Data security and Smartlook
Keeping data secure is paramount to Smartlook. As such we have held ourselves at a standard which not only complies with legal requirements, but also take steps to ensure trust & safety of our customers’ data. We always handle our customer’s data only in a scope permitted by the relevant regulation and by our customers. We will never sell any of our customer’s data to third parties.
Data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256) algorithm. Smartlook uses SSL/TLS encryption (Secure Sockets Layer / Transport Layer Security) and the latest security standards to protect your data. All incoming and outgoing data from our servers is encrypted. Smartlook is PCI compliant and DSS compliant.
Our infrastructure is primed to deal with any potential data failures. Smartlook chooses to have it’s infrastructure hosted by AWS, which is ISO27001 and S0C2 certified. All data is backed up daily to assure security and ensure that our customers have 24-hour access.
Monitoring of Smartlook systems’ efficacy is routinely monitored to catch performance issues. This often means that our development team can make adjustments and changes when needed to solve problems before customers experience them.
Access to Smartlook accounts is authenticated using passwords stored in hashed format using bcrypt. Authentication is required to access any internal resources. All sensitive data is automatically masked and therefore not recorded and access to customer data is limited to employees who require it only for service and maintenance procedures.
In addition to our data security methods, Smartlook empowers our customers to take control of what is recorded. By connecting via our API, full customization of sensitive data masking is possible.