Security & Compliance

Trust is the product.

Swiftcierge is SOC 2 / ISO-track and cloud-only. Security, tenant isolation, and auditability are foundational — designed in from the first commit, not retrofitted for a procurement review.

Security shield and audit chain

Tenant isolation

Org and workspace scope is derived server-side from a verified session — never from client input — and enforced on every query.

Tamper-evident audit log

Every action is appended to a SHA-256 hash-chained, append-only log, so records are verifiable and non-repudiable.

RBAC, from day one

A closed role set — including compliance-officer and auditor — with permission checks enforced at a single middleware chokepoint.

PHI redaction & consent

Recording-consent modes, PII/PHI redaction, and a BAA path for HIPAA-mode tenants.

Data residency

Region and residency tier are enforced routing keys, so data stays where it must — including EU-residency and HIPAA modes.

Explainable AI actions

Confidence, citations, and guardrail results attach to every AI turn — inspectable and reversible inline.