Security at Swooni

Security

Last updated: 04/03/2026

We build Swooni for real relationships, so trust is part of the product. This page explains how we protect your data, how you can export it, and how account deletion works.

Overview

This is a plain-language summary of Swooni's current security practices for customers, partners, and reviewers. We organize our controls around common Cloud Security Alliance CAIQ/CCM themes: identity and access, data security, application security, incident response, and lifecycle governance.

Security at a glance

  • Authentication and account management are handled with managed identity services (Clerk).
  • Card payments are processed by Stripe. Swooni does not store full payment card numbers.
  • Data export is available in-app as CSV.
  • Account deletion is available in-app and triggers a deletion workflow.
  • User media cleanup includes removal of profile files from storage during deletion workflows.

Security Controls

Identity and access

  • Users authenticate through managed identity infrastructure.
  • Internal admin access is role-gated.
  • Account deletion for internal staff domains is restricted by policy and workflow checks.

Data handling and storage

  • Core app data is stored in managed backend infrastructure.
  • Profile media is stored in managed object storage (Cloudflare R2).
  • Transport is encrypted via HTTPS/TLS for client-to-server communication.

Application and platform security

  • Security-sensitive flows (account deletion, relationship cleanup, data export) are implemented server-side.
  • Payment processing is delegated to PCI-focused payment infrastructure (Stripe).
  • We continuously maintain dependencies and fix security defects as part of regular release work.

Your Data Rights

Download your personal data

You can export your personal data from the app in CSV format. The export includes profile details and relationship event history captured in Swooni.

  • Export is available in-app from account/security settings for eligible active accounts.
  • Exports are rate-limited to once every 7 days.
  • If export fails, you can contact us for support.

Delete your account

You can start account deletion directly in the app. Deletion workflows deactivate relationship state, mark the account as deleted, and schedule identity-provider account cleanup.

  • Deletion is designed to be irreversible for end users.
  • Associated profile media is removed during deletion workflows where applicable.
  • Some records may be retained when required for legal, fraud, or financial reconciliation obligations.

Security Operations

Incident response

If we identify a security incident, we follow a documented response workflow: triage, containment, remediation, and recovery. When required, we notify affected users and relevant authorities in line with applicable law.

Vulnerability management

We address vulnerabilities through regular dependency updates, defect triage, and prioritized remediation in product releases.

Contact and security requests

For privacy or security questions, email privacy@swooni.io. For account support, email care@swooni.io.

If your organization needs a security questionnaire, share your required template and we will respond to the applicable control areas.

We're on a mission to make the formula for lasting love accessible to every couple,
everywhere. Join us!