Data security and Smartlook
Keeping data secure is paramount to Smartlook. As such, we have held ourselves to a standard which not only complies with legal requirements, but also take steps to ensure trust & safety of our customers’ data. We always handle our customer’s data only in a scope permitted by the relevant regulation and by our customers. We will never sell any of our customer’s data to third parties.
Data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256) algorithm. Smartlook uses SSL/TLS encryption (Secure Sockets Layer / Transport Layer Security) and the latest security standards to protect your data. All incoming and outgoing data from our servers is encrypted. Smartlook is PCI DSS compliant.
Our infrastructure is primed to deal with any potential data failures. Smartlook chooses to have its infrastructure hosted by AWS, which is ISO27001 and S0C2 certified. All data is backed up daily to assure security and ensure that our customers have 24-hour access.
We are also compliant with HIPAA, which is the law protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.
Monitoring of Smartlook systems’ efficacy is routinely monitored to catch performance issues. This often means that our development team can make adjustments and changes when needed to solve problems before customers experience them.
Access to Smartlook accounts is authenticated using passwords stored in hashed format using bcrypt. Authentication is required to access any internal resources. We do our best to automatically mask all the sensitive data, and access to customer data is limited to employees who require it only for service and maintenance procedures.
In addition to our data security methods, Smartlook empowers our customers to take control of what is recorded. By connecting via our API for websites or mobile apps, full customization of sensitive data masking is possible.