Skip to content
Swivel logo

Technology

Security & Trust

Swivel is built to handle customer data under the controls a retention team's security review will ask for. This page summarizes how data is isolated, who can access it, and how it's protected.

Sign-off

Agents propose. Your team approves.

Before an offer, message, or escalation reaches a customer, a designated person reviews the action, the reason, and the evidence behind it.

  1. 1

    Proposed action

    What the agent wants to send or trigger.

  2. 2

    Reasoning trace

    The signal, logic, and source data behind the recommendation.

  3. 3

    Human decision

    Approval or rejection is recorded with reviewer and timestamp.

Observability

Every recommendation leaves a record.

The audit trail shows the action, trigger, sources, reviewer, and outcome in a format humans can read and systems can export.

Example trace

Action

Send save offer: 20% discount for annual plan

Why

Renewal in 9 days. Usage down 40%. Offer is within the approved discount ceiling.

Sources

Billing / StripeProduct events / SegmentCRM / Salesforce

Human-approved · logged 2026-06-08 14:32 UTC

Data handling

No customer PII required.

Swivel works from behavioral signals: usage, billing state, tenure, lifecycle stage, and engagement patterns. Names, emails, and payment details stay in your systems.

  • No PII ingested

    Customer names, emails, and personal details are not needed for agent reasoning.

  • Behavioral signals only

    Usage, billing state, tenure, and lifecycle stage are enough to identify retention risk.

  • Your data stays in your stack

    Swivel reads through scoped credentials. It does not copy your data warehouse.

Infrastructure

Isolated by tenant, encrypted end to end.

Swivel runs a multi-tenant architecture with strict logical isolation, and protects your data in transit and at rest.

  • Tenant isolation

    Each customer's data is segregated by a tenant identifier. Every request is authenticated and scoped to the requesting tenant, so no cross-tenant access is possible.

  • Encryption in transit and at rest

    Data is encrypted in transit and at rest, and access to it follows the same least-privilege controls as the rest of the System.

Access control

Scoped, role-based, and revocable.

Agents get the minimum access needed for the job. No blanket CRM admin. No standing write access to customer records.

  • RBAC

    Reviewer, approver, admin, and read-only auditor roles.

  • SSO / SAML

    User access follows your identity provider.

  • Scoped integration credentials

    Each connection declares the specific scopes it needs.

  • Revocation

    Revoke a user or integration and agents stop using that source.

Deployment

Start simple. Tighten the perimeter when needed.

  • Cloud (default)

    Available

    Swivel-hosted on AWS in your preferred region. Fastest path to a proof process.

  • VPC / private cloud

    Available

    Deploy into your AWS or GCP VPC for stricter network control.

  • On-premises

    On request

    Available for environments where cloud deployment is not permitted.

FAQ

Common questions from security and procurement.

Talk to us.

We can walk through the approval flow, data access, and deployment model on one call.