Security & Compliance
Your data security and privacy are our top priorities. Learn about our comprehensive security measures and compliance certifications.
Our Security Commitment
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Data Isolation
Complete tenant data separation with role-based access control
Security Monitoring
24/7 threat detection and automated security response
Regular Audits
Annual third-party security audits and penetration testing
Compliance & Certifications
SOC 2 Type II
Independently audited for security, availability, and confidentiality controls.
GDPR Compliant
Full compliance with European data protection regulations.
COPPA Certified
Children's Online Privacy Protection Act compliance for youth programs.
Security Features
Authentication & Access Control
- • Multi-factor authentication (MFA) for all admin accounts
- • Single Sign-On (SSO) support via SAML 2.0 and OAuth 2.0
- • Role-based access control (RBAC) with 9 predefined roles
- • Customizable permission sets for Professional and Enterprise plans
- • Session timeout and automatic logout after inactivity
- • Password complexity requirements and regular rotation policies
Data Protection
- • AES-256 encryption for data at rest
- • TLS 1.3 encryption for data in transit
- • Automated daily backups with 30-day retention
- • Point-in-time recovery capabilities
- • Geographic data redundancy across multiple regions
- • Secure data deletion with cryptographic erasure
Infrastructure Security
- • Hosted on AWS with tier-1 data centers
- • DDoS protection and web application firewall (WAF)
- • Network segmentation and private subnets
- • Intrusion detection and prevention systems (IDS/IPS)
- • Regular security patches and vulnerability scanning
- • 99.9% uptime SLA with redundant infrastructure
Monitoring & Auditing
- • 24/7 security operations center (SOC) monitoring
- • Comprehensive audit logs for all user actions
- • Real-time alerting for suspicious activities
- • Automated threat detection and response
- • Regular penetration testing by third-party experts
- • Incident response plan with defined SLAs
Privacy Controls
- • Data processing agreements available for all customers
- • Right to access, export, and delete personal data
- • Consent management for data collection
- • Privacy by design and by default principles
- • Transparent data usage policies
- • No selling or sharing of customer data with third parties
Responsible Disclosure Program
We value the security research community's efforts. If you discover a security vulnerability, please report it responsibly to our security team.
How to Report a Vulnerability:
- Email security@smartequiz.com with details
- Include steps to reproduce the issue
- Allow us 90 days to address the vulnerability before public disclosure
- Do not exploit the vulnerability or access data beyond what is necessary to demonstrate it
We commit to responding within 48 hours and providing updates throughout the resolution process.
Security Resources
For Customers
Contact Security Team
- Security Issues: security@smartequiz.com
- Privacy Concerns: privacy@smartequiz.com
- Compliance Questions: compliance@smartequiz.com
- DPO Contact: dpo@smartequiz.com
Questions About Our Security?
Our team is here to answer your security and compliance questions.
Contact Security Team