Data center and network security
Smooch services are hosted on Amazon Web Services. As such, Smooch inherits the control environment which Amazon maintains and demonstrates via SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.
Logical access to the Smooch production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by our production and security teams. Premises are monitored and access is logged.
Smooch encrypts all customer data, both in transit and at rest. Communications between you and Smooch servers are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.