Skip to main content

Security

Last updated: February 23, 2026

At SwoopClean (operated by Astro Ventures LLC), protecting your data is a core part of how we build and operate our platform. This page describes the security measures we employ to safeguard your personal information, property data, photos, and payment details.

1. Infrastructure Security

Our platform is built on modern, secure cloud infrastructure:

  • Hosting: Our application is deployed on industry-leading cloud platforms with SOC 2 Type II certifications, redundant systems, and 24/7 monitoring.
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections.
  • Encryption at Rest: All stored data, including photos and personal information, is encrypted at rest using AES-256 encryption.
  • Database Security: Our database uses row-level security policies, ensuring users can only access their own data. Administrative access is restricted and audited.

2. Photo Data Security

We understand that photos of your home are sensitive. Here is how we protect them:

  • Upload Security: Photos are transmitted over encrypted HTTPS connections and stored in encrypted cloud storage.
  • AI Processing: Photos sent to Google Gemini for analysis are transmitted over encrypted channels. Google processes images under a data processing agreement that prohibits use of your photos for training their general AI models.
  • Access Control: Only the assigned cleaning professional and authorized SwoopClean staff can view photos associated with a booking.
  • Automatic Deletion: Photos are automatically purged 90 days after upload. You may request immediate deletion at any time.
  • No Third-Party Sharing: Photos are never shared with marketers, advertisers, or any third party unrelated to your cleaning service.

3. Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor:

  • No Card Storage: SwoopClean never stores, processes, or has access to your full credit card numbers. All payment data is handled directly by Stripe.
  • PCI Compliance: Stripe maintains the highest level of PCI DSS compliance, audited annually by an independent assessor.
  • Tokenization: Payment methods are tokenized by Stripe, meaning we only store a reference token that cannot be used to make charges without our Stripe integration.
  • 3D Secure: We support 3D Secure authentication for additional payment verification when required by your card issuer.

4. Independent Contractor Data Protection

We also protect the personal information of cleaning professionals who use our platform:

  • Background Checks: Background check data is handled by certified third-party screening providers and is not stored on our servers beyond the verification result.
  • Limited Customer Data Sharing: Cleaning professionals receive only the information necessary to perform a service (customer name, address, and specific cleaning instructions). They do not have access to your payment information, full account details, or photos after service completion.
  • Secure Communication: All communication between customers and cleaning professionals is facilitated through our platform, protecting both parties' personal contact information.

5. Application Security

  • Authentication: We use secure authentication with hashed and salted passwords. Multi-factor authentication is available for all accounts.
  • Session Management: Sessions are managed with secure, HttpOnly cookies with appropriate expiration policies.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks and cross-site scripting (XSS).
  • Dependency Management: We regularly update dependencies and monitor for known vulnerabilities in third-party libraries.
  • Vulnerability Assessments: We conduct regular vulnerability assessments and code reviews to identify and remediate security issues. We do not currently engage third-party penetration testing firms, but we continuously evaluate our security posture.

6. Incident Response

In the event of a data breach or security incident:

  • We will investigate and contain the incident immediately.
  • Affected users will be notified within 72 hours as required by applicable law.
  • We will provide clear information about what data was affected and steps you can take to protect yourself.
  • Relevant regulatory authorities will be notified as required.

7. Vulnerability Reporting

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue with our platform, please report it to:

Email: security@swoopclean.com

Please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact
  • Any suggested remediation

We ask that you give us reasonable time to investigate and address the issue before disclosing it publicly. We will not take legal action against researchers who report vulnerabilities in good faith.

8. Contact

For security-related questions or concerns:

Astro Ventures LLC d/b/a SwoopClean
#1305, 700 El Camino Real Suite 120
Menlo Park, CA 94025
Security: security@swoopclean.com
General: admin@swoopclean.com
Phone: (650) 410-2468