Trust & Security

Security

Your inventory, sales, and customer data are protected with defense-in-depth controls, rigorous compliance standards, and continuous improvement, whether you sell from a kitchen table or run a full shop.

TLS 1.2+ AES-256 at rest PCI DSS GDPR SOC 2 Type II 24/7 monitoring

Last updated: June 01, 2024 · Report a vulnerability: [email protected]

01

Foundation

Security Commitment

Security is fundamental to SortSwift. We are committed to protecting the confidentiality, integrity, and availability of our users' data. We implement industry-leading security practices, maintain rigorous compliance standards, and continuously improve our security posture to safeguard against evolving threats.

Our security approach is built on defense-in-depth principles, combining technical controls, operational procedures, and organizational policies to provide comprehensive protection for our platform and your data.

02

Encryption

Data Encryption

In Transit

All data transmitted between your devices and SortSwift servers is encrypted using TLS 1.2 or higher. We utilize HTTPS for all web communications and enforce secure protocols for API endpoints. Encrypted connections protect against eavesdropping and man-in-the-middle attacks.

At Rest

Sensitive data stored on SortSwift servers is encrypted using AES-256 encryption. Database encryption keys are managed separately from the data, and access to encryption keys is tightly controlled through our key management system. Regular encryption audits ensure continued protection.

03

Identity

Access Control & Authentication

  • Multi-Factor Authentication (MFA)

    We support MFA to add an additional layer of security beyond passwords. Users can enable MFA to require verification through a second factor when logging in.

  • Role-Based Access Control (RBAC)

    SortSwift implements RBAC to ensure users only have access to the resources and functions necessary for their role. Permissions are granularly defined and regularly reviewed.

  • Session Management

    User sessions are managed securely with automatic timeout after periods of inactivity. Session tokens are cryptographically secure and validated on every request.

  • Password Security

    Passwords are hashed using modern algorithms (bcrypt or equivalent) and are never stored in plaintext. We enforce password complexity requirements and support password managers.

04

Compliance

Compliance & Certifications

PCI DSS GDPR SOC 2 Type II CCPA
  • PCI DSS Compliance

    When processing credit card transactions, SortSwift complies with PCI Data Security Standard (PCI DSS) requirements. We use PCI-compliant third-party payment processors to handle sensitive payment information, and we do not store raw credit card data on our servers.

  • GDPR Compliance

    SortSwift is compliant with the General Data Protection Regulation (GDPR). We provide data subject rights including access, rectification, erasure, and data portability. Our data processing agreements are compliant with GDPR requirements.

  • SOC 2 Type II

    SortSwift maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality controls. Regular audits verify our compliance with these standards.

  • CCPA Compliance

    For users subject to the California Consumer Privacy Act (CCPA), SortSwift respects consumer privacy rights and maintains appropriate data handling practices.

05

Infrastructure

Infrastructure Security

  • Cloud Infrastructure

    SortSwift infrastructure is hosted on secure, geographically distributed cloud platforms with industry-leading security practices. All infrastructure is monitored 24/7 for security events.

  • Network Security

    We employ firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and protect network traffic. DDoS mitigation services protect against distributed denial-of-service attacks.

  • Server Hardening

    All servers are configured following security hardening standards. Unnecessary services are disabled, security patches are applied promptly, and systems are regularly updated.

  • Database Security

    Database servers are isolated in secure network segments, access is restricted to authorized applications, and all database activity is logged and monitored for suspicious behavior.

06

Application

Application Security

  • Secure Development

    SortSwift follows secure software development practices including code reviews, static application security testing (SAST), and dynamic application security testing (DAST).

  • Vulnerability Management

    We maintain a comprehensive vulnerability management program including regular security assessments, penetration testing, and vulnerability scanning. Identified vulnerabilities are prioritized and remediated promptly.

  • Input Validation

    All user inputs are validated and sanitized to prevent injection attacks, cross-site scripting (XSS), and other common web vulnerabilities.

  • API Security

    APIs are secured with authentication, authorization, rate limiting, and encryption. API keys and tokens are securely managed and regularly rotated.

07

Response

Incident Response & Breach Notification

SortSwift maintains a comprehensive incident response plan to rapidly detect, respond to, and recover from security incidents. Our incident response team is available 24/7 to address security concerns.

In the event of a confirmed data breach, we will notify affected users without unreasonable delay, as required by applicable law. Our notifications will include details of the incident, the data affected, and recommended steps to protect personal information.

We maintain detailed logs of all security incidents and conduct post-incident reviews to identify improvements and prevent recurrence.

08

People

Employee & Third-Party Security

  • Employee Access

    Access to customer data and production systems is restricted to authorized employees with legitimate business need. All access is logged and monitored. Employees are required to sign confidentiality agreements and receive regular security training.

  • Third-Party Management

    We carefully vet all third-party vendors and service providers. Contracts include security requirements, data protection obligations, and audit rights to ensure third parties maintain appropriate security controls.

  • Security Awareness

    All SortSwift employees receive mandatory security training covering topics such as phishing prevention, secure coding, and incident reporting.

09

Visibility

Monitoring & Logging

SortSwift implements comprehensive logging of all significant system events, security-relevant activities, and access to sensitive data. Logs are stored securely and retained for appropriate periods to support incident investigation and forensic analysis.

Security information and event management (SIEM) systems continuously monitor logs for suspicious patterns and anomalies. Alerts are generated for security-relevant events and investigated by our security team.

Real-time security monitoring enables rapid detection and response to potential security threats.

10

Resilience

Backups & Disaster Recovery

SortSwift maintains regular backups of all critical data in geographically distributed locations. Backups are encrypted and stored securely to protect against data loss and ransomware attacks.

We maintain a comprehensive disaster recovery plan and perform regular disaster recovery drills to ensure business continuity in the event of a significant incident.

Recovery time objectives (RTO) and recovery point objectives (RPO) are defined for critical systems to minimize potential downtime and data loss.

11

Testing

Security Testing & Assessments

  • Penetration Testing

    SortSwift conducts regular penetration testing by qualified security professionals to identify vulnerabilities and test the effectiveness of security controls.

  • Vulnerability Scanning

    Automated vulnerability scanners are regularly run against all systems to identify known vulnerabilities and configuration weaknesses.

  • Security Assessments

    Regular third-party security assessments are conducted to evaluate our overall security posture and identify areas for improvement.

12

Researchers

Responsible Disclosure

SortSwift welcomes security researchers to responsibly disclose any security vulnerabilities they discover. We ask that researchers follow responsible disclosure practices and avoid accessing or modifying data, disrupting services, or publicly disclosing vulnerabilities without first providing us with an opportunity to address them.

If you discover a security vulnerability, please report it to: [email protected]

We will acknowledge receipt of your report, investigate the issue, and work with you to develop and communicate a fix. We aim to resolve security issues promptly and appreciate your contribution to keeping SortSwift secure.

SortSwift is committed to maintaining and continuously improving the security of our platform. While we implement comprehensive security controls, no system is entirely immune to security concerns. We maintain insurance and incident response procedures to address any potential security incidents.

© 2024-2025 SortSwift, LLC. All rights reserved.

Built to protect your business, from your first binder up.

Start free on the phone in your pocket. Unlimited free scanning on every plan, 0% commission on POS and every marketplace we sync to, no credit card to begin.

Start free Book a call