Support Delivery Terms and Conditions
Standard and premium support deliverables, SLAs, terms and conditions.
Service Delivery Terms and Conditions
Professional services, training and TAM services, terms and conditions.
Swimlane’s SaaS Terms of Service and Software License Agreement – Direct Agreement
Managed Security Service Provider Addendum
SaaS Service Level Definition
Service Level Commitment
June 2026
Swimlane commits to provide 99.9% uptime with respect to the SaaS Software during each month of the Term, excluding periods of unavailability due to Excluded Items. If in any calendar month this uptime commitment is not met by Swimlane and Licensee was negatively impacted (i.e., attempted to log into or access the SaaS Software and failed due to the downtime of the SaaS Software not due to an Excluded Item), Swimlane shall provide Licensee, as Licensee’s sole and exclusive remedy, a service credit equal to the following:
| Monthly Hosting Services Availability | Percent of monthly fees provided as credit |
| <99.99% and >=99.0% | 4% |
| <99.0% and >= 98.5% | 8% |
| <98.5% and >= 98% | 12% |
| < 98.0% and >= 97% | 15% |
| < 97.0% and >= 96% | 30% |
| <96% | 50% |
Downtime shall begin to accrue as soon as Customer notifies Swimlane that downtime is taking place and will continue to accrue until service is restored. Credit is triggered for each period of 60 consecutive minutes of downtime, provided that no more than one such credit will accrue per day. If Customer requests maintenance during these hours, the SLA calculation will exclude periods affected by such maintenance. Any downtime resulting from outages of third-party connections or utilities or other reasons beyond the control of Swimlane will also be excluded from the calculation.
Exclusions
Swimlane shall not be responsible for any unavailability of the SaaS Software caused by the following (none of which shall constitute downtime) (collectively, “Excluded Items”):
- Scheduled maintenance.
- Any emergency maintenance if Licensee is notified of such emergency maintenance at least two days in advance.
- The inability, through no fault of Swimlane, of Licensee to access the internet or properly use the SaaS Service.
- Any force majeure event impacting Licensee or Swimlane.
- The hardware, software, servers, networks, or other infrastructure of Licensee, including as a result of any bugs, errors, breakdowns, or faults of any of the foregoing, or outdated software or firmware; or
- Limitations on the bandwidth of Licensee’s internet connection or the failure of the internet connection to handle the number of users accessing the SaaS Software.
Credit Request
To receive a credit under this Addendum, Licensee must request the credit directly by sending an email to Swimlane at [email protected] within five days of the end of the applicable month. If Licensee is past due or in default with respect to any payment or any material contractual obligations to Swimlane, Licensee shall not be eligible for any credit under this Addendum. Swimlane shall calculate any service level downtime using Swimlane’s system logs and other records.
Updates
This Addendum may be amended by Swimlane in its sole discretion but only after providing thirty days advance notice to Licensee. Notices will be sufficient if provided to a user designated as an administrator of Licensee’s account either: (a) as a note on the screen of the SaaS Software presented immediately after completion of logging in, or (b) by email to the registered email address provided for the administrator(s) for Licensee’s account.
Privacy Policy
This privacy policy has been compiled to better serve those who are concerned with how their personally identifiable information (PII) is being used online.
Cookie Policy
Last Updated: March 9th, 2026
Swimlane (“Swimlane”, “we”, “us” or “our”) may use cookies, web beacons, tracking pixels, and other tracking technologies when you visit our website at https://swimlane.com, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively the “Site”). This Cookie Policy is part of and is incorporated into our Privacy Policy. By using the Site, you agree to be bound by this Cookie Policy and our Privacy Policy.
We reserve the right to make changes to this Cookie Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Cookie Policy. Any changes or modifications will be effective immediately upon posting the updated Cookie Policy on the Site, and you waive the right to receive specific notice of each such change or modification.
You are encouraged to periodically review this Cookie Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Cookie Policy by your continued use of the Site after the date such revised Cookie Policy is posted.
What is a Cookie and Why Do We Use Them?
“Cookies” are small text files that are stored on your computer or mobile device. They are widely used in order to make websites work, or work in a better, more efficient way. They can do this because websites can read and write these files, enabling them to recognize you and remember important information that will make your use of a website more convenient (e.g., by remembering your user preferences).
By using cookies, we may automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
What Cookies Do We Use?
