Find high‑potential outlets and clusters with expected GMV - expand coverage where conversion odds are highest.  Find New Markets →

SwishX Trust & SLA

Last updated: 2025-12-13

This Trust & SLA document summarizes SwishX security, compliance, privacy, reliability, and support practices. Where a signed order form, master agreement, or customer-specific SLA exists, the contractual documents prevail.

1. Trust Principles

  • Security by design: confidentiality, integrity, and availability are built into the platform architecture.
  • Permission-aware intelligence: pAI is designed to respect roles and permissions and operate within configurable guardrails.
  • Auditability: key actions and administrative events are logged to support governance.
  • Operational maturity: documented processes for incident response, change management, and vendor risk management.

2. Compliance and Privacy Program

  • SOC 2 compliant information security controls (scope may include security, availability, and confidentiality).
  • ISO/IEC 27001 aligned Information Security Management System (ISMS).
  • GDPR compliance program, including support for Customer data protection obligations and data subject rights processes.
  • Compliance reports and certifications may be made available to Customers on request, subject to confidentiality obligations.

3. Technical Safeguards

3.1 Encryption

  • Encryption in transit: TLS for network communications.
  • Encryption at rest: encryption for stored data and backups.
  • Key management: keys are protected and access is restricted to authorized personnel and systems.

3.2 Access Controls

  • Role-based access control (RBAC) for platform users and administrators.
  • Least privilege and separation of duties for administrative access.
  • Support for SSO (e.g., SAML/OIDC) and multi-factor authentication where enabled.
  • Audit logs for authentication events and privileged actions.

3.3 Network and Infrastructure Security

  • Logical environment separation (e.g., production vs staging where applicable).
  • Firewalling, network segmentation, and monitoring.
  • Centralized logging and alerting for security and availability signals.

4. Secure Development Lifecycle

  • Code review and change control for production releases.
  • Automated testing and quality gates for critical components.
  • Dependency and vulnerability scanning for third-party libraries.
  • Periodic penetration testing and remediation tracking.

5. Vulnerability Management

SwishX maintains a vulnerability management process to identify, prioritize, and remediate security issues. Critical vulnerabilities are addressed on an expedited basis, including patching and compensating controls.

6. Incident Response

  • Defined incident severity levels and escalation paths.
  • Investigation, containment, eradication, and recovery procedures.
  • Root cause analysis for major incidents and preventive actions.
  • Customer communications appropriate to severity and contractual commitments.

7. Business Continuity, Backups, and Recovery

  • Regular backups to support restoration and integrity.
  • Recovery processes to restore platform services after disruptive events.
  • Customer-specific RPO/RTO commitments, if any, will be documented in the applicable order form or security addendum.

8. pAI Safety and Enterprise AI Controls

  • Access-bound answers: pAI should only retrieve data that the requesting user is authorized to access.
  • Guardrails and approvals: workflow actions can be restricted and require approvals based on Customer policy.
  • Auditability: pAI interactions and actions can be logged for governance and investigation.
  • Data separation: tenant isolation prevents cross-customer data access.

Note: Customers remain responsible for validating AI outputs and for the decisions they make using the Services.

9. Subprocessors and Third-Party Tools

SwishX uses carefully selected subprocessors to deliver the Services (e.g., cloud hosting, monitoring, support tooling). For marketing and website operations, SwishX may use tools such as Google Analytics, HubSpot, Lemlist, Apollo.io, and Microsoft 365. We maintain a subprocessor management process and can provide a current list of subprocessors to Customers on request.

10. Service Level Agreement (SLA)

10.1 Availability

Standard Availability Target: 99.5% monthly uptime, excluding scheduled maintenance, force majeure events, customer-caused incidents, and upstream network failures.

10.2 Support Hours

Standard Support Hours: Monday to Friday, 09:00–21:00 IST (excluding public holidays).

10.3 Severity Definitions and Targets

Severity Definition (examples) Response Target Workaround Target Resolution Target
P1 Critical outage, data corruption, or security incident materially affecting production use ≤ 2 hours ≤ 8 hours ≤ 48 hours
P2 Severe degradation or major feature failure with significant business impact ≤ 4 hours 3–5 business days
P3 Functional issue / minor defect 1 business day Next planned release
P4 How-to requests / configuration assistance 2 business days As planned

10.4 Service Credits (Illustrative)

If availability falls below the target in a given month, SwishX may provide service credits applied against the affected month's subscription fees. Service credits are typically the exclusive remedy for availability SLA breaches under the applicable agreement. The exact credit schedule and caps are specified in the Customer's order form.

Measured Monthly Uptime Illustrative Credit (applied to that month's subscription fee)
≥ 99.5% 0% (meets target)
≥ 98.0% and < 99.5% Up to 5%
≥ 95.0% and < 98.0% Up to 10%
< 95.0% Up to 15% (typical monthly cap)

Additional credits may apply for repeated P1 incidents beyond a baseline, subject to an overall monthly cap. Chronic SLA failures over multiple months may provide termination rights, as specified in the applicable order form.

10.5 Exclusions

  • Issues caused by Customer systems, third-party services not controlled by SwishX, or Customer misuse.
  • Scheduled maintenance with prior notice.
  • Connectivity issues between Customer networks and the internet or upstream provider outages.

11. Data Return and Deletion

Upon termination of an Enterprise Agreement, Customers may request export of Customer Data within a contractual window. After the export window, SwishX will securely delete or anonymize Customer Data, unless retention is required by law or contract.

12. Contact

Support: support@swishx.com
General: enterprise@swishx.com

Ask AI how SwishX powers pharma distribution

X

Book an Exploratory Call
with our leadership team.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Or
Book a Calendar Slot
X

Download Pharma Report 2026
Submit your info & we'll send you the full report for free

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.