Security Policies
Last updated:
At SwiftClaims, we prioritize the security and privacy of your data. Our comprehensive security program is designed to protect your information at every level.
This security policy outlines the measures we take to safeguard your information and ensure the integrity of our platform. We employ industry-leading security practices and continuously update our systems to address emerging threats.
Our security-first approach means that data protection is built into the foundation of our platform, not added as an afterthought. We are committed to maintaining the highest standards of security for our users.
Data Protection
We implement multiple layers of data protection:
All customer data is classified and handled according to sensitivity levels
Data retention policies ensure we only keep your information as long as necessary
Regular data backups with end-to-end encryption
Encryption Standards
We employ strong encryption throughout our platform:
TLS 1.3 for all data in transit
AES-256 encryption for all data at rest
Secure key management with regular rotation
Field-level encryption for sensitive personal and financial information
Our encryption practices follow industry best standards and are regularly updated to address new security challenges.
Authentication & Access
We implement strict access controls and authentication measures:
Multi-factor authentication (MFA) for all user accounts
Role-based access control (RBAC) with principle of least privilege
Strong password policies with regular rotation requirements
Session timeout and IP-based access restrictions
Comprehensive audit logging of all access and activities
Security Monitoring
Our continuous monitoring systems include:
24/7 automated monitoring and alerting for suspicious activities
Advanced intrusion detection and prevention systems
Regular security log reviews and analysis
DDoS protection and mitigation
Incident Response
Our incident response plan includes:
Documented incident response procedures with clear roles and responsibilities
Regular incident response drills and tabletop exercises
Commitment to timely notification of affected parties in case of a breach
Post-incident analysis and continuous improvement processes
Compliance & Certifications
We maintain compliance with relevant industry standards:
ISO 27001 certification for information security management
SOC 2 Type II attestation for security, availability, and confidentiality
GDPR and Data Privacy Act of 2012 (Philippines) compliance
Regular third-party penetration testing and security assessments
We undergo regular security audits and maintain certifications that demonstrate our commitment to following industry best practices and regulatory requirements.
Vendor Security
We extend our security requirements to our vendors:
Comprehensive vendor security assessment program
Contractual security requirements for all third-party providers
Regular review of vendor security practices and compliance
Restrictions on vendor access to customer data
Physical Security
Our physical security measures include:
Data centers with 24/7 security, biometric access controls, and video surveillance
Redundant power supplies, HVAC, and fire suppression systems
Secure office facilities with access restrictions for sensitive areas
User Responsibilities
To maintain the security of your account, we recommend:
Enable multi-factor authentication for your account
Use strong, unique passwords and consider a password manager
Keep your devices secure with up-to-date antivirus protection
Log out of your account when using shared devices
Be vigilant against phishing attempts and suspicious communications
Report any suspected security incidents immediately
Contact Us
If you have any questions about our security practices or want to report a security concern, please contact our security team at [email protected].