Below we list the different types of cookies we may use on the Site.
How we Obtain your Consent
When you first visit our website, you will be presented with a cookie banner powered by our Consent Management Platform (Osano). Except for strictly necessary cookies, cookies and similar tracking technologies will not be deployed unless and until you provide your affirmative consent by selecting “Accept” or enabling specific categories of cookies.
You may update or withdraw your consent at any time through our cookie banner or any available “Cookie Preferences” link on the Site.
We maintain records of user consent in accordance with applicable privacy laws.
Essential Cookies. These cookies are essential to our Site in order to enable you to move around it and to use its features. Without these absolutely necessary cookies, we may not be able to provide certain services or features and our Site will not perform as smoothly for you as we would like.
Performance Cookies. Performance cookies, which are sometimes called analytics cookies, collect information about your use of this Site and enable us to improve the way it works. For example, performance cookies show us which are the most frequently visited pages on the Site, allow us to see the overall patterns of usage on the Site, help us record any difficulties you have with the Site and show us whether our advertising is effective or not.
Functionality Cookies. In some circumstances, we may use functionality cookies. Functionality cookies allow us to remember the choices you make on our Site and to provide enhanced and more personalized features, such as customizing a certain webpage, remembering if we have asked you to participate in a promotion and for other services you request, like watching a video. All of these features help us to improve your visit to the Site.
Flash Cookies. We may, in certain situations, use Adobe Flash Player to deliver special content, such as video clips or animation. To improve your user experience, Local Shared Objects (commonly known as Flash cookies) are employed to provide functions such as remembering your settings and preferences. Flash cookies are stored on your device, but they are managed through an interface different from the one provided by your web browser. This means it is not possible to manage Flash cookies at the browser level, in the same way you would manage cookies. Instead, you can access your Flash management tools from Adobe’s website directly. The Adobe website provides comprehensive information on how to delete or disable Flash cookies. See here for further information. Please be aware that if you disable or reject Flash cookies for this Site, you may not be able to access certain features, such as video content or services that require you to sign in.
Targeting or Advertising Cookies. We and our service providers may use targeting or advertising cookies to deliver ads that we believe are more relevant to you and your interests. For example, we may use targeting or advertising cookies to limit the number of times you see the same ad on our Site and to help measure the effectiveness of our advertising campaigns. These cookies remember what you have looked at on the Site and we may share this information with other organizations, such as advertisers.
- Google Analytics. To help facilitate the delivery of relevant content, we use Google Analytics. Google Analytics uses cookies to report on user interactions on our and others’ websites. We use the data collected for optimizing marketing, refining advertising and/or programming strategies, and generally improving user experience. For more information about Google Analytics and how it collects and processes data, please visit: https://policies.google.com/technologies and instructions on opting out of Google Analytics using a specific plug-in is available at the following link: https://tools.google.com/dlpage/gaoptout . Note that this opt-out is specific to Google activities and does not affect the activities of other ad networks or analytics providers that we may use.
- Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. More information available here. We have not enabled Google AdSense on our Site but we may do so in the future.
- Facebook Analytics. We also use Facebook Analytics to measure your use of our Site, tailor our Site to your interests, and improve our products and services. Please note, Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at Facebook.com/about/privacy/. Please click here if you would like to withdraw your consent.
Third-Party Tracking Technologies
We use third-party service providers to assist us with analytics, advertising, marketing automation, and website optimisation. These providers may collect information directly from your browser or device when you visit our Site.
Third-party providers that may be used on our Site include:
- Google (Analytics, Tag Manager, Ads/DoubleClick)
- Meta Platforms, Inc. (Facebook)
- Marketo
- 6sense
- OptinMonster
- Osano (consent management)
We do not sell personal information for monetary compensation. However, certain advertising cookies may be considered “sharing” under applicable privacy laws.
How do I Control Cookies?
Most browsers are set to accept cookies by default. However, you may refuse to accept cookies from this Site at any time by activating the setting on your browser. You may also refuse to accept cookies through our cookie banner. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) to learn more and opt-out of interest-based advertising by clicking here. Please note that you will have to change your settings for each browser and device you use. Moreover, such methods will not work with respect to certain non-cookie online tracking technologies. The procedure for changing your settings and cookies differ from browser to browser. If necessary, use the help function on your browser or click one of the links below to go directly to the user manual for your browser.
