For customers using Swif.ai’s EU region:
Customer data is stored in EU-based infrastructure.
Core service data and key metadata are processed within the EU where feasible.
Infrastructure providers operate in GDPR-adequate jurisdictions.
Swif does not transfer EU customer data outside the EU unless required for limited operational purposes and protected by appropriate safeguards.
Swif maintains a documented list of sub-processors involved in delivering the service.
Sub-processors are vetted for security and compliance.
Data processing locations are restricted to GDPR-adequate regions.
Sub-processor changes follow contractual notification requirements.
A full sub-processor list is available upon request.
Swif implements technical and organizational measures designed to protect EU customer data, including:
Encryption in transit and at rest.
Role-based access controls.
Secure key management practices.
Access to customer data is limited to authorized personnel for approved operational purposes.
Where supported:
Logs and backups for EU customers remain within EU data-residency boundaries.
Disaster recovery processes are designed to respect regional data controls.
Retention policies align with contractual and regulatory requirements.
Swif acts as a data processor under GDPR and supports customer compliance obligations by providing:
A Data Processing Agreement (DPA).
Transparency into data storage and processing locations.
Documentation for audits and security reviews.
Customers remain the data controller for personal data processed using Swif.
Swif provides enterprise customers with documentation to support security, legal, and procurement reviews, including:
Data flow descriptions.
Sub-processor disclosures.
Security and compliance artifacts.
.png)
