Your plan. Your keys.
Your audit log.
SwarmStack runs your Sessions on tenant-isolated infrastructure with mandatory row-level security, append-only audit logs, and zero-retention LLM contracts by default. Bring your own Anthropic key on Team plans. Bring your own database on Enterprise. We orchestrate; you own the data.
Observation window opened Q1 2026. Letter available under NDA.
Anthropic ZDR endpoint by default — your Briefs are not retained or used to train models.
CI fails the build if any domain table is missing row-level security or its policy.
What's true on every plan, every Session.
Row-level security, forced.
Every domain table carries tenant_id, RLS is FORCE-enabled on every one of them, and every request runs SET LOCAL app.tenant_id inside its transaction. CI fails the build if any table is missing the policy.
Every MCP call signed.
HMAC-signed JWT bearer on every /mcp request — carrying tenant, participant, session, and expiry. There are no unauthenticated tools. Suspension takes effect within seconds via a per-request check.
Zero data retention by default.
Orchestrator synthesis runs against Anthropic's Zero Data Retention endpoint. Your Brief, Glossary, and SwarmPlan are not retained by Anthropic and are not used to train models.
Untrusted-content envelopes.
Every Participant-authored string is wrapped before it reaches a model prompt, and an output filter rejects synthesized text matching instruction-to-system patterns. Prompt injection cannot exfiltrate another participant's contribution.
Append-only, ≥1 year retention.
Every state mutation lands one row in audit_events. No UPDATE, no DELETE. Pull your own log any time via GET /api/v1/audit — you see every read of your data.
PCI SAQ-A scope.
Stripe.js iframes collect card data; SwarmStack's server never sees a primary account number. KYC, AML, and payouts run on Stripe Connect Express.
Your data, your keys — at whatever depth you need.
Every tier inherits the floor above. Higher tiers cede progressively more data residency and key custody to you. The orchestrator runs on SwarmStack; the schemas and the IP are ours; the data is yours.
Shared multi-tenant cluster
- All floor controls (above)
- Anthropic ZDR by default
- TLS 1.3 in transit, AES-256 at rest
- DPA on request
- Your own audit log
Bring your own LLM key
- Everything in Pro
- Bring-your-own Anthropic key — Anthropic bills you, your ZDR contract applies
- Per-Session redaction mode for SME views
- Per-Session NDA gate on SME invites
- Pseudonymous SME mode
Customer-managed encryption
- Everything in Team
- Customer-managed encryption keys (CMEK) for column-level encryption
- Per-tenant retention overrides
- Audit-log export to your SIEM
- Named security contact + quarterly review
Single-tenant or BYOC
- Everything in Business
- Dedicated tenant in your chosen Fly region
- Or BYOC: customer-owned Postgres, VPC, KMS
- Pen-test report + SOC 2 letter under NDA
- Custom DPA and security questionnaire response
The SME wall, by design.
What an SME sees
- · The Brief (or a redacted Brief on Team plans).
- · Their own assigned Task.
- · The orchestrator-synthesized SwarmPlan so far.
- · The current Glossary and Decision Records.
What an SME never sees
- · Other Participants' raw task_complete contributions.
- · Other Sessions, other tenants, or other SMEs' work.
- · Anything you redact in the Brief (Team plans).
- · Your real identity, if you choose pseudonymous mode.
SMEs are KYC'd through Stripe Connect, sign per-Session confidentiality terms on acceptance, and can be suspended within seconds if a Creator reports a leak. Their bearer token is scoped to one Session, expires automatically, and cannot be replayed against another.
Every vendor, what they touch, where they sit.
| Vendor | Purpose | Data class | Region |
|---|---|---|---|
| Anthropic | LLM inference (Orchestrator synthesis) | Brief, Glossary, Task contributions (ZDR endpoint) | US |
| Fly.io | Application + Postgres hosting | All Session data at rest | US (region of your choice on Business+) |
| Vercel | Web frontend hosting | Session metadata in transit; no LLM payloads | Global edge |
| Stripe (Connect Express) | Payments, KYC, payouts | Payment metadata; PII for KYC; no PAN touches our server | US |
| Resend | Transactional email (invites, receipts) | Recipient email + invite/notification body | US |
| PostHog | Product analytics (usage + funnels) | Usage events keyed to your user id, device/UTM context; no Session content | US |
We notify customers at least 30 days before adding a new subprocessor that processes Session content. Subscribe to security@swarmstack.io for that list.
Questions security reviewers actually ask.
Does Anthropic train on my Sessions?
No. We route every Orchestrator call through Anthropic's Zero Data Retention endpoint, which contractually prevents retention beyond the request lifetime and excludes the content from model training. This is on by default for every plan — not a tier upsell.
Can a Remote Human Planner see my full plan?
No. SMEs see only the Brief, their own assigned Task, and the orchestrator-synthesized plan-so-far. They never see other Participants' raw contributions — the bearer token they hold literally cannot fetch them. On Team plans you can also enable per-Session redaction so company names, product codenames, and financial figures are pseudonymized before they reach the SME's view.
What happens if a SwarmStack employee accesses my data?
Every employee data-access path runs through the same RLS policies as a tenant. Production access is named, audited, requires a documented incident, and is logged into a separate immutable audit channel. There is no shared admin role that can SELECT across tenants.
What if you get subpoenaed?
We will challenge overbroad requests and notify affected customers unless legally prohibited. We do not voluntarily share customer Session content with third parties. Aggregated, non-identifying telemetry (counts, latencies, error rates) is used internally for reliability but is not customer-identifying.
Are you SOC 2 / ISO 27001 certified?
SOC 2 Type II observation window is in progress (opened Q1 2026); we expect to deliver the report in the second half of 2026. ISO 27001 is on the roadmap behind that. Business and Enterprise customers can review our current security posture, control matrix, and pen-test report under NDA today.
Can I self-host?
Enterprise customers can run SwarmStack as a dedicated tenant in a chosen region, or in their own cloud (BYOC) — customer-owned Postgres, VPC, and KMS, SwarmStack ships the orchestrator and scheduler as containers. We do not offer a fully air-gapped on-prem build today; talk to us if that's a hard requirement.
What about healthcare or legal data?
We hard-block both verticals at signup, in the database, and in the manual approval queue. SwarmStack is not a HIPAA Business Associate and we will not sign a BAA — these verticals are intentionally out of scope.
How do I delete my data?
Request deletion in-product or by email and we will purge your Session content within 30 days. Audit rows are retained per the append-only contract — the user FK is nulled for GDPR Article 17(3)(e) but the forensic chain is preserved.
Need our DPA, security questionnaire, or pen-test letter?
We turn around standard vendor-security packets in two business days. Custom questionnaires from regulated buyers take a week.