Security and general overview

Swivl Security Overview (2021)

A message from our co-Founder:

“We always welcome a conversation so we can explain what we do and why we do it. We are happy to review and sign additional security and privacy contracts as required.  At the end of the day, the most important thing to me and Swivl, is to protect your kids like we protect our own.”

-Vladimir Tetelbaum, co-Founder/CTO 

Vision

Swivl set out to build a secure platform for educators to use video for collaboration, growth, and impact. Our only business model involves delivering the best in class solutions and at a reasonable cost. We do NOT subsidize with ad revenue or customer data mining.

With over 40,000 schools and universities using Swivl products, we understand the sensitive nature of the video content we safeguard. We focus on how to make collaboration work seamlessly while making sure that the videos are seen only by the intended viewers.

Infrastructure

Swivl is built on top of Amazon AWS Cloud platform. This is a partial list of assurance programs with which AWS complies:

  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018

Swivl uses AES-256 encryption for data storage and TLS 1.2 for data transfer. We use a number of tools for intrusion monitoring and vulnerability testing.Processes are in place for continual security review, monitoring, and improvement.

*International Swivl Team content can be stored in Canada, European Union, Singapore, or Australia. 

Policies

We have a number of internal and customer policies to ensure we meet our customer’s security and privacy needs. These are regularly reviewed and updated with the latest requirements and industry standards.

Internally we have severely limited access to customer data, robust password and 2FA requirements, coding and review practices, and VPN and firewall requirements. 

For our customers, we control data access, ownership, and viewership; video retention and deletion; activity notifications; and a number of administrative tools. View our latest Swivl Teams privacy policy here

Compliance

We are committed to align with the needs and requirements of various institutions.  On a regular basis we undergo extensive security surveys, reviews, and conduct conversations with stakeholders.  We can review and accept additional requirements where they are not in conflict with our mission, goals, and make sense for the business.

From day one, we have aligned our privacy policy and terms with the latest industry standards and requirements.  In addition to FERPA, COPPA, and joining the Privacy Pledge in the US, we are also aligned with European GDPR requirements and have joined the Privacy Shield framework. 

 

Download the full overview below. Contact support@swivl.com with any questions, concerns, or comments.

Updated

Was this article helpful?

4 out of 7 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.