Security

Designed for secure,
isolated integrations.

SwiftProof is verification infrastructure. The security of your evidence trail is the product. This page documents how we protect it.

Security questions or vulnerability reports — security@tryswiftproof.com

Authentication

All API requests are authenticated using bearer tokens. API keys are provisioned per project and scoped to your tenant.

API keys are hashed before storage
We never store your raw API key. Only a one-way hash is stored. Even in the event of a database breach, your key cannot be recovered from our systems.
Bearer token authentication
Pass your API key in the Authorization: Bearer YOUR_KEY header on every request. The SDK handles this automatically.
Keys are scoped to projects
Each API key is bound to a single project. A key cannot access chains or data from another project, even within the same organisation.
Keep keys server-side
API keys must only be used from your backend. Never expose them in client-side JavaScript, mobile apps, or public repositories. The SDK is designed for server-side use only.

Tamper-proof chain

The integrity of every chain is guaranteed by cryptographic chaining. Any modification to any record after the fact is immediately detectable.

1
Each confirmation creates a fingerprint
When an actor taps confirm, the system takes all the details of that moment — who, what time, what GPS coordinates — and runs them through a SHA-256 hashing function. The result is a unique fingerprint of that exact event.
2
Each fingerprint includes the previous one
When generating the fingerprint for step N, the fingerprint from step N-1 is included as an input. This mathematically links every step to every step before it. The chain cannot be broken or reordered without detection.
3
All fingerprints are stored
Not just the final one. Every individual fingerprint is stored alongside the raw event data. Verification recalculates each fingerprint from scratch and compares it to the stored value. A mismatch at any step means tampering occurred at that exact step.
4
Tampering is instantly detectable
If anyone modifies a record after the fact — changing a timestamp, a location, an actor name — the fingerprint for that step no longer matches what is stored. The verification endpoint returns tampered: true immediately and identifies the broken step.

Data security

How your data is stored, transmitted, and isolated.

Encryption in transit
All communication between your systems and SwiftProof is encrypted using TLS 1.2 or higher. HTTP requests are rejected. HTTPS is required.
Encryption at rest
Data is stored on Aiven-managed PostgreSQL with encryption at rest enabled. Database credentials are stored as environment secrets and never in source code.
Tenant isolation
Every chain, handoff, and audit log is scoped to a tenant_id. Row-level filtering ensures no query can ever return data from another tenant.
Email encryption
Merchant email addresses are encrypted at rest using AES-256 before being stored. They are decrypted only when sending transactional notifications.
Append-only audit logs
The event log for every chain is append-only at the database level. No row can be updated or deleted once written. The record is permanent.
One-time confirmation links
Each confirmation link can only be used once. After an actor confirms, the link is consumed. Failed attempts and expired links are logged in the audit trail.

API security

How the API protects against abuse and ensures reliable behaviour.

Rate limiting
All endpoints enforce rate limits to protect against abuse and database saturation. When a limit is reached the API returns 429 Too Many Requests with a Retry-After header indicating when requests can resume.
Idempotency
POST requests accept an Idempotency-Key header. Duplicate requests with the same key within 24 hours return the original response rather than creating duplicate resources. Safe to retry on network failure.
Request timeouts
The SDK enforces configurable timeouts on all requests. Your servers will never be left waiting indefinitely for a response. Default timeout is 5 seconds. Configurable per call.
Versioned endpoints
All endpoints are versioned under /v1/. Breaking changes are never made to existing versions. New versions are introduced in parallel. Your integration never breaks without warning.
Input validation
All inputs are validated and sanitised before processing. SQL injection, XSS, and injection attacks are mitigated through parameterised queries and strict schema validation at every endpoint.

Infrastructure

The platforms and services SwiftProof is built on.

Render — API hosting
The SwiftProof API runs on Render. Render provides automatic TLS certificate management, DDoS protection, and infrastructure-level security. Deployments are triggered from protected branches only.
Aiven — managed PostgreSQL
All data is stored in Aiven-managed PostgreSQL with encryption at rest, automated backups, and point-in-time recovery. Database access is restricted to the API server IP range only.
Cloudinary — media storage
Photo evidence uploaded through confirmation links is stored in Cloudinary with signed URL access. Direct public access to raw upload paths is disabled.
Resend — transactional email
Merchant notification emails are sent through Resend from a verified domain. DKIM and SPF records are configured. We do not store email content after delivery.

Our commitments

What you can depend on from SwiftProof as an infrastructure provider.

No breaking changes without notice
Breaking changes are introduced only in new API versions. Your existing integration always continues to work.
Incident communication
All incidents are posted to status.tryswiftproof.com within 30 minutes of detection. Subscribers are notified by email.
Data deletion on request
You can request deletion of your project data at any time. We will confirm deletion within 30 days.
We do not sell data
Your chain data, customer data, and event logs are never sold, shared with third parties, or used for advertising.
Breach notification
In the event of a security breach affecting your data, we will notify you within 72 hours of becoming aware.
Uptime target
We target 99.9% monthly uptime for the Chain API and Verification API. Current uptime is visible at status.tryswiftproof.com.

Responsible disclosure

If you discover a security vulnerability in SwiftProof we want to hear from you. We take all reports seriously and respond promptly.

How to report a vulnerability

Email security@tryswiftproof.com with as much detail as possible. We will acknowledge your report within 24 hours and keep you informed as we investigate and resolve the issue.

1
Email your findings to security@tryswiftproof.com. Include a description of the vulnerability and steps to reproduce it.
2
We will acknowledge your report within 24 hours and confirm whether we can reproduce the issue.
3
We will work to resolve confirmed vulnerabilities promptly and keep you informed of our progress.
4
We will credit researchers in our security acknowledgements unless you request anonymity.

Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We ask for a minimum of 90 days before public disclosure.