Learn about the measures we take to ensure the safety of the Smartcar platform.
All requests to Smartcar services are required to be communicated via Hypertext Transfer Protocol Secure (HTTPS). HTTPS ensures that data is encrypted in transit between Smartcar services and client servers and devices. All data stored by the Smartcar platform is protected with industry-standard Advanced Encryption Standard (AES) 256 bit encryption. AES ensures that information is secured even in the event of a data breach.
The Smartcar platform is hosted on industry-standard cloud infrastructure. This ensures maximum performance, resilience, and speed of deployment of Smartcar’s services. In addition, Smartcar configures and maintains best-practice network security measures at every level of the network stack. This ensures isolation of components and services to prevent unauthorized access to the Smartcar platform.
The Smartcar API is constantly monitored to ensure uptime of the platform and all integrations. The platform’s live error reporting systems ensure that Smartcar engineers can quickly and effectively identify and resolve any potential issues. The platform’s zero-downtime deployment system allows for updates with uninterrupted service.
Smartcar is SOC 2 Type 1 compliant. SOC 2 Type 1 is an independent audit report which details information and assurance about Smartcar’s controls. It evaluates Smartcar’s service commitments and system requirements based on applicable trust services criteria.
Smartcar’s developer platform allows apps to access car data with the vehicle owner’s consent. Smartcar is not an automotive data marketplace and is not in the business of buying or selling identifiable or anonymized vehicle data.
When using Smartcar to connect their cars to an app, vehicle owners are in full control of their data. No vehicle data will be accessed by or shared with any third party without the vehicle owner’s explicit consent.
