Skip to main content
← Sward SyncContact

Last updated 14 July 2026

Security and data handling

Sward Sync is designed around supported APIs, narrow permissions, draft-first synchronization, and explicit data ownership.

Current architecture commitments

  • Documented Confluence Cloud and Freshdesk APIs only.
  • No Freshdesk session cookies, CSRF tokens, browser automation, or private editor endpoints.
  • One-way synchronization with stable mappings and content hashes.
  • Draft destinations by default and conflict detection before overwriting changes.
  • Structured logs with secret and customer-content redaction.
  • Managed images in EU-region object storage with reference-aware cleanup.

Website and beta applications

The landing application is hosted on Vercel with restrictive browser security headers. Beta submissions are size-limited, validated, same-origin checked, and written server-to-server to Supabase through its authenticated Data API. Stable idempotency keys prevent duplicate rows. The submission function and database are configured for Stockholm.

Subprocessor status

ProviderPurposeStatus/location
VercelWebsite delivery and beta form computeCompute configured for Stockholm; global delivery network
Amazon Web ServicesManaged documentation imagesStockholm region in the technical proof; production controls pending beta
SupabasePostgreSQL storage for beta applicationsStockholm, Sweden (eu-north-1); row-level security and private server access
Atlassian / FreshworksCustomer-directed source and destination systemsCustomer accounts and vendor-selected regions

Not yet claimed

The product is not currently represented as SOC 2 certified, ISO 27001 certified, HIPAA compliant, or suitable for regulated special-category data. A production security review, dependency monitoring, incident process, recovery exercise, and customer data-processing agreement are required before general availability.

Reporting a concern

Please report suspected vulnerabilities privately to sam@swardsolutions.com. Include reproduction steps without customer content or active secrets.

© 2026 Sward Solutions AB · Org. no. 559573-3436
PrivacyTermsSecurity