at SwipedOn,
security is a priority

We understand that the protection and security of our customer data is our most important responsibility.
Product security

Network & application security

Additional security measures

Our GDPR Commitment

Product Security
Reliability SwipedOn works in Offline mode. In the unlikely event of a server outage all data is queued and transferred to our servers on re-connection. This is perfect for making use of our Evacuation Management feature.

Our Cloud-based platform is engineered for redundancy and availability.

Our platform uses load balancing techniques to auto-scale when demand is high.
Passwords User accounts and passwords are securely managed by AWS Cognito. Passwords are hashed using Bcrypt hashing function. Individual users can only reset their own password.

All SwipedOn staff are required to use a password vault manager. Staff are required to use 2-Factor authentication where available.

Network and application security
Data Hosting As a Cloud service, we do not host any servers ourselves. We outsource this task to Amazon Web Services (AWS). You can view AWS security information here.

Our servers are located in the AWS region selected by a customer when an account is created. These regions can be one of the United States of America (Ohio); Great Britain (London); Singapore; Australia (Sydney); Canada; or EU (Frankfurt).

The servers we use at AWS are Multi-Tenant. AWS have strict controls to prevent one tenant from accessing another tenant's data.

All of our servers are within our own virtual private cloud (VPC) with network access controls.
Backups Our database is continuously versioned for recovery purposes using AWS RDS.
Data Storage We use AWS Simple Storage Service (S3) for storage. Data at rest is encrypted using AWS-provided encryption.
Encryption & Sessions Our web application ( is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.

Sessions are authenticated with a 23-character security token.

Each iPad has a 6-character randomly generated unique Device Identifier. iPad sessions are authenticated using a security token which is randomly re-activated after a set period of time.

All network traffic is encrypted both inside and outside our network.

Additional security measures
Additional security measures

We do not store your Credit Card details.We outsource the processing of your payments to specialist, secure PCI compliant companies: Stripe and Windcave. You can view their credentials here:

Stripe Privacy Policy
Stripe Security

Windcave Privacy Policy
Windcave Compliance and Certificates

Segregation of duties SwipedOn staff do not have access to your data. The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account. In such circumstances, we will only access your data with your express permission.
Training All employees complete Security and Awareness training annually.

SwipedOn has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Best practices Our internal Data Protection Policy states that customer data is never to be stored on local machines.

Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.

security questions?

If you'd like to know more about security related matters, please get in touch with our team or visit our FAQ page.