Data Security

Data security at Smartcar

Learn about the measures we take to ensure the safety of the Smartcar platform.

Secure by design

Data encryption

All requests to Smartcar services are required to be communicated via Hypertext Transfer Protocol Secure (HTTPS). HTTPS ensures that data is encrypted in transit between Smartcar services and client servers and devices. All data stored by the Smartcar platform is protected with industry-standard Advanced Encryption Standard (AES) 256 bit encryption. AES ensures that information is secured even in the event of a data breach.

Network infrastructure

The Smartcar platform is hosted on industry-standard cloud infrastructure. This ensures maximum performance, resilience, and speed of deployment of Smartcar’s services. In addition, Smartcar configures and maintains best-practice network security measures at every level of the network stack. This ensures isolation of components and services to prevent unauthorized access to the Smartcar platform.

Continuous monitoring and updates

The Smartcar API is constantly monitored to ensure uptime of the platform and all integrations. The platform’s live error reporting systems ensure that Smartcar engineers can quickly and effectively identify and resolve any potential issues. The platform’s zero-downtime deployment system allows for updates with uninterrupted service.

SOC compliance

Smartcar is SOC 2 Type 2 compliant. SOC 2 Type 2 is an independent audit report which details information and assurance about Smartcar’s controls. It evaluates Smartcar’s service commitments and system requirements based on applicable trust services criteria.

GDPR compliance

Smartcar is compliant with the General Data Protection Regulation (GDPR), the digital privacy legislation that aims to give citizens of the European Union more control over their personal data. Over the past several years, the Smartcar team has built a secure, consent-based platform that processes only the necessary data to serve our customers.

Smartcar’s commitment to data privacy

Smartcar’s developer platform allows apps to access car data with the vehicle owner’s consent. Smartcar is not an automotive data marketplace and is not in the business of buying or selling identifiable or anonymized vehicle data.

Data ownership

When using Smartcar to connect their cars to an app, vehicle owners are in full control of their data. No vehicle data will be accessed by or shared with any third party without the vehicle owner’s explicit consent.

Vehicle owner consent

Smartcar uses an OAuth2.0-based user consent flow that requires vehicle owners to review and accept detailed permissions before an app can make API requests to their vehicles. Vehicle owners have the ability to revoke their consent at any time.