Data Security

Effective date: 8 August 2025

Overview

We take a risk-based approach to security and privacy, following widely recognized practices to protect customer data across confidentiality, integrity, and availability.

Data handling

• External processing: To provide the Service, data may be sent to external providers for processing (e.g., cloud, speech/LLM, storage, analytics, email, payments). Vendors are under contractual confidentiality and security obligations.
• Encryption: Data in transit uses TLS. Data at rest is stored using encryption offered by our cloud providers.
• Segregation: Logical separation of environments and least-privilege access.
• Backups & continuity: Regular backups and tested recovery procedures.
• Secure development: Code review, dependency scanning, and key management.

Access control

• Role-based access control (RBAC) and need-to-know principles.
• Multi-factor authentication for admin access.
• Logging and alerting for privileged actions.

Monitoring & incident response

• Monitoring for anomalous activity and service health.
• Documented incident response runbooks, with notification to affected users and regulators where required by law.

Customer responsibilities

• Protect your account credentials and API keys.
• Manage access rights for your team and rotate secrets regularly.
• Review and configure data retention settings appropriate to your needs.

Compliance

Our program is designed to support compliance with Swiss FADP, EU/UK GDPR, and relevant US state privacy laws (including CCPA/CPRA). Formal certifications (if any) and security reports can be provided under NDA upon request.

Contact

Email: security@swissper.app