Privacy Policy
Your data. Our responsibility.
1. Overview
Swifto (“we”, “us”) provides custom ecommerce-integration services. Privacy and security guide every product decision we make.
2. Information we collect
2.1 Account data
When you create an account or sign a Statement of Work we collect your name, business email, company and billing details.
2.2 Integration credentials
API keys, OAuth tokens and SFTP passwords you supply are encrypted both at rest (AES-256) and in transit (TLS 1.2+). We store the minimal scope required to operate each connector.
2.3 Usage data
We log metadata—timestamps, response codes, latency—for debugging and analytics. Swifto never stores payment-card numbers.
3. How we use information
- Operate, maintain and improve the platform
- Provide customer support and incident response
- Send operational emails (alerts, SLA reports)
- Comply with legal obligations and enforce our Terms
4. Sub-processors
Hosting is in ISO 27001-certified data-centres in Australia. Current sub-processors:
| Service | Purpose | Region |
|---|---|---|
| AWS | Primary hosting | Australia |
| Postmark | Transactional email | USA |
| Sentry | Error monitoring | EU / USA |
5. Data retention
Raw transaction data is deleted after 90 days unless you request a longer audit window. Aggregated metrics are kept for platform analytics.
6. Security controls
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- SOC 2 Type II & ISO 27001 hosting
- Role-based access, enforced MFA for Swifto staff
- Quarterly penetration testing by CREST-accredited firm
7. Your rights
You can access, correct, export or delete your personal data. Email privacy@swifto.io and we will respond within 30 days.
8. International transfers
When data moves outside your jurisdiction we rely on EU Standard Contractual Clauses or equivalent safeguards.
9. Cookies
We set only essential cookies (session, CSRF) plus one first-party analytics cookie. No third-party advertising trackers.
10. Changes
We may update this policy to reflect legal / operational changes. If updates are material we will email account owners 14 days prior.
11. Contact
Questions? Email privacy@swifto.io or post:
Swifto Pty Ltd
12-14 Tech Crescent
Sydney NSW 2000
Australia