Your data is protected
at every layer
We take the security of your property data, client information, and account credentials seriously. Here's how SwiftListAgent keeps your information safe.
Last updated: May 17, 2026
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). This includes form submissions, file uploads, and API calls. No data ever travels unencrypted.
Encryption at Rest
Your data is stored on Supabase PostgreSQL with AES-256 encryption at rest. Database backups are encrypted and stored securely. Your property photos are stored with access controls that prevent unauthorized access.
Secure Authentication
Passwords are hashed with bcrypt (never stored in plain text). Sessions use signed JWT tokens with expiration. Account lockout protects against brute-force attempts. Token revocation ensures logged-out sessions can't be reused.
CSRF & Request Protection
Every state-changing request is protected with CSRF tokens to prevent cross-site request forgery. Rate limiting prevents abuse of registration, login, and AI generation endpoints.
Payment Security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never store credit card numbers, CVVs, or full card details on our servers. Webhook signatures are cryptographically verified.
Data Isolation
Application-level access controls scope user data to the owning account. Every query that reads or modifies your data is checked against your authenticated session. Agents within a brokerage have scoped access controlled by their team role. API keys and secrets are stored as environment variables, never in code.
How we handle your data with AI
SwiftListAgent uses Anthropic's Claude AI to generate marketing content. When you submit a property, we send the property details and your brand profile to Claude's API. Anthropic does not use API inputs to train their models. Your listing data stays private and is not used to improve AI models.
Generated content is stored in your account and can be edited, regenerated, or deleted at any time. We do not share your property data, listing photos, or generated content with any third party beyond what is necessary to provide the service.
Fair Housing compliance
Every piece of AI-generated content is automatically scanned for Fair Housing Act compliance. Our system checks for discriminatory language related to race, color, religion, sex, national origin, familial status, and disability. Flagged content is rewritten before being delivered to you.
Administrators can configure additional banned words and keyword rules to match their brokerage's compliance policies.
Have a security question or want to report a vulnerability?
Contact Security Team