SwiftProof is verification infrastructure. The security of your evidence trail is the product. This page documents how we protect it.
All API requests are authenticated using bearer tokens. API keys are provisioned per project and scoped to your tenant.
Authorization: Bearer YOUR_KEY header on every
request. The SDK handles this automatically.
The integrity of every chain is guaranteed by cryptographic chaining. Any modification to any record after the fact is immediately detectable.
tampered: true immediately and identifies
the broken step.
How your data is stored, transmitted, and isolated.
tenant_id. Row-level filtering ensures no query can
ever return data from another tenant.
How the API protects against abuse and ensures reliable behaviour.
429 Too Many Requests with a
Retry-After header indicating when requests can
resume.
Idempotency-Key header.
Duplicate requests with the same key within 24 hours return the
original response rather than creating duplicate resources. Safe
to retry on network failure.
/v1/. Breaking
changes are never made to existing versions. New versions are
introduced in parallel. Your integration never breaks without
warning.
The platforms and services SwiftProof is built on.
What you can depend on from SwiftProof as an infrastructure provider.
If you discover a security vulnerability in SwiftProof we want to hear from you. We take all reports seriously and respond promptly.
Email security@tryswiftproof.com with as much detail as possible. We will acknowledge your report within 24 hours and keep you informed as we investigate and resolve the issue.
Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We ask for a minimum of 90 days before public disclosure.