Smartlook is now SOC 2-compliant

What is SOC 2 and why Smartlook got SOC 2 certificate

The SOC 2 framework applies to Software as a Service (SaaS) companies that want to better safeguard the privacy and security of customer data. 

We’re happy to announce that Smartlook has received its SOC 2 Type II compliance certification. With the new certificate, we want to underline our effort towards better privacy and security standards of our clients’ data.

What is SOC 2 compliance?

The American Institute of Certified Public Accountants (AICPA) established the Service Organization Control 2 (SOC 2) standard. 

SOC 2 certificate is a voluntary compliance standard that assesses the procedures and control processes in an organization. It simply sets an international standard for collecting and exchanging information.

There are two types of SOC 2 audit reports:

  • Type I describes the company’s systems and controls and the suitability of the design of those systems
  • Type II – checks the operating effectiveness of systems described in the Type I report

While General Data Protection Regulation (GDPR) is a gold standard for privacy compliance, SOC 2 holds the gold standard crown for security compliance. It’s especially important for companies that process any type of personal data.

An external auditor awards the SOC 2 certification after verifying the company’s compliance with 1 or more of the 5 trust service principles

  • Privacy
  • Security
  • Availability
  • Confidentiality
  • Processing integrity

Smartlook’s approach to privacy and security

From day 1, at Smartlook, we’re fully aware of our responsibilities toward our customers, stakeholders, employees, and the communities we participate in. This is why we want to align our organization with the strictest set of standards available.

How we support our clients in privacy-compliance

Our tool was designed according to “privacy by design” principles. It means Smartlook supports your and your end users’ privacy by:

  • Hiding sensitive data (wireframe mode, masking fields)
  • Enabling personal data collection after a proactive sign from the user
  • Anonymizing personal data or limiting its collection to the minimum by default

With those privacy safeguards in place, the tool supports GDPR, CCPA and LGPD compliance. It means you have full control over what type of data you track and collect. As a result, it’s easier for your business to stay in line with worldwide privacy regulations.

How we apply security measures to safeguard our clients’ data

We process our clients’ payments through a provider that is PCI Data Security Standard-compliant. It ensures that all transactions are protected.

In May 2021, Smartlook as a company became SOC 2 Type I-compliant. From December 2021, it’s also SOC 2 Type II-compliant. The external independent auditor examined Smartlook’s compliance with  the AICPA guidelines in accordance with  the ISAE 3000 standard.

We got certified in the 4 trust service principles, including:

  • Privacy
  • Security
  • Availability
  • Confidentiality
SOC 2 trust service principles

What does the SOC 2 certification mean for your business?

As a SaaS company, information security is of key importance. SOC 2 audit ensures that we securely manage your data and protect your interests. It also refers to the privacy of your end-users.

SOC 2 is another step in our journey towards full security compliance. The certification shows that companies of all sizes can trust our processes and controls around:

  • Data security and privacy (access controls, endpoint protection, infrastructure)
  • Software development (change management, vulnerability testing, disaster recovery plan (DRP))
  • Corporate governance (laws and regulations compliance, confidentiality, HR management)

“At Smartlook, we’re committed to providing a truly secure environment for our clients. The SOC 2 audit performed by an independent third party is 100% aligned with this objective. SOC 2 ensures that a company’s information security measures are in line with the unique parameters of today’s cloud requirements.”  

—Ondřej Machek, Chief Technology Officer at Smartlook

Our commitment to data security and further plans

Meeting SOC 2 compliance establishes a new quality for our customers, who have the assurance that their data is safe according to the latest industry standards. This standard applies to all companies, regardless of whether they are a small, medium or large enterprises.

SOC 2 audits are our ongoing commitment to improving our privacy and security practices. That’s why we’ll renew the SOC 2 Type II certification every year, so you know that your data is safe with us.

Joanna Kaminska
Joanna Kaminska

is a content marketing strategist at Smartlook. She is a seasoned writer interested in storytelling, SaaS and new technologies. Her goal is to create content that is easy to understand for all. After work, she enjoys hiking and nature photography. | LinkedIn profile

Go back

You may be interested in

11 countries where Amazon is not the most-used e-commerce platform

To track the e-commerce trend, Smartlook pulled data from GlobalWebIndex to see the countries where Amazon is not the most popular platform used.

The rise of free shipping: 8 moments that transformed e-commerce

Smartlook compiled a list of eight important moments and trends in free shipping in the internet age.

How to leverage event anomalies in your analytics: use cases and examples

Event anomalies can be a powerful tool in your analytics. If you’re not familiar with the term, event anomaly is …