Trust

Security & Privacy

This page is maintained by SwiftTrack Insights to answer common security and privacy questions. It describes controls we operate today; it is not an independent certification.

Encryption in transit

Every request between browsers, tracking endpoints, and our API is served over HTTPS.

Encryption at rest

Application databases and backups are encrypted at rest by our managed data provider.

Authentication

Email + password with optional TOTP two-factor authentication for admin accounts. Leaked-password protection blocks known-breached passwords at signup.

Row-level access controls

Affiliates can only read their own clicks, conversions, and payouts. Enforced at the database layer via row-level security.

Fraud protection

Every click is scored against VPN, proxy, Tor, and data-center IP intelligence. Custom rules can auto-reject matching conversions.

PII minimization

IP addresses in logs can be hashed on request. Retargeting scripts strip email, phone, and known-PII fields at the edge.

Signed webhooks

Outbound webhooks are signed with HMAC-SHA256 so receivers can verify authenticity.

Least-privilege API keys

API keys are scoped per user, revocable, and rate-limited per plan.

Reporting a vulnerability

If you believe you've discovered a security issue, please email security@swifttrack.example. We'll acknowledge within one business day and coordinate a fix before any public disclosure.