This page is maintained by SwiftTrack Insights to answer common security and privacy questions. It describes controls we operate today; it is not an independent certification.
Every request between browsers, tracking endpoints, and our API is served over HTTPS.
Application databases and backups are encrypted at rest by our managed data provider.
Email + password with optional TOTP two-factor authentication for admin accounts. Leaked-password protection blocks known-breached passwords at signup.
Affiliates can only read their own clicks, conversions, and payouts. Enforced at the database layer via row-level security.
Every click is scored against VPN, proxy, Tor, and data-center IP intelligence. Custom rules can auto-reject matching conversions.
IP addresses in logs can be hashed on request. Retargeting scripts strip email, phone, and known-PII fields at the edge.
Outbound webhooks are signed with HMAC-SHA256 so receivers can verify authenticity.
API keys are scoped per user, revocable, and rate-limited per plan.
If you believe you've discovered a security issue, please email security@swifttrack.example. We'll acknowledge within one business day and coordinate a fix before any public disclosure.