SOC 2 Type II · ISO 27001 · GDPR

Your passport. Protected at every layer.

SwiftPass handles passports, financial records, and immigration paperwork. Security is not a feature — it is the foundation every layer of the platform is built on.

AES-256 Encryption
SOC 2 Type II
AWS Multi-Region
24/7 Monitoring
4.8
on Google

Independently certified

SOC 2 Type II
ISO 27001
GDPR
CCPA
PCI DSS Level 1

How we protect you

Four independent layers of defence.

A breach of any single layer cannot compromise your data. Every layer must fail simultaneously for data to be exposed.

Encryption

AES-256 at rest · TLS 1.3 in transit

  • All data encrypted before writing to disk — AES-256
  • Perfect forward secrecy on all connections
  • Encryption keys stored in hardware security modules (HSMs)
  • Even our engineers cannot read your stored documents

Access Controls

RBAC · 2FA · Zero standing privileges

  • Role-based access: staff see only what their role requires
  • Mandatory 2FA for all internal systems
  • Zero standing privileges — no permanent admin access
  • All data access logged and monitored in real time

Monitoring

24/7 IDS · Anomaly detection · Instant alerts

  • Real-time intrusion detection across all systems
  • Machine-learning anomaly detection on all traffic
  • Security team alerted within minutes of any anomaly
  • GDPR-mandated 72-hour breach notification guarantee

Document Security

Virus scan · Encrypted upload · Auto-delete

  • Every upload virus-scanned before processing
  • Documents encrypted immediately on receipt
  • Access restricted to your assigned specialist
  • Auto-deleted 90 days after application closes

Technical specification

The numbers behind the claim.

EncryptionData at restAES-256
EncryptionData in transitTLS 1.3 + Perfect Forward Secrecy
EncryptionKey managementAWS KMS Hardware Security Modules
InfrastructureCloud providerAmazon Web Services (multi-region)
InfrastructureDDoS protectionAWS Shield Advanced
InfrastructureUptime SLA99.9% guaranteed
RecoveryRecovery Time Objective (RTO)Service restored within 4 hours
RecoveryRecovery Point Objective (RPO)Maximum 15 minutes of data loss
RecoveryBackup retention30 days (daily), 1 year (weekly archive)
PatchingCritical patchesApplied within 24 hours
PatchingSecurity patchesApplied within 7 days
ComplianceBreach notificationWithin 72 hours (GDPR)
CompliancePenetration testingAnnual third-party + quarterly internal

Incident response

What happens if something goes wrong.

We maintain a fully documented, rehearsed response plan. Quarterly drills. 24/7 on-call security.

01

Detection & triage

Within minutes

Automated systems detect anomalies and page the on-call security engineer immediately.

02

Containment

Within 1 hour

Affected systems isolated to prevent spread. Service continues on backup infrastructure.

03

Forensic investigation

Ongoing

Root cause analysis to understand scope, attack vector, and data affected.

04

User notification

Within 72 hours

All affected users notified. Regulatory bodies informed as required by GDPR.

05

Remediation & hardening

Post-incident

Vulnerability patched, controls tightened, retrospective published internally.

Security questions

Common security questions.

Found a vulnerability?

We take security reports seriously and are committed to responsible disclosure. If you've discovered a vulnerability, contact our security team directly. We will respond within 24 hours, keep you updated, and credit you publicly if you choose.

security@swiftpassimmigration.com
4.8
on Google

Apply with confidence.
Your data is safe with us.

Over 1,000 applicants have run their visa through SwiftPass. AES-256 encryption. SOC 2 certified. Zero data sold, ever.

Start ApplicationSee pricing
AES-256 encrypted
SOC 2 Type II
GDPR compliant