Skip to content

Security & compliance

Governance isn't a feature. It's the foundation.

SwiftURL treats safety, privacy and accountability as table stakes for every link, on every plan, with first-class tooling for regulated markets on top.

The controls

Safe links, and the proof to back them

Checked before it goes live

Every destination is screened against Google Safe Browsing plus malware, phishing and shortener-chain signals at creation time. Links that fail a critical check are rejected and never created.

Tamper-evident audit logs

Every change is written to an append-only log where each entry is cryptographically chained to the one before it. Records can be verified, and the database blocks edits to past entries.

Encryption and secrets

Webhook signing secrets are encrypted at rest with AES-256-GCM, SSL is provisioned on every domain, and the app ships strict security headers including HSTS and a per-request content-security policy.

Privacy by design

Raw IP addresses are never stored; they are anonymized at the edge before any data leaves it. Unique visitors are counted with a daily-rotating pseudonymous hash and no cookies, so no one is tracked across days.

Role-based access

Granular roles (Owner, Admin, Developer, Marketer, Analyst, Reviewer, Read-only) control who can do what. API keys are workspace-scoped with read or read-and-write access and are shown only once.

Hardened by default

Server-side requests are protected against SSRF, sensitive endpoints use constant-time secret checks, and rate limits guard sign-in, link creation, imports and more.

For regulated markets · India

First-class DLT/TRAI and DPDP tooling

SwiftURL helps Indian businesses meet the rules that govern marketing links and personal data, with tooling built into the platform rather than bolted on.

DLT / TRAI for SMS

Carry DLT-registered sender headers on your links, and record the compliance metadata behind each one, including PE ID, sender header, content template ID and telecom provider.

DPDP consent and grievance

A consent ledger records consent per user, and each organization can name a grievance officer and contact, so requests have a clear owner.

Retention and erasure

Audit logs stay immutable for integrity but allow deletion for lawful erasure, and account deletion runs on a reversible 30-day grace before a hard purge.

SwiftURL provides tooling that helps you meet DLT/TRAI and DPDP obligations. It does not make your organization automatically compliant; outcomes depend on how you configure and use the platform. Data is hosted on reputable, encrypted cloud infrastructure with automated backups and point-in-time restore.

Ship links your compliance team is happy with.

Start free, or talk to us about enterprise governance, a signed DPA, and volume needs.