At SmarterMe, the security of your data security is of paramount importance to us. SmarterMe provides enterprise-grade security through a combination of leading edge technology, engineering best practices to build and maintain SmarterMe’s service and independent certifications. Certifications include Salesforce AppExchange Certification (that requires passing salesforce security review) and the following certifications and compliances for our data center: SOC 1, 2 and 3 audited, ISO 27001, 27017 and 27018, PCI DSS Level 1 Compliant and EU Data Exchange compliant. You can find more information on our data center security on AWS Cloud Security. In addition, we employ a number of technical, and heuristic security measures to protect user information from unauthorized access.
Specifically, SmarterMe uses modern encryption and authentication methods:
All communication from SmarterMe’s cloud services are based on secured protocols such as HTTPS (SSL), hence data sent would be encrypted during transmission. For all SSL certificates, they will be signed using AES-256 with RSA Encryption.
Most of the user authentication would be based on OAuth; hence only access tokens, instead of user passwords, are stored. For services which do not support the OAuth mechanism SmarterMe uses a multi-layered security algorithm whereby the user’s password is never stored in the SmarterMe cloud.
Key management policies with strict access controls and detailed audit logs will be used to manage all the keys that are used for encryption and decryption.
Mobile Device Security
On the Apple’s IOS platform, SmarterMe app takes full advantage of iOS 8 security design such as the keychain mechanism. Furthermore, any SmarterMe’s data that is stored on the user’s device is fully encrypted.