Security & Compliance

Trust Center

Security, privacy, and compliance information for SmartComply customers and reviewers.

Browse resources

Hosting

US-based managed cloud

Encryption

TLS 1.2+ in transit, AES-256 at rest

Tenancy

Logical isolation per customer

Framework

SOC 2 aligned

Our approach

Four areas we invest in so customers can deploy SmartComply without slowing down a security review.

Security

MFA on administrative access
Least-privilege, role-based permissions
Encrypted data in transit and at rest
Audit logs on customer workspaces

Reliability

Redundant managed infrastructure
Automated daily backups
Continuous platform monitoring
Public status page and incident notices

Privacy

Customer-owned data, no resale
DPA available on request
Subprocessor list maintained publicly
Data export and deletion on request

Compliance

SOC 2-aligned control set
Documented incident response
Annual policy and access reviews
Vendor security assessments

Standards & frameworks

SOC 2GDPRCCPACIS

SmartComply’s control set is designed against the SOC 2 Trust Services Criteria. We model privacy practices on GDPR and CCPA principles and align operational practices with the CIS Critical Security Controls. Customers regulated under state environmental, drinking water, and stormwater programs can retrieve a copy of record on demand.

We do not currently hold a SOC 2 Type II report. Customers with a signed mutual NDA can request our control mapping, questionnaire responses, and roadmap.

Resources

Security Policy

Controls, incident response, and disclosure.

Privacy Policy

What we collect and how we use it.

Subprocessors

Vendors that may process customer data.

System Status

Live uptime and incident history.

Have a security question?

Vulnerability reports, vendor reviews, and customer security questions all reach the same team.

security@smartcomply.app Read security policy