Please be aware that if cookies are disabled (in particular the essential and functionality cookies), not all features of the Site may operate as intended.
Contact Us
We hope that this cookie policy helps you understand, and feel more confident about, our use of cookies. If you have any further questions, please see our privacy policy here or contact us at [email protected].
This page supplements the Swimlane Privacy Policy with product-level detail for how Swimlane Turbine and Hero AI process and protect data. Personal Data and other data you use in the Product are governed by your agreements and by the roles and practices described in the Privacy Policy. This page does not replace the Privacy Policy or your Master Subscription Agreement, Data Processing Addendum, and Order Form for binding terms, retention schedules, and regional commitments. For general questions about how Swimlane handles Personal Data, follow the Contacting us section at the end of the Privacy Policy.
1. Shared Privacy and Security Model
Turbine and Hero AI sit in a shared responsibility stack. Swimlane is responsible for the product and your tenancy. Cloud and model providers publish their own controls and commitments.
Layer | What Swimlane provides | Where to look next |
| Swimlane Turbine and Hero AI | Tenant isolation, access control, application security, how Hero AI builds prompts from records you allow, operational monitoring, and support in line with your subscription. | Hero AI Models and Trust Center. |
| Inference (Turbine Cloud) | Hero AI uses Amazon Bedrock in Swimlane’s AWS account. Model routing may use geo inference, global inference, or in-region inference depending on the model and your instance. For on-premise deployments, you can configure which cloud region to use for Hero AI requests. | Hero AI Models for regional availability by model and instance; AWS data privacy and Amazon Bedrock regional availability for how Bedrock processes and logs data. |
| Models | Foundation models on Amazon Bedrock (for example Anthropic Claude and other models available per your instance and feature). Swimlane does not train these models on your data for Hero AI. | Hero AI Models for default models, optional selections, and regional availability; Anthropic trust and security; Amazon Bedrock security and compliance; and related policy pages. |
2. Turbine Platform Data
2.1 What Turbine Stores
Turbine stores the data your organization puts into the platform (for example cases, playbooks, credentials metadata, and configuration) according to your deployment type and account settings. Standard Swimlane Turbine Cloud security measures include, at a high level only:
- Data at rest: Customer data and snapshots are encrypted with AES-256 before being written to disk; credential and password fields are encrypted in the database with AES-256 and a salt, as described in the Turbine product documentation.
- Data in transit: TLS 1.2 and 1.3 between clients and the platform, and between application servers and the database.
- Access control: RBAC to workspaces, applications, records, and fields; fine-grained permissions and (where you configure them) per-record or per-group access rules.
- Audit and administration: The platform captures audit logs for all changes; audit logging is always on. Users with the administrator role can access audit logs.
- Operational and compliance posture: Trust Center lists certifications and attestation that apply to Swimlane’s services.
2.2 Data Retention and Lifecycle (Administrative Controls)
Retention is driven by your policy and tenant settings, not by a single static number in this summary. For example, administrators can configure time-to-live for completed workflow runs and record history (when enabled), which affects how long certain operational and audit data is kept. For the full data lifecycle for your service (including backup and deletion programs), use your DPA and Trust Center.
3. Hero AI: Data Flow and Use
3.1 What Hero AI Is
Hero AI is Swimlane’s set of AI capabilities in Turbine (for example the Hero AI Companion, case and triage features, and Hero AI native action in playbooks), implemented with Amazon Bedrock as described in section 1 and the product documentation. Deployment can use Bedrock in Swimlane’s account or your organization’s own LLM provider through Custom LLM. Integrations you configure (for example connectors, APIs, or other third-party services) are separate from the core model path; data sent to those vendors is subject to your configuration, their terms, and your own assessments.
3.2 Training and Re-use of Customer Content
- Swimlane does not use customer Turbine or Hero AI content to train or fine-tune the foundation models used for Hero AI.
- Prompts and context for a request are transient inputs to the inference path (Bedrock) for that request; your business data remains in your Turbine data store, except as you export or connect it elsewhere.
- In line with the product documentation, Swimlane does not aggregate sensitive customer business content in a central repository for Hero AI. Operational metadata about model usage and performance (for health, reliability, and support) is handled separately; it is not a substitute for full document-level analytics in your tenant.
- Voluntary Customer Feedback for Hero AI:
- Within Turbine, users can optionally rate Hero AI Companion responses with thumbs up or thumbs down in the chat window. After a thumbs down, users can submit additional feedback and, at their discretion, include the prompt and response.
