Technology
Security & Trust
Swivel is built to handle customer data under the controls a retention team's security review will ask for. This page summarizes how data is isolated, who can access it, and how it's protected.
Sign-off
Agents propose. Your team approves.
Before an offer, message, or escalation reaches a customer, a designated person reviews the action, the reason, and the evidence behind it.
- 1
Proposed action
What the agent wants to send or trigger.
- 2
Reasoning trace
The signal, logic, and source data behind the recommendation.
- 3
Human decision
Approval or rejection is recorded with reviewer and timestamp.
Observability
Every recommendation leaves a record.
The audit trail shows the action, trigger, sources, reviewer, and outcome in a format humans can read and systems can export.
Example trace
Action
Send save offer: 20% discount for annual plan
Why
Renewal in 9 days. Usage down 40%. Offer is within the approved discount ceiling.
Sources
Human-approved · logged 2026-06-08 14:32 UTC
Data handling
No customer PII required.
Swivel works from behavioral signals: usage, billing state, tenure, lifecycle stage, and engagement patterns. Names, emails, and payment details stay in your systems.
No PII ingested
Customer names, emails, and personal details are not needed for agent reasoning.
Behavioral signals only
Usage, billing state, tenure, and lifecycle stage are enough to identify retention risk.
Your data stays in your stack
Swivel reads through scoped credentials. It does not copy your data warehouse.
Infrastructure
Isolated by tenant, encrypted end to end.
Swivel runs a multi-tenant architecture with strict logical isolation, and protects your data in transit and at rest.
Tenant isolation
Each customer's data is segregated by a tenant identifier. Every request is authenticated and scoped to the requesting tenant, so no cross-tenant access is possible.
Encryption in transit and at rest
Data is encrypted in transit and at rest, and access to it follows the same least-privilege controls as the rest of the System.
Access control
Scoped, role-based, and revocable.
Agents get the minimum access needed for the job. No blanket CRM admin. No standing write access to customer records.
RBAC
Reviewer, approver, admin, and read-only auditor roles.
SSO / SAML
User access follows your identity provider.
Scoped integration credentials
Each connection declares the specific scopes it needs.
Revocation
Revoke a user or integration and agents stop using that source.
Deployment
Start simple. Tighten the perimeter when needed.
Cloud (default)
AvailableSwivel-hosted on AWS in your preferred region. Fastest path to a proof process.
VPC / private cloud
AvailableDeploy into your AWS or GCP VPC for stricter network control.
On-premises
On requestAvailable for environments where cloud deployment is not permitted.
FAQ
Common questions from security and procurement.
Talk to us.
We can walk through the approval flow, data access, and deployment model on one call.