Security Policy

Schedule a Demo

Last Updated: 4 December 2024

i. Compliance

Sweed ensures compliance with applicable legal, contractual, and regulatory requirements by maintaining robust security and privacy policies, standards, and procedures.

Consumer Rights Requests

  • Sweed serves customers across North America, where privacy laws grant specific rights to individuals.
  • Customers using Sweed services may collect personal information ("Customer Data"). Sweed processes this data based on customer instructions and holds them responsible for compliance with privacy laws.
  • For consumer rights requests related to data collected by Sweed's customers, please contact the respective customer directly. Sweed will assist them in fulfilling these requests.
  • To exercise rights concerning personal data collected by Sweed directly, email [email protected]. Requests may require verification of your identity or additional details (e.g., name, email, phone number). Authorized agents can also submit requests with signed permission and verified identity.
  • For more information, please review Sweed's Privacy Policy.

SOC Reports

  • SOC 1 Report: Available upon request with a signed Non-Disclosure Agreement (NDA).
  • SOC 2 Report: Available upon request with a signed NDA.

ii. Product Security

Sweed is committed to integrating security into every phase of its Software Development Life Cycle (SDLC) and adheres to industry best practices, including OWASP, NIST, and similar frameworks.

Data Security

  • Data Encryption at Rest:
    • All non-public information is encrypted at rest by default, including column-level encryption for sensitive data (PII, ePHI).
    • Sweed uses only FIPS 140-2 compliant encryption algorithms (U.S.A. only).
  • Data Encryption in Transit:
    • Data transmissions over untrusted networks and remote connections are encrypted using secure protocols.
    • FIPS 140-2 compliant encryption is strictly enforced.
  • Password Encryption:
    • Sweed manages cryptographic keys throughout their lifecycle per best practices.

iii. Privacy

Before using Sweed services or submitting personal information, please review our Privacy Policy.

  • Data Removal Requests: Customers may request data removal via Sweed's support channels.
  • Data Retention: Sweed retains data in compliance with its Data Classification Policy, regulatory requirements, and contractual obligations.

iv. Incident Management

  • Incident Response Program: Sweed has established an incident response program to detect, contain, investigate, and remediate threats. Key components include:
    • Incident response plans, playbooks, and a documented reporting process.
    • Incident response drills and annual testing to ensure process effectiveness.
  • Data Breach Notifications: Sweed complies with all legal requirements for breach notifications and follows its Breach Notification Response Plan.

v. Availability and Reliability

  • Denial of Service (DoS) Protection: Sweed employs advanced tools and methods to mitigate DoS attacks.
  • Quality Assurance: All product changes undergo rigorous multi-stage quality testing before release.
  • Service Monitoring: Sweed's infrastructure is monitored continuously by trained teams.

vi. Organizational Security

  • Background Checks: Performed on all candidates based on applicable laws and ethical standards.
  • Security Training:
    • New employees complete security awareness training within 30 days of access to Sweed resources.
    • Ongoing security reminders, updates, and annual training are conducted, with attendance tracked by the Data Protection Officer.
  • Workstation Security: All company-issued devices are encrypted per Sweed's Encryption Policy.

vii. Business Continuity

  • Data Backups: Daily backups are performed and regularly tested to ensure accuracy and completeness.

viii. Infrastructure

  • Multi-Regional Architecture: Sweed leverages a multi-layered security approach, including Zero Trust Architecture, to protect its infrastructure.

ix. Threat Management

  • Penetration Testing: Conducted annually by third-party experts. Reports are available upon request with an NDA.
  • Vulnerability Scanning: Sweed continuously scans its code, containers, software dependencies, and infrastructure for vulnerabilities and misconfigurations, prioritizing remediation based on risk.

Schedule a Demo

Empower Revenue Growth and Boost Cost Efficiency With Our Expert Assistance

Holistic Experience

Manage your entire cannabis retail seamlessly on one platform, no third-party systems necessary.

True Partnership

Tailored solutions, seamlessly integrated with your team.


One platform to manage all cannabis retail operations