- When you submit this feedback, Swimlane receives the data you choose to send and may use it to investigate potential issues and inform product improvements. Voluntary feedback is not used to train foundation models. See Thumbs Up/Down Functionality and Feedback Options in the Turbine User Guide for how rating and submission work in the product.
3.3 Reliability and Model Configuration
To keep responses available during errors or high load, Hero AI can use fallback model tiers in a defined order, as described in the product documentation, rather than a single static endpoint. Exact model names and version strings may change as Swimlane and providers update the service; see section 1 for current models and regional behavior.
3.4 Opt-in and Product Governance
Hero AI must be enabled for your tenant. Customers can choose to opt out of Hero AI for their instance. To request to disable Hero AI, contact Swimlane Support through your subscription (or Contact Swimlane for general inquiries), consistent with the product guides.
3.5 Permissions and Data Visibility
- The Hero AI Companion can answer questions about data your users can access, within the same RBAC and visibility rules that apply in the UI. It cannot see applications or fields the user is not allowed to read.
- Administrators can restrict which applications, fields, and components are visible to Hero AI; restricted fields can remain hidden to Hero AI even if the application is visible.
3.6 Human Oversight and Playbooks
Automation and case workflows remain under your control. Playbooks and Hero AI-related components can be configured with visibility and, where applicable, human confirmation before a sensitive or downstream action runs. Administrators can also control which components Hero AI can execute. See How Hero AI Executes Components for component visibility and execution behavior. Hero AI can assist with analysis, summarization, and plan generation; it does not replace your own policies, approvals, or runbooks unless you design the workflow that way.
4. Frequently Asked Questions
| Question | Answer |
| Does Swimlane use our Turbine or Hero AI data to train foundation models? | No. Swimlane does not use that content to train or fine-tune the models used for Hero AI. Prompts and context for each request are sent to inference on Amazon Bedrock as described on this page and in the product documentation. |
| Where does model inference run? | Typically on Amazon Bedrock in Swimlane’s environment. See Hero AI Models and the Turbine documentation for regional availability and current behavior. |
| How can we control what data Hero AI uses? | RBAC limits what a user (and the Companion) can read. Visibility to Hero AI and field-level settings let administrators exclude applications, fields, or components. Hero AI must be enabled for your account and tenant to be available. |
| How do we disable Hero AI? | You may request for Hero AI to be disabled for your account by contacting Swimlane Support. |
| How do Hero AI agents work together? | In two ways. Delegation: a supervisor agent decides when and how to call subagents (tools); this pattern powers the Hero AI Companion. Chaining: agents run in sequence in a predefined flow (for example planning, then playbook building in AI SOC). |
| What guardrails does Hero AI use? | Hero AI inherits the RBAC of the user interacting with it and cannot do anything that user could not do otherwise. Agent behavior is bounded by system instructions and the tools available to each agent. Administrators can restrict application, field, and component visibility to Hero AI, and can require user confirmation before Hero AI executes a component. |
| Which AI models does Swimlane use for Hero AI? | Hero AI uses foundation models on Amazon Bedrock (for example Anthropic Claude Haiku and Sonnet tiers, and other models available per feature and instance). Swimlane does not train these models on your data. See Hero AI Models for current defaults, optional models, and regional availability. |
| What authentication methods are supported for Hero AI integrations? | Hero AI Companion and AI SOC agents use JWT-based authentication. Personal access token (PAT) authentication is available starting in Turbine 26.2.0. |
| What agentic controls are in place? | Hero AI processes requests using system instructions and the tools exposed to each agent. Tool access inherits user RBAC on every execution. Sensitive components can require explicit user approval before execution. The Hero AI Companion shows execution progress during a session. Platform audit logs capture administrative changes. Each agent run is limited to 100 turns. |
| Which agentic actions can Hero AI perform with and without human in the loop? | Without approval: read operations (for example searching or reading components, connectors, assets, applications, and records) and executing components that do not require confirmation. With approval: components flagged to require user confirmation before execution, and user review of generated plans, playbooks, components, or other builder output before you save or run them. |
| If an agent takes an unintended action, can it be identified and reversed? | Hero AI Companion: record access is read-only; component execution you approve is not automatically reversed. Playbook and Component Builder: you choose when to save suggested changes. AI SOC: you can review and modify each plan step before execution. Use your playbook and case workflows to remediate downstream effects when needed. |
| What identity does an agent run as? | Agents use Amazon Bedrock models for reasoning. Each agent role (for example Companion, planning, or playbook building) has its own instructions and available tools, which define its behavior and permitted actions. All tool execution runs in the authenticated user’s security context. |
| How does Hero AI analyze user intent? | Intent is interpreted by the model based on system instructions and the tools exposed to that agent, not by a separate external policy engine. |
| Are there resource limits on agent runs? | Each agent run is limited to 100 turns. Usage reporting lets administrators review Hero AI consumption by playbooks, components, the Companion, and related features. |
Corporate Social Responsibility
Our mission
The Swimlane mission is to automate the world of cybersecurity, helping security and IT professionals overcome the struggles of alert fatigue, vendor proliferation and chronic staffing shortages. But our work doesn’t end there. Our commitment extends beyond our core business objectives as a responsible and ethical participant in the global community.
