Get early access
Get early access

Data security

Your moments matter — so we protect them with modern, multi-layered security designed from the ground up. This page explains how Swizil keeps your data secure, technically and operationally, across our mobile app, web services, and supporting systems.

Built on Secure Cloud Infrastructure

Swizil runs on enterprise-grade cloud infrastructure with strong isolation and encrypted services across all layers. Our architecture includes:

  • Multi-factor authentication and secure access controls

  • Encrypted storage for all media and user data

  • Encrypted databases with access restrictions

  • Isolated microservices with tightly scoped permissions

  • Regional encryption key management

  • Network isolation and segmentation

  • Application firewall protection

Every component is configured to follow least-privilege access, ensuring only the systems that need access can request it.

Encryption Everywhere

We use industry-standard encryption to protect your information:

  • Data in transit: Protected using current industry-standard secure protocols

  • Data at rest: Military-grade encryption across all storage systems and backups

  • Key separation: UK/EU and US regions use different encryption keys with restricted access


This ensures your information stays confidential and tamper-resistant, even inside our infrastructure.

Regional Data Separation

Where you live determines where your data is stored:

  • UK/EU member data is stored in secure EU data centers

  • US/ROW member data is stored in secure US data centers

  • Your data remains stored in your home region only

  • When you share content with friends in other regions, it's transmitted for viewing but not stored in their region

  • Only a small, non-personal subset of reference tables is replicated for cross-region share-links


This gives you stronger privacy and more appropriate legal protection.

Strict Access Controls

Sensitive data is guarded by multiple layers of controls:

  • Multi-factor authentication for internal systems

  • Role-based access with least privilege

  • No engineer access to raw media content

  • Logged & audited internal tools with mandatory "reason for change" fields

  • Temporary access that expires automatically

Access to sensitive material is rare, controlled, and fully traceable.

Continuous Monitoring & Threat Detection

We use enterprise monitoring systems and 24/7 automated alerting to detect unusual activity:

  • Comprehensive logging and metrics

  • Automated anomaly detection

  • Request-level tracking

  • Real-time event monitoring

  • Regular vulnerability assessments

  • Annual third-party penetration testing

If something looks suspicious, we act immediately.

Secure Development & Testing Practices

Security is built into our engineering process:

  • Mandatory code reviews

  • Automated dependency scanning and updates

  • Secrets stored in encrypted vaults

  • No credentials in code

  • Isolated development, staging, and production environments

  • Infrastructure as code for consistent, auditable deployments

We update our systems regularly and test them for weaknesses.

Third-Party Security

We carefully vet all third-party services:

  • Vendor security assessments before integration

  • Contractual data protection requirements

  • Regular security reviews

  • Minimal data sharing - only what's necessary

Managed Data Retention & Safe Deletion

We retain your data only for as long as needed to deliver the service or meet legal requirements. When you delete your account:

  • Personal data is permanently deleted or anonymised within 30 days

  • Encrypted backups are removed as part of their normal rotation

  • Backup data is not used for active processing

This is managed according to our retention rules and security safeguards.

Incident Response

If something happens that could affect your data:

  • We maintain a documented incident response plan

  • We conduct regular incident response drills and tabletop exercises

  • We respond immediately to assess and contain incidents

  • We notify you and the relevant authorities without undue delay, if required by law

Our goal is transparency, speed, and member protection.

Your Role in Keeping Your Account Secure

We encourage members to:

  • Use strong passwords

  • Enable device-level security features

  • Keep apps updated

  • Be cautious with external sharing

  • Report suspicious activity immediately to security@swizil.com

Security is a partnership — we protect the platform, and you protect your personal access.

Swizil exists to give you a private, safe place to share your world. Our responsibility is to protect that space — every hour, every day.

Contact Us

Questions or concerns about security? Contact us at security@swizil.com
To report a security vulnerability, please email security@swizil.com
For privacy questions, see our Privacy Policy or contact dpo@swizil.com
Post: Swizil Ltd, 4th Floor, Silverstream House, 45 Fitzroy Street, London W1T 6EB

Last Updated: 15 November 2025

© 2025 Swizil. All rights reserved.

Contacts

+44 75 1676 2954
info@swizil.com

Address

Silverstream House, Fitzroy Street
London, UK

It's your world, have fun with it.
Links

Terms of service
Privacy policy
Community guidelines
Data security
Cookie policy