HomeUse CasesPricingFAQContact
LoginGet Started

Security & Compliance

Last updated: January 1, 2024

1. Our Commitment to Security

At SmartDocs, security is not an afterthought—it's fundamental to everything we do. We implement industry-leading security practices to protect your data and maintain your trust.

2. Data Encryption

2.1 Encryption at Rest

All data stored in SmartDocs is encrypted using 256-bit AES encryption. This includes:

  • Documents and files
  • User data and metadata
  • Database backups
  • Log files

2.2 Encryption in Transit

All data transmitted to and from SmartDocs is encrypted using TLS 1.3 or higher. We enforce HTTPS for all connections and use strong cipher suites.

3. Infrastructure Security

3.1 Cloud Infrastructure

SmartDocs is hosted on enterprise-grade cloud infrastructure with:

  • Multi-region redundancy
  • DDoS protection
  • Automated backups
  • 99.9% uptime SLA

3.2 Network Security

  • Firewalls and intrusion detection systems
  • Network segmentation
  • VPN access for internal systems
  • Regular security audits

4. Application Security

4.1 Secure Development

Our development practices include:

  • Security code reviews
  • Automated security testing
  • Dependency vulnerability scanning
  • Regular penetration testing

4.2 Authentication and Access Control

  • Strong password requirements
  • Multi-factor authentication (MFA)
  • Single Sign-On (SSO) support
  • Role-based access control (RBAC)
  • Session management and timeout

5. Data Protection

5.1 Data Isolation

Each organization's data is logically isolated and encrypted with unique encryption keys.

5.2 Backup and Recovery

  • Automated daily backups
  • Multi-region backup storage
  • Regular backup testing
  • Point-in-time recovery

5.3 Data Retention and Deletion

  • Secure data deletion upon account termination
  • 30-day recycle bin for accidental deletions
  • Automated data retention policies

6. Compliance and Certifications

6.1 SOC 2 Type II

SmartDocs is SOC 2 Type II certified, demonstrating our commitment to security, availability, and confidentiality.

6.2 GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR) for European users.

6.3 CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA) for California residents.

6.4 HIPAA Compliance

For healthcare organizations, we offer HIPAA-compliant plans with Business Associate Agreements (BAA).

7. Employee Access and Training

7.1 Access Controls

  • Principle of least privilege
  • Just-in-time access for support
  • All access logged and audited
  • Background checks for employees

7.2 Security Training

  • Mandatory security training for all employees
  • Regular security awareness updates
  • Phishing simulation exercises

8. Monitoring and Incident Response

8.1 Security Monitoring

  • 24/7 security monitoring
  • Automated threat detection
  • Anomaly detection systems
  • Regular security log reviews

8.2 Incident Response

We maintain a comprehensive incident response plan that includes:

  • Rapid detection and containment
  • Root cause analysis
  • Notification procedures
  • Recovery and remediation
  • Post-incident review

9. Vulnerability Management

  • Regular vulnerability assessments
  • Automated patch management
  • Responsible disclosure program
  • Bug bounty program

10. Third-Party Security

All third-party vendors are carefully vetted and must meet our security standards. We conduct regular security reviews of our vendors.

11. Physical Security

Our data centers provide:

  • 24/7 physical security
  • Biometric access controls
  • Video surveillance
  • Environmental controls

12. Responsible Disclosure

If you discover a security vulnerability, please report it to security@smartdocs.com. We appreciate responsible disclosure and will respond promptly to security reports.

13. Security Questions

For security-related questions or to request our security documentation, please contact security@smartdocs.com.