At Swimlane, we recognize we have an impact on the world in which we live and the people we interact with. This includes our employees, our customers and suppliers, the communities in which we live and work, and the environment. As such, Swimlane is committed to operating in an economically, socially, and environmentally sustainable manner, while recognizing the interests of its stakeholders.
Our standard
At Swimlane, we have implemented and maintained a commitment to be a responsible corporate citizen and positive contributor to the global community since our founding. We expect all of our employees to hold themselves to the highest ethical standards, and our corporate mission mandates that we will strive to positively impact the people we work with, the customers we serve, and the communities we live in.
We live these values continuously through our policies and our actions, working to empower personal and professional growth for all of our employees, embrace diversity and inclusion as a tenet of our identity, and follow responsible business practices and standards in our all dealings with clients and suppliers. This includes giving back our time, money, and resources, when possible, to our communities through philanthropy, volunteering, and/or personal engagement.
Our action
Swimlane strives to be a responsible business representing the highest standards of ethics and professionalism. We continuously review global best practice guidelines and standards, and strive to maintain awareness of current environmental issues, informing, educating, and standing alongside our employees to improve the environment and minimize our impact through the adoption of sustainable practices.
Swimlane’s social responsibilities are defined by both compliance and proactiveness. We are committed to upholding all legal requirements, and our willingness to observe, acknowledge, and respect community values and laws. Our proactiveness is manifested by emphasizing and recognizing human rights locally and globally, and actively engaging with our communities through volunteering, community service, pro-bono service, and philanthropy, while always protecting and respecting our natural environment through our actions and policies.
For our employees, we implement policies and take action to drive diversity and inclusion by fostering an environment where all team members are empowered to share their diverse perspectives and experiences so we can ultimately be better together. Our policies, practices, programs, activities, and decisions regarding employment, hiring, assignment, promotion, compensation, volunteerism, and internships are not based on a person’s race, color, sex, age, religion, national origin, mental or physical disability, ancestry, military discharge status, sexual orientation, gender identity or expression, marital status, source of income, parental status, housing status, or other protected status. We strongly encourage women, people of color, veterans, individuals with disabilities, and members of the LGBTQ community to join the company and live the shared values of Swimlane.
Our commitments
At Swimlane, we will:
- Respect and uphold applicable local, state, and federal laws to the best of our abilities
- Honor and review all internal policies for complete and responsible implementation
- Ensure that all business transactions and relationships are legitimate, free of influence and bribery
- Keep all partnerships and collaborations transparent and open
- Recognize that privacy is a fundamental right, and we will comply with all privacy laws and expectations. In addition, we will work whenever possible to ensure that we respect the ability for all to manage their personal data.
Our reach
Swimlane operates in several countries and it is our intention to comply with all applicable legal requirements. If a provision of our policy conflicts with applicable local legal requirements, we will work to develop country-specific policies in order to accommodate the differing local regulations/legal requirements.
To request access, amend, move, or delete any personal information we have about you, please visit our Data Subject Access Request page
End of Life Announcement (EOLA): Issuance of an EOLA marks the beginning of the EOL life cycle for a software product.
Additional Product Terms and Definitions
Swimlane Additional Product Terms and Definitions
Questions?
If you have any questions, concerns, or suggestions regarding these Legal Resources, or would like to reach our data protection officer, please contact us by email at [email protected]
