Nothing leaves your environment. By design.
Swiftward is self-hosted. It runs on your infrastructure, in your network, under your controls. This page is written to be forwarded to a security team, yours or your customers'.
Data ownership
Swiftward runs entirely inside your perimeter, with no cloud-only dependency beyond the Postgres, secrets, and observability backends you already operate. In on-prem deployment there are no data-plane sub-processors: your event data, your decisions, and your audit trail never pass through us. You own the storage and the retention of all of it.
Access and identity
Access control runs in layers, not one flat role check. Role-based access on every object type. Attribute-based, row-level scoping. And field-level control on top of that: specific sensitive fields are separately permissioned and separately audited, with separation-of-duties checks. SSO through OIDC with any provider and just-in-time provisioning; MFA and password policy are enforced by your own identity provider. Secrets are read from your own secrets manager or environment; we never hold your keys. Admin actions can be impersonated only with a reason, a deadline, and full attribution in the audit trail.
Audit
Two independent layers, both owned by you. The decision audit records every policy evaluation in full: the signals computed, the rules matched, the state changed, the verdict, reproducible for an investigation. The platform audit records every configuration change, permission grant, login, and change to any record, with who, when, and the before-and-after. Any retention you want, in your own Postgres or warehouse.
Supply chain
Container images are cosign-signed, keyless, through the build's OIDC identity, and carry an SPDX software bill of materials and SLSA build-provenance attestations. New image builds are scanned for HIGH and CRITICAL vulnerabilities with Trivy on the amd64 digest before the multi-arch manifest is published. You can verify cryptographically what you run.
On certifications, plainly
A certificate exists to reassure a buyer about the data they hand to a vendor's cloud. Swiftward runs on your infrastructure, so that question is answered at the architecture level: your data never reaches us, you hold the full audit trail, and your own team can run its security review and penetration test against the deployment, which is the deepest assurance there is. We pursue formal certifications such as SOC 2 and ISO 42001 as customer engagements call for them. Tell us what your review requires and we will map exactly how it is met today. During a pilot we complete your security questionnaire (CAIQ or SIG), support your team's own penetration test of the deployment, and hand over our architecture brief and a software bill of materials.
Regulated data
For PHI, personal data, or other regulated categories, the agreements your legal and security teams require (a Business Associate Agreement, a data processing agreement, data-residency terms) are something we work through with you. Because Swiftward runs on your infrastructure and we do not receive your data, the surface for those agreements is small.
Betting on a young company
On-prem changes the risk math for backing a young vendor. You run the binary in your own environment, so a problem on our end never takes your system down, and you keep running the version you deployed for as long as you choose. If vendor continuity is a board-level concern, source-code escrow is available as an add-on, released to you on defined triggers such as our ceasing to operate. Support terms are set in the pilot agreement.