Smartify ExpenseSign in

Security at Smartify

Securing customer data is foundational. The summary below describes the controls we operate.

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure with redundancy and automated backups.
  • TLS 1.2+ in transit, AES-256 at rest.
  • Network segregation, hardened images, and least-privilege IAM.

Application

  • Row-Level Security on every customer table; role-based access (Admin, Manager, Employee).
  • Audit logs for sensitive actions (approvals, exports, permission changes).
  • Server-side validation on every write; secrets stored in a managed vault.

People and process

  • Background checks and confidentiality agreements for staff with production access.
  • Mandatory MFA on all admin accounts; access reviewed quarterly.
  • Documented change management and on-call rotation.

Compliance roadmap

We align our controls with SOC 2 Type II and ISO/IEC 27001 frameworks. Customers on Advanced and Enterprise plans can request our current security questionnaire and SOC report under NDA.

Vulnerability reporting

Report suspected vulnerabilities to security@smartify.sbs. We will acknowledge within two business days and coordinate responsible disclosure.

Incident response

We will notify affected customers without undue delay and no later than 72 hours after becoming aware of a personal-data breach affecting their data.