Data security at Smartcar
Learn about the measures we take to ensure the safety of the Smartcar platform.
Secure by design
All requests to Smartcar services are required to be communicated via Hypertext Transfer Protocol Secure (HTTPS). HTTPS ensures that data is encrypted in transit between Smartcar services and client servers and devices. All data stored by the Smartcar platform is protected with industry-standard Advanced Encryption Standard (AES) 256 bit encryption. AES ensures that information is secured even in the event of a data breach.
The Smartcar platform is hosted on industry-standard cloud infrastructure. This ensures maximum performance, resilience, and speed of deployment of Smartcar’s services. In addition, Smartcar configures and maintains best-practice network security measures at every level of the network stack. This ensures isolation of components and services to prevent unauthorized access to the Smartcar platform.
Continuous monitoring and updates
The Smartcar API is constantly monitored to ensure uptime of the platform and all integrations. The platform’s live error reporting systems ensure that Smartcar engineers can quickly and effectively identify and resolve any potential issues. The platform’s zero-downtime deployment system allows for updates with uninterrupted service.
Smartcar is SOC 2 Type 2 compliant. SOC 2 Type 2 is an independent audit report which details information and assurance about Smartcar’s controls. It evaluates Smartcar’s service commitments and system requirements based on applicable trust services criteria.
Smartcar is ISO 27001 & ISO 27701 compliant, ensuring top-tier information security and privacy management. ISO/IEC 27001 sets the global benchmark for Information Security Management Systems, demonstrating our commitment to safeguarding data through established risk management practices. ISO/IEC 27701 further enhances our Privacy Information Management System for continuous privacy improvement.
Smartcar is compliant with the General Data Protection Regulation (GDPR), the digital privacy legislation that aims to give citizens of the European Union more control over their personal data. Over the past several years, the Smartcar team has built a secure, consent-based platform that processes only the necessary data to serve our customers.
Annual penetration testing
Each year, Smartcar undergoes annual penetration testing (pen test), designed to expose flaws in our security system and check for potential vulnerabilities that may be exploited during a cyberattack. Our penetration test is done according to best practices, beginning with exhaustively scoping Smartcar’s services with a third-party testing team, documenting the surface area for testing, conducting the assessment, and remediating any findings.
Vulnerability Disclosure Program
As part of Smartcar’s commitment to data privacy, we’ve established a comprehensive Vulnerability Disclosure Program, which ensures a proactive approach to finding and eliminating evolving security threats. Smartcar details the in-scope target endpoints open for testing to provide ethical hackers and security researchers a framework to start with.
Smartcar’s commitment to data privacy
Smartcar’s developer platform allows apps to access car data with the vehicle owner’s consent. Smartcar is not an automotive data marketplace and is not in the business of buying or selling identifiable or anonymized vehicle data.
When using Smartcar to connect their cars to an app, vehicle owners are in full control of their data. No vehicle data will be accessed by or shared with any third party without the vehicle owner’s explicit consent.
Vehicle owner consent
Smartcar uses an OAuth2.0-based user consent flow that requires vehicle owners to review and accept detailed permissions before an app can make API requests to their vehicles. Vehicle owners have the ability to revoke their consent at any time.