Unparalleled Standards, Unmatched Security

Trust begins with transparency. Below you will find current information on Swipe Credit reliability, security, compliance and privacy. 

 

Reliability

Swipe Credit operates and maintains high availability services and infrastructure. The current operational status of the Client Dashboard, API, Webhooks, Apply Page, and Borrower Portal, can be found on our status site.

 
Swipe Credit

Security

What Makes Our Security Best-In-Class?

Security Policies

Our security policies, controls, and standards cover a wide range of areas including information security, incident response, access control, physical security, network security, vulnerability management, software/systems development life cycle, secure development, change management, vendor management, disaster recovery and business continuity.

Access Control

Swipe Credit uses role-based access control & an identity management system to identify, authenticate, and validate access to systems or resources. Internal policies and technical access controls prohibit arbitrary staff access to a candidate’s personally identifiable information (PII) or other private screening or record information without a valid business need.

Encryption

Data is transferred securely using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption.
Data is also stored securely at rest with AES-256-bit encryption.
Encryption keys are stored separately from the encrypted data and it’s all hosted in our off-site secure cloud infrastructure.

Vulnerability Management

Swipe Credit performs regular application and infrastructure security vulnerability and penetration testing, by internal security staff and third-party security researchers/specialists, including a bug bounty program, to proactively identify vulnerabilities and complete remediation in a timely manner.
To responsibly disclose or report a security vulnerability to Swipe Credit.

Change Control

Swipe Credit maintains systems development life cycle (SDLC) policies and procedures to guide the documentation and implementation of application and infrastructure changes, in addition to maintaining industry-standard best practices. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, and testing requirements.

Sub-Service Providers

Swipe Credit production systems are housed at third-party sub-service organization data centres and managed service providers.
Third-party providers are responsible for physical, environmental and operational security controls, and Swipe Credit is responsible for network, application and logical security controls of our infrastructure.

 

Compliance

SWIPE CREDIT HAS ITS SYSTEMS, PEOPLE, PROCESSES AND CONTROLS CERTIFIED AND ASSESSED THROUGH REGULAR INDEPENDENT THIRD-PARTY AUDITS.

 
Swipe Credit solutions

International Organization for Standardization

(ISO) 27001 is a global information security standard for information security management. Swipe Credit follows the ISO 27001 standard to continuously identify, select, maintain and improve information security controls to preserve the confidentiality, integrity and availability of our systems and information.

American Institute of Certified Public Accountants (AICPA)

Service Organization Controls (SOC) reports are designed to help build trust and confidence in the services performed and controls of a service organization. A SOC2 Type II report provides detailed information about the suitability of the design of controls and an independent auditor’s assurance opinion on the operating effectiveness of the controls. Swipe Credit’s SOC2 Type II examination report is available upon request by contacting our Sales Team.

AICPA certified

Privacy

Privacy Policy

Our products and services go through a rigorous software development lifecycle that includes privacy and security by design principles as well as industry-standard best practices. Every new product and service is reviewed against our internal requirements prior to release.  Our Privacy Policy describes how we handle your information when you use our website, products, and/or services.

Privacy Shield

Swipe Credit is Privacy Shield certified. This means that Swipe Credit has met the requirements of the Privacy Shield program administered by the United States Department of Commerce and is able to export data from the European Union to the United States of America. More information about the Privacy Shield program can be found here. Swipe Credit’s Privacy Shield certification can be found here.

 

CCPA

Swipe Credit is compliant with the California Consumer Privacy Act (CCPA) while maintaining full compliance with the long-standing, established Fair Credit Reporting Act (FCRA). While CCPA applies to California citizens, Swipe Credit will apply those rights to all United States consumers regardless of their state of residence or citizenship. 

 

Take control of your data

IF YOU ARE A CONSUMER BASED IN THE UNITED STATES: 

data access

Access Your Data

You can access the information Swipe Credit holds on you, including your loan application.

delete data

Delete Your Data

You have the right to delete your data. After deleting your data, you will no longer have access to our Borrower Portal.

Personal Information

We do not sell your personal information, we only use it to run the solution.

GDPR

Swipe Credit is committed to ensuring our People Trust Platform is compliant with all EU data protection laws, including the General Data Protection Regulation (GDPR).

If you are a consumer based outside of the United States or internationally: Requests to Access, Transfer, and Delete, your personal data can be submitted to Swipe Credit.

If you are an organization or Swipe Credit customer, we have more information about Swipe Credit and the GDPR in a help center article, which includes a copy of our signed Data Processing Addendum.

world