search mobile facets autocomplete spellcheck crawler rankings weights synonyms analytics engage api customize documentation install setup technology content domains user history info home business cart chart contact email activate analyticsalt analytics autocomplete cart contact content crawling custom documentation domains email engage faceted history info install mobile person querybuilder search setup spellcheck synonyms weights engage_search_term engage_related_content engage_next_results engage_personalized_results engage_recent_results success add arrow-down arrow-left arrow-right arrow-up caret-down caret-left caret-right caret-up check close content conversions-small conversions details edit grid help small-info error live magento minus move photo pin plus preview refresh search settings small-home stat subtract text trash unpin wordpress x alert case_deflection advanced-permissions keyword-detection predictive-ai sso

Security is in our DNA

Security isn’t just a priority. It is an essential component to Swiftype’s technology and in keeping your data safe—and has been since day one.

Swiftype's SOC 2 compliance is proof of our commitment to security and data integrity throughout our operations and services.

Key Security Features

  • Data encryption both in transit and at rest
  • Dedicated information security practice
  • State-of-the-art data centers with physical security and biometric access control
  • SAML-based SSO
  • Granular content permissions

Data Centers

Deliver better search with best-in-class uptime and data protection

There’s nothing more precious than your data. That’s why Swiftype’s distributed data centers and back-up locations are not only best-in-class, but also adhere to the strictest guidelines.

Swiftype is SOC 2 compliant, ensuring the highest standards in information security policies and controls. Swiftype data centers also meet all requirements for ISO 27001, ISO 27017, and ISO 27018.

data-centers

Data Centers - Physical and Environmental Security

  • 24x7 onsite trained staff, with background checks
  • State-of-the-art HVAC, sensors, fire detection, and raised flooring to protect equipment from environmental hazards
  • Security cameras and biometric scanning to controlled access data centers

Compliance Standards

SOC 2

Service Organization Control

ISO/IEC 27001

Information Security Management System (ISMS)

ISO/IEC 27017

Security Controls for the Provision and Use of Cloud Services

ISO/IEC 27018

Protection of Personally Identifiable Information (PII)

CSA STAR

The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program

Learn more on Elastic.co

Data Protection

Swiftype’s storage of data adheres to all industry standards of encryption, and all customer data is encrypted via SSL. No questions asked. And your data is your data. None of Swiftype’s systems will modify or compromise the integrity of your source data.

  • Only you have full access to source content
  • Content stored and in transit is protected from any unauthorized access
  • Complete control over user access and data indexing
  • Indexes consistently refreshed, including access rights
  • Protection for individual user sessions
  • Separate account-based search infrastructure
  • 24/7 on-call disaster recovery
  • Frequent customer data backups stored in secure, offsite locations

Application Security

Security doesn’t stop with data and data centers because security and encryption also extends to your traffic. Some more details:

  • Data encrypted in transit with AES-256
  • All network traffic encrypted via SSL and application traffic over SSL/TLS
  • User passwords stored in one-way salted hash
  • Compartmentalized and firewalled three-tier architecture
  • Centralized logging and alerts protect customers and their data
  • Single sign-on for users
  • Password timeout
  • Early and late binding authorization options
  • Adherence to industry best practices for port control and limited ports are publicly opened
  • Infrastructure is protected by multilayer access control

Responsible Disclosure Policy

Swiftype is committed to maintaining the security of our systems. Good security is critical to maintaining the trust of our customers. As such, we strive to continuously improve our security to ensure that we are prepared to meet the challenges posed by an ever-evolving threat landscape.

We value responsible disclosure. When properly notified of a security issue, we are committed to working with security researchers to understand and remediate verified problems. If you believe you have found an issue on our site, we encourage you to report it to us in a private and responsible way. The following guidelines apply to researching and reporting potential security vulnerabilities in our network.

Security evaluations must:

  • Be performed only on swiftype.com domain or its subdomains
  • Not be performed on any other Swiftype domains, including *.swiftype.net
  • Not be performed on any non-Swiftype domain
  • Not compromise the availability of Swiftype’s services
  • Not compromise the security or privacy of Swiftype’s customers or the data on Swiftype’s network
  • Use non-destructive and non-disruptive testing
  • Not involve social engineering or evaluation of physical security controls

Disclosure process

  • Please submit your reports to security@swiftype.com
  • Include valid contact information for the reporter
  • Include a description of the location and nature of the vulnerability
  • Include a short description of the vulnerability’s potential security impact
  • Optionally, include detailed steps to reproduce the vulnerability
  • Screenshots or videos are always helpful
  • Messages can optionally be encrypted to our PGP key

Swiftype response to reports of security evaluations

When reported a security issue, Swiftype will:

  • Endeavor to acknowledge initial security evaluation reports within two business days
  • Prioritize the reproduction and then confirmation of any reported vulnerability
  • For any confirmed vulnerability, promptly identify a reasonable timeline for patching and public disclosure
  • Not pursue legal action against any reporter who complies with all of the guidelines for performing and reporting security evaluations, and who also cooperates fully with Swiftype's reasonable requests for assistance in reproducing a vulnerability

Please note that security tests or research which interfere with or disrupt the integrity or performance of the Services violate our acceptable use policy. You must respond immediately to any communications from Swiftype regarding your work to help ensure your activities do not adversely affect other customers or the Swiftype network.

Thousands of businesses trust Swiftype to deliver millions of highly relevant results every day

cbs
qualcomm
aol
marketo
att