Introduction

Advancing digitization is constantly presenting companies with new challenges and threats, especially when it comes to security issues. As a SaaS service provider, Smint.io must ensure the protection of our customers and their data, our trade secrets and last but not least of our reputation.

That’s why security is one of our top priorities and why it is central to our company’s success. We integrate security aspects into all our business activities.

We rely on state-of-the-art security measures and adhere to best practices in order to continuously develop our robust and reliable security infrastructure.

We identify, assess and proactively address potential security risks. We rely on a combination of technical solutions, training for our employees and strict security policies. This allows us to ensure security and integrity of our systems.

We define policies and measures and monitor compliance with them.

We maintain SOC 2 Type 2 compliance since 2023. This means that we demonstrate our security and compliance to an external auditor every year.

Principles

Our policies are based on the following foundational principles:

Principle of least privilege

Access should be limited to only those with a legitimate business need.

Principle of consistency

Security controls should consistently be applied across all areas of the company.

Principle of defense-in-depth

Multiple layers of security controls should create redundancies if individual measures fail.

Principle of gradual implementation

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security

Information security program

An information security program has been developed and implemented, and is maintained, designed to protect the security, integrity, and confidentiality of the system and its information.

Risk assessments

Risk assessments are performed for both internal and external threats to the system and its information.

Development processes

Development processes have been designed and implemented, and are maintained, to detect security issues that may occur during the software development lifecycle.

Security assessments

Regular security assessments are performed.

Penetration tests, vulnerability scans

Regular penetration tests and vulnerability scans are performed.

Access control

Data processing systems are secured and protected from unauthorized access, e.g. by the use of phishing-resistant authentication factors, or by carefully managing employee’s access to applications and data.

Security education

Our employees receive extensive security training during onboarding and through regular educational courses. The courses cover the current threat landscape, attack vectors, and important principles of security.

Endpoint protection

All company devices are centrally managed and are equipped with mobile device management software and anti-malware protection.

Protection of customer data

Data protection is a top priority for us – we strive to handle all sensitive data in a trustworthy manner.

Customer data is secured and protected from unauthorized access, use, modification, disclosure, destruction or loss.

This includes encrypting customer data at rest, and using secure and encryped protocols to transfer data between our services, or between our services and our users.

Regular system updates

Our systems are regularily updated to close security vulnerabilities.

Management of incidents

Security incidents and events are identified and remediated.

Privacy

Naturally, data privacy is very important for us, as Smint.io is a company based in the European Union.

We maintain compliance with the EU General Data Protection Regulation (GDPR). You can find more information about that in our Privacy Policy.

Conclusion

In addition, we are committed to complying with all legal and regulatory requirements related to security.

We take our responsibility seriously and continuously invest in improving our security infrastructure.

We also recognize that security is a dynamic field and the threat landscape is constantly changing. Therefore, we always remain vigilant and react quickly to new challenges. We promote a safety culture in which every employee is aware of risks and helps to protect our systems.

This is how we ensure that we live up to the highest standards. We firmly believe that a high level of security forms the basis for growth, innovation and long-term success.

Our customers and partners can trust that we treat and protect their data and information with the utmost care.