NewPrava v3.0 — 30 security modules now live.What's new →
  1. Home
  2. Privacy Policy

Privacy Policy

Last updated: May 2025

Summary

SwiftSafe operates Prava Next-Gen AI at prava.ai. This policy explains what data we collect, why we collect it, how we protect it, and the rights you have. We are GDPR and DPDP 2023 compliant. Contact privacy@swiftsafe.com for any privacy matter.

1. Overview

SwiftSafe ("we", "us", "our") operates the Prava Next-Gen AI cybersecurity platform at prava.ai. This Privacy Policy applies to all visitors, users, and customers of our platform and explains how we collect, use, share, and protect personal data.

2. Data We Collect

  • Account data: name, work email, company name, role.
  • Usage data: scans initiated, modules accessed, AI query volume, dashboard interactions.
  • Technical data: IP address, browser type, device identifiers, timestamps.
  • Scan target data: processed ephemerally on isolated VM instances and destroyed after task completion per NIST SP 800-88. Not retained.
  • Communications: messages you send through contact forms, support tickets, or sales inquiries.

3. How We Use Data

  • To provide, maintain, and improve the Prava platform.
  • For security, fraud prevention, and platform integrity.
  • To meet legal, regulatory, and compliance obligations.
  • To send service notifications and, with your consent, product updates.
  • For internal analytics aimed at improving the user experience.

4. Data Retention

  • Account data: duration of your account plus 30 days post-deletion.
  • Scan data: ephemeral — deleted after task completion, no cross-session persistence.
  • Analytics: 24 months rolling.
  • Deletion standard: NIST SP 800-88 Clear/Purge/Destroy with Certificates of Destruction where required.

5. Data Sharing

We do not sell personal data. We share data only with vetted sub-processors under mandatory Data Processing Agreements (DPAs) and Standard Contractual Clauses where required. Categories include: cloud infrastructure (GCP), email service providers, customer support tooling, and analytics.

6. Your Rights

Under GDPR you have the right to access, rectification, erasure, portability, restriction of processing, and objection. Under DPDP 2023 (India) you have rights to correction, erasure, and grievance redressal. We respond to rights requests within 30 days, extendable to 60 days for complex requests.

7. International Transfers

For transfers outside the EU/UK, we use Standard Contractual Clauses (SCCs). Where applicable jurisdictions have adequacy decisions, those frameworks apply.

8. Security

AES-256 encryption in transit and at rest. Ephemeral compute environments. Annual independent penetration testing. AI governance aligned to ISO/IEC 42001. Annex A controls aligned to ISO 27001:2022 (certification in progress).

9. AI-Specific Processing

AI outputs include source attribution for verifiability. Human oversight is required before enforcement actions are taken on the basis of AI findings. DPIA conducted for new AI processing activities involving special category data, large-scale processing, or systematic profiling.

10. Cookies

We use session cookies for authentication and (with consent) analytics cookies. We do not use third-party advertising cookies. See our Cookie Policy for details.

11. Contact

For privacy inquiries: privacy@swiftsafe.com
Data Protection Officer: dpo@swiftsafe.com
DPDP grievance (India): grievance@swiftsafe.com

12. Changes

We notify users at least 30 days in advance of any material changes to this Privacy Policy.