Security is at the forefront of our innovation

We've always held ourselves to the highest industry standards, especially when it comes to security. The Swapcard team worked hard to achieve SOC 2 Type 2 attestation in 2022 and ISO 27001 certification in 2023. You can request a copy of the audit report by writing to security@swapcard[.]com.

You can verify the validity of our ISO certificate by entering our certificate number 246369 via this link: https://www.british-assessment.co.uk/verify-certification/

*Swapcard complies with GDPR as a EU-based company

Learn more about security at Swapcard

Security Policies

At Swapcard we strive to define and follow rules according to security best practices. As a result, we have policies covering the following topics:

General Information Security Policy

User Access Charter/Acceptable Use Policy

Password Policy

Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP)

Data Backup and Recovery Policy

Security Incident Management Policy (and processes)

Cryptography Policy

Secure Development Life Cycle (SDLC) Policy

Logical Access Control Policy

Change Management Process

Risk Management Process

Security Controls

We run multiple technical security controls across our platform, including:

Annual penetration test covering our web platform and our mobile applications (iOS and Android). See our latest certificate here

Quarterly vulnerability scans - external and internal

Bug Bounty Program (private program on yesWeHack)

Code security analysis tool (Static Application Security Testing)

Network Security

At Swapcard, we take network security seriously. This is why we have state-of the-art multilayer protections:

Firewalls

Web Application Firewall (WAF)

Anti-DDOS (AWS Shield Advanced)

Intrusion Detection System (IDS)

Swapcard back-office accessible only through VPN with MFA by need-to-know staff

Data Protection

The security of your data is our highest priority. We only use tried and tested official public cryptographic algorithms to protect your data:

Encryption at rest - AES-256

Encryption in transit - TLS v1.2

We also implement strict access control of data through the use of nominative accounts and MFA security.

Operational Security

We run regular patch management operations on all our servers and laptops

Swapcard platform logs are sent to a central SIEM and analyzed by a 24/7/365 SOC team for correlation and alerting

BCP/DRP/Resilience/High availability/High capacity

Our architecture is built from the ground up to be highly available by utilizing multiple Availability Zones in AWS. We use load-balancers and autoscaling to automatically manage load changes on the platform

We optimize delivery performance around the world with Fastly and Cloudfront as CDN

We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)

We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events

Physical Security

All our data and servers are in AWS data centers, and their security is described here: https://aws.amazon.com/compliance/data-center/controls/

We optimize delivery performance around the world with Fastly and Cloudfront as CDN

We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)

We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events

Compliance

GDPR

We have declared our DPO to the French CNIL.
You can find our Privacy Policy here: https://www.swapcard.com/privacy-policy

You can find our standard DPA with our list of sub-processors here.

All Swapcard platform data is hosted in:

AWS Ireland datacenter (main data hosting and data processing)

Mailgun also in EU (for emails only)

SOC 2

We have renewed our SOC 2 Type 2 attestation at the end of 2022 (valid for 2023).
You can request a copy of the latest audit report to security@swapcard[.]com.

ISO 27001

We are ISO 27001 certified from July 2023. You can verify the validity of our ISO certificate by entering our certificate number 246369 via this link: https://www.british-assessment.co.uk/verify-certification/

Still have questions? Contact us at security@swapcard[.]com

Create smarter events with Swapcard

Schedule Live Demo