Trust and security.
How Swift Boulder protects website, client, and project data across its public site and professional services work.
§ 01Security program
Swift Boulder uses practical security controls appropriate for a small professional services studio handling client website and SEO data.
Swift Boulder maintains a practical security program for its public website and client engagements. Our controls focus on least-privilege access, credential hygiene, secure development, encrypted transport, vendor review, incident response, and careful retention of client data.
§ 02Access control
We use two-factor authentication, unique accounts, least privilege, and credential vaulting.
- Two-factor authentication is required for core business systems where supported.
- Team access is role-based and limited to what the engagement requires.
- Client credentials are stored in password-manager vaults, not in chat threads or documents.
- Access is reviewed and removed when it is no longer needed.
§ 03Data protection
We use HTTPS, encrypted vendor platforms, limited retention, and separation between client workspaces.
- HTTPS/TLS is used for the public website and managed client environments where available.
- Client project data is kept in access-controlled workspaces.
- We avoid collecting sensitive personal information unless it is necessary for the engagement.
- Credentials and tokens are rotated or deleted when an engagement ends or access is no longer needed.
§ 04Secure development
We prefer simple architecture, static rendering where possible, dependency review, and production build checks.
- We use source control and review changes before deployment.
- We run production builds before shipping website changes.
- We prefer static generation and minimal client-side code where it fits the project.
- We patch known dependency vulnerabilities when reasonably available.
§ 05Vendors and subprocessors
We use vendors for hosting, DNS/CDN, email, project management, payments, and client-authorized tools.
Vendor access is limited to the service purpose. Our public subprocessor list is published at /subprocessors. Client-specific tools may be listed in the applicable SOW, DPA, or project workspace.
§ 06Incident response
We investigate credible reports, contain issues, preserve evidence, notify affected clients, and meet legal notice obligations.
If we identify a security incident affecting personal data or client confidential information, we work to contain and investigate it, document what happened, notify affected clients without undue delay, and support legally required notices. Where GDPR applies and notification is required, we support controller obligations including the 72-hour supervisory authority timeline.
§ 07Certifications
Swift Boulder does not currently claim SOC 2, ISO 27001, PCI-DSS certification, or HIPAA compliance for the public site.
We do not currently publish a SOC 2 report, ISO 27001 certificate, PCI-DSS attestation, HIPAA business associate agreement, or formal uptime SLA for the public website. If a client needs specific compliance terms, certifications, or audit rights, those must be addressed in the signed SOW, MSA, DPA, or vendor architecture.
§ 08Reporting security concerns
Send security concerns to legal@swiftboulder.com with enough detail for us to reproduce or investigate.
For legal, privacy, security, or accessibility questions, contact us here:
SWIFT BOULDER LLC
Attn: Legal
1371 Highland Ave
Sheridan, WY 82801
USA
legal@swiftboulder.com
+1 (314) 689-3721