SwiftShip Pro®
Security & Trust

Built on a foundation of trust.

SwiftShip Pro moves millions of packages and the data that goes with them. Security isn't a feature — it's the substrate the whole product runs on. Here's exactly how we protect what you hand us.

SOC 2 Type II
Audited annually
ISO 27001
Information security
GDPR & CCPA
Privacy compliant
PCI-DSS
Payment security
99.99% uptime
Trailing 12 months
24/7 SOC
Security operations
Security pillars

Defense in depth, end to end

Encryption everywhere

TLS 1.3 in transit and AES-256 at rest. Database backups are encrypted and stored in geographically separated regions.

Least-privilege access

Row-level security on every table. Internal access is gated by SSO + hardware-key MFA and audited continuously.

Hardened infrastructure

Workloads run on SOC 2 Type II audited cloud infrastructure with isolated environments, secrets rotation, and immutable deploys.

Continuous monitoring

Centralized logging, anomaly detection, and on-call response 24/7/365. Suspicious activity triggers automatic lockdown.

Compliance posture

Aligned with SOC 2, ISO 27001, GDPR, CCPA, and PCI-DSS SAQ A controls. Annual third-party penetration tests.

Data residency

Choose where your shipment and customer data lives. Regional isolation available for EU, UK, and US customers.

Data handling

No surprises. No fine print.

A plain-English summary of what we collect, why, and what control you have. The full Privacy Policy expands on each section.

What we collect
  • Account details (name, email, business address)
  • Shipment metadata (sender, recipient, package attributes)
  • Payment information processed by PCI-compliant providers — we never store full card numbers
  • Operational logs needed to deliver and troubleshoot the service
How we use it
  • Operate the shipping platform and deliver packages
  • Fraud prevention and account security
  • Service notifications and tracking updates
  • Aggregated, de-identified analytics to improve reliability
Who can see it
  • You and any teammates you invite
  • Carrier partners only for the specific shipments they handle
  • A small set of audited internal engineers for incident response — every access is logged
  • We never sell your data. Ever.
Your rights
  • Export your data at any time from your dashboard
  • Request deletion under GDPR / CCPA — fulfilled within 30 days
  • Opt out of marketing communications with one click
  • Contact privacy@swiftshippro.com for any data request
Incident response

If something goes wrong, you'll know.

Our security team is on call 24/7. Material incidents that affect your data trigger written notification within 72 hours, per GDPR Article 33 and our customer contracts — usually much sooner. We publish post-incident reports on our status page.

Report a vulnerability

Security researchers — we welcome coordinated disclosure. Email security@swiftshippro.com with details. We respond within one business day and credit reporters in our hall of fame.

PGP fingerprint available on request.
Need a security review or DPA?

Our team supplies SOC 2 reports, penetration test summaries, and Data Processing Agreements to enterprise customers under NDA.

Contact security team