Security Policy

1. Our Commitment to Security

At Smartyn, security is fundamental to everything we do. We understand that our customers entrust us with sensitive business information, and we take that responsibility seriously.

This Security Policy outlines the measures we take to protect your data and maintain the integrity of our platform. We continuously invest in security infrastructure, processes, and training to ensure the highest standards of data protection.

2. Data Protection

2.1 Encryption

All data transmitted between your devices and our servers is encrypted using Transport Layer Security (TLS) 1.3, the most secure encryption protocol available. Data stored in our systems is encrypted at rest using AES-256 encryption.

2.2 Data Isolation

Customer data is logically separated within our systems. Each customer's data is isolated and inaccessible to other customers. We implement strict access controls to ensure data separation at all levels.

2.3 Data Retention

We retain customer data only for as long as necessary to provide our services and comply with legal obligations. Upon account termination, customer data is securely deleted within 90 days, unless retention is required by law.

3. Infrastructure Security

3.1 Cloud Infrastructure

Our platform is hosted on enterprise-grade cloud infrastructure provided by leading cloud service providers. These providers maintain industry-standard certifications including SOC 2 Type II, ISO 27001, and more.

3.2 Network Security

We employ multiple layers of network security including:

• Web Application Firewalls (WAF) to protect against common attacks
• DDoS protection and mitigation
• Intrusion detection and prevention systems
• Regular network vulnerability scanning
• Segregated network environments for production and development

4. Access Control

4.1 Authentication

We support secure authentication methods including:

• Strong password requirements
• Multi-factor authentication (MFA)
• Single Sign-On (SSO) integration with major identity providers
• Session management and automatic timeout

4.2 Authorisation

Role-based access control (RBAC) ensures users only have access to features and data appropriate for their role. Administrative access to production systems is strictly limited and requires additional authentication.

5. Application Security

Our development practices incorporate security at every stage:

• Secure development lifecycle (SDLC) with security reviews
• Static and dynamic application security testing
• Dependency vulnerability scanning
• Code reviews with security focus
• Regular security training for development teams

6. Compliance and Certifications

Smartyn is committed to maintaining compliance with relevant regulations and standards:

• GDPR: Compliant with the General Data Protection Regulation
• CCPA: Compliant with the California Consumer Privacy Act
• SOC 2: Working towards SOC 2 Type II certification

7. Incident Response

We maintain a comprehensive incident response plan that includes:

• 24/7 security monitoring and alerting
• Documented incident response procedures
• Designated incident response team
• Customer notification procedures for security incidents
• Post-incident analysis and improvement processes

8. Business Continuity

We maintain business continuity and disaster recovery capabilities including:

• Regular data backups with encryption
• Geographically distributed backup storage
• Documented disaster recovery procedures
• Regular testing of recovery capabilities
• Target recovery time objectives (RTO) and recovery point objectives (RPO)

9. Security Reporting

We appreciate the security research community's efforts to improve our security. If you believe you have found a security vulnerability in our services, please report it responsibly by emailing security@smartyn.net.

Please include detailed information about the vulnerability and steps to reproduce it. We will acknowledge receipt within 48 hours and work to address verified vulnerabilities promptly.