Security Policies

Last updated:

At SwiftClaims, we prioritize the security and privacy of your data. Our comprehensive security program is designed to protect your information at every level.

This security policy outlines the measures we take to safeguard your information and ensure the integrity of our platform. We employ industry-leading security practices and continuously update our systems to address emerging threats.

Our security-first approach means that data protection is built into the foundation of our platform, not added as an afterthought. We are committed to maintaining the highest standards of security for our users.

Data Protection

We implement multiple layers of data protection:

All customer data is classified and handled according to sensitivity levels

Data retention policies ensure we only keep your information as long as necessary

Regular data backups with end-to-end encryption

Encryption Standards

We employ strong encryption throughout our platform:

TLS 1.3 for all data in transit

AES-256 encryption for all data at rest

Secure key management with regular rotation

Field-level encryption for sensitive personal and financial information

Our encryption practices follow industry best standards and are regularly updated to address new security challenges.

Authentication & Access

We implement strict access controls and authentication measures:

Multi-factor authentication (MFA) for all user accounts

Role-based access control (RBAC) with principle of least privilege

Strong password policies with regular rotation requirements

Session timeout and IP-based access restrictions

Comprehensive audit logging of all access and activities

Security Monitoring

Our continuous monitoring systems include:

24/7 automated monitoring and alerting for suspicious activities

Advanced intrusion detection and prevention systems

Regular security log reviews and analysis

DDoS protection and mitigation

Incident Response

Our incident response plan includes:

Documented incident response procedures with clear roles and responsibilities

Regular incident response drills and tabletop exercises

Commitment to timely notification of affected parties in case of a breach

Post-incident analysis and continuous improvement processes

Compliance & Certifications

We maintain compliance with relevant industry standards:

ISO 27001 certification for information security management

SOC 2 Type II attestation for security, availability, and confidentiality

GDPR and Data Privacy Act of 2012 (Philippines) compliance

Regular third-party penetration testing and security assessments

We undergo regular security audits and maintain certifications that demonstrate our commitment to following industry best practices and regulatory requirements.

Vendor Security

We extend our security requirements to our vendors:

Comprehensive vendor security assessment program

Contractual security requirements for all third-party providers

Regular review of vendor security practices and compliance

Restrictions on vendor access to customer data

Physical Security

Our physical security measures include:

Data centers with 24/7 security, biometric access controls, and video surveillance

Redundant power supplies, HVAC, and fire suppression systems

Secure office facilities with access restrictions for sensitive areas

User Responsibilities

To maintain the security of your account, we recommend:

Enable multi-factor authentication for your account

Use strong, unique passwords and consider a password manager

Keep your devices secure with up-to-date antivirus protection

Log out of your account when using shared devices

Be vigilant against phishing attempts and suspicious communications

Report any suspected security incidents immediately

Contact Us

If you have any questions about our security practices or want to report a security concern, please contact our security team at [email protected].

Still have questions?

Our team is here to help you understand our security practices. Reach out anytime.