect your data and your customers.

Encryption in transit

All traffic uses TLS. Data is never sent over unencrypted connections.

Database and backups use encryption. We rely on industry-standard cloud providers.

Organization and project isolation. Only authorized users see their org’s data.

Keys are hashed. Plain keys are shown only once at creation. Rotate keys anytime.

Public API is rate-limited. Leads are accepted only from domains you allow per project.

Key actions (e.g. lead creation, key creation) are logged for accountability.

Outgoing webhooks are signed so you can verify requests came from SwiftCRM.

If you believe you’ve found a security issue, please report it responsibly. Contact us at [email protected]. We’ll respond promptly.