Smartcar has achieved SOC 2® Type 2 compliance for the past two years, successfully completing each audit with the help of our partner, Secureframe. As we make progress towards our third year of compliance, we’re excited to take this step forward to ensure a continued standard of excellence for mobility businesses using our platform.
Mobility data is powerful, but it’s extremely personal. By building a trusted relationship with drivers that protect their interests, mobility apps are in a prime position to tap into innovation while driving customer satisfaction, growth, and retention.
Businesses that partner with Smartcar prioritize efforts to keep consumers safe from any threat to their protected information, and our platform upholds these same high standards to ensure the security of apps, services, and drivers. To formalize our long-term commitment to data privacy, we’re continuing to partner with Secureframe to drive our continuous compliance strategy. This will enable us to continually improve our information security program and retain an annual SOC 2 Type 2 report to ensure we keep supporting our customers’ needs.
Connected car data must be protected
More than half of consumers who sync their data to connected devices are uncertain if their personal data is being stored and shared by companies.
With vehicle telematics becoming a common hardware-agnostic choice across many different use cases — including managed EV charging, car sharing, and auto insurance — businesses need to gain driver confidence with ethical access to available data.
The issue of data privacy, particularly regarding vehicle telematics, is felt on the global stage. In governments around the world, parties involved call for clear communication on how data is used and controlled upon being collected. At Smartcar, we take the same approach to data privacy. Unlike an automotive data marketplace, we do not facilitate companies selling data to others. Instead, we believe in empowering consumers to choose the apps they want to use — so we’ve taken all measures necessary to deliver this vision in the most thorough way.
What Smartcar’s SOC2 Type 2 compliance means for customers
The successful completion of our SOC 2 Type 2 audit serves as assurance that we are maintaining the highest standards for data security and have sufficient controls in place to mitigate security risks over an extended time period.
Our SOC 2 Type 2 examination was conducted by Modern Assurance, an independent, third-party accounting and auditing firm that evaluated our processes, procedures, and controls for security and availability.
This means that mobility businesses who use our platform can be assured that their data is being managed in a controlled and audited environment. By partnering with Secureframe, we can confidently say we have integrated our critical infrastructure to monitor compliance with the SOC 2 framework at all times, not just during the audit window.
How else do we upkeep consumer privacy and security?
Beyond our SOC 2 Type 2 compliance, we have implemented several other critical measures to maintain platform reliability while giving vehicle owners complete control of their shared data.
Smartcar Connect is our user onboarding flow where user consent is collected in compliance with the OAuth2 authorization protocol and is SSL encrypted. Vehicle owners can review specific permissions requested by an app before providing consent for sharing access to those specific data points or actions. Smartcar’s End User Privacy Policy is embedded within the flow to ensure users know how their information is handled. Additionally, Smartcar allows customers to hyperlink their privacy policy into the flow as well.
Smartcar runs on industry-standard cloud infrastructure that establishes security best practices to prevent unauthorized access to our platform. All requests to Smartcar services must be encrypted using HTTPS, and all data stored on our platform is protected with Advanced Encryption Standard (AES) 256-bit encryption.
Smartcar is also compliant with the General Data Protection Regulation (GDPR), Vulnerability Disclosure Policy (VDP), and Penetration (Pen) Testing. Our platform processes only the necessary data to serve our customers. With Smartcar, vehicle owners can revoke their consent at any time.
Learn how we can meet your vendor requirements
Visit our data security page to learn about the measures we take to ensure the safety of the Smartcar platform. Smartcar customers can also reach out to their Customer Success Manager to see our SOC 2 Type 2 report.
If you’re evaluating Smartcar, you can contact our Sales team to request a copy of the report as part of your vendor security and compliance process.