This security statement applies to SmartSYNC-hosted customers. If a customer has chosen to host SmartSYNC locally, they are responsible for the security of their servers, although some of the security provisions we have built into the software will still apply.
As a software provider, SmartTHING is committed to providing highly secure and reliable software. Our SaaS platform is built on Microsoft Azure VPS server hosting, which is compliant with a wide variety of industry-accepted security standards.
Additionally, our engineers use proven, state-of-the-art security technologies and techniques to protect all systems, data, and information from unauthorised access as best they can.
If you have any questions or need additional information, please get in touch with support@smartthing.org.
Further information is available on our privacy notice and software-as-a-service agreement pages.
SmartTHING stores data about you that are required to invoice, support, and provide the SmartTHING product. This includes the following general data:
For the SmartSYNC product, the following customer-specific data is also stored includes:
We use Microsoft’s infrastructure for data storage, website provision, and backups and, therefore, share several of its security standards. Our virtualized servers run in the US, AU, and UK Azure regions.
You can find out more about Microsoft’s security arrangements on its website. Microsoft is one of the largest web providers in the world, with over 715 million customers and 4 million servers, and it runs millions of websites.
As part of our provided services, you may decide that you wish to use external data providers and processors. You can find out more in our Data Processing Addendum.
That is at your choice and by doing so you are choosing to use them as your data processor.
This makes sense in many use cases, such as linking systems together via a synchronisation tool: You cannot sync data without sharing it with the systems in question.
However, you should review the service providers’ data processing statements before utilising their service and ensure your data processing statements and terms cover such usage.
Our privacy notice covers general access to your data. Administrative access to customer data within SmartSYNC is restricted to a small number of closely managed SmartTHING administrators. Access to production systems and data follows the security standard of Least Privilege.
SmartTHING is proud to be ISO 27001 and ISO 9001 accredited. These are international standards for data security and quality management.
When your SaaS account expires, all associated flow logs are automatically deleted within seven to thirty days. Anonymised data, such as a number of flows, general flow run information, and other non-specific user data, is kept for statistics.
If you wish us to delete your account, please contact support@smartthing.org. We will aim to do this as quickly as possible.
When you delete your account, all associated data is permanently deleted. This includes all applications, flows, steps, users, and other associated data.