TRUST & SECURITY

Security at Swarmify

SmartVideo has carried customer video since 2013. Here’s how we protect the data behind it — and exactly which vendors touch it, published in plain sight.

14-day free trial · No charge until day 15

How We Protect Your Data

Encryption in transit

All traffic is served over HTTPS with modern TLS (1.2+) at our load balancers; plain-HTTP requests are redirected. HSTS is enabled on swarmify.com.

Encryption at rest

Databases, object storage, and compute disks are encrypted at rest through our cloud provider. Credentials and API keys live in encrypted vaults and a cloud secret manager — not in code.

Access control

Role-based access with least-privilege, narrowly scoped service accounts. Infrastructure and access grants are managed as code, so every change is tracked and reviewable.

Network isolation

Services run in isolated, segmented VPC networks behind cloud firewalls. Volumetric DDoS traffic is mitigated at the network edge by Google Cloud’s global load balancing.

Monitoring and alerting

Centralized logging with automated uptime, error, and resource alerting — alarms page our engineers directly.

Backups and recovery

Automated backups with point-in-time recovery on our primary database and versioned object storage. Restore procedures are exercised during major maintenance windows.

Privacy & Compliance

Privacy commitments are contractual, not marketing copy — they live in our published Data Processing Addendum and Privacy Policy.

GDPR, UK GDPR & CCPA
Our DPA incorporates the EU Standard Contractual Clauses (Module 2) and the UK Addendum for international transfers, and addresses CCPA/CPRA and other U.S. state privacy laws.
72-hour incident notification
If a security incident involves customer personal data under our control, we commit to notifying you without undue delay — and in any event within 72 hours of becoming aware of it.
Transparent subprocessors
We maintain a public subprocessor list in the DPA — each vendor, what it does, and where it processes.
EU processing options
Video encoding and caption generation run on Swarmify-operated servers in the European Union (Germany and Finland) as well as the US; video storage can be configured for US and/or EU regions.
Data lifecycle
When you cancel, you get an export window for your content. After it closes, personal data is deleted from active systems and then from backups as they expire, per the retention terms in the DPA.
Consent-first analytics
Analytics on this site run under Consent Mode v2 with a default-deny posture — no analytics cookies or identifiers are set until a visitor consents.

What Runs in Your Visitors’ Browsers

The SmartVideo player is ad-free and carries no third-party analytics or ad tracking. Engagement data — plays, watch time, drop-off — flows only to your SmartVideo dashboard, never to a vendor-owned analytics platform. The player’s crash reporting is scoped to the player itself and deliberately blind to everything else on your page.

Production changes to the services behind it go through pull-request review and deploy through separated development and production environments.

Security FAQ

Do you sign a Data Processing Addendum (DPA)?

Yes — our DPA is published and incorporated into the Master Services Agreement. It includes the EU Standard Contractual Clauses (Module 2) and the UK Addendum for international transfers.

Where is customer data processed?

Application infrastructure runs on Google Cloud in the United States (multi-region). Video storage can be configured for US and/or EU regions, encoding runs on Swarmify-operated servers in the EU (Germany, Finland) and the US, and delivery uses global CDN edge locations. The full breakdown is in the DPA’s subprocessor table.

What happens to my data when I cancel?

You can export your content during the post-termination window described in the MSA. After that, we delete customer personal data from active systems and then from backups as they expire, per the retention terms in our DPA.

How do you handle security incidents?

We notify affected customers without undue delay — and in any event within 72 hours of becoming aware of a security incident involving customer personal data in our control — and provide updates to support your own incident-response and regulatory obligations.

Does the player track my visitors?

No third-party analytics or ad tracking — ever. Viewer engagement data goes to your SmartVideo dashboard only. The player’s own crash reporting is limited to player errors and never touches the rest of your page.

How do I report a security concern?

Email privacy@swarmify.com. It routes directly to the engineers who run the platform.

Have a security questionnaire?

Send it over. You’ll hear back from the people who actually run the infrastructure.

14-day free trial · No charge until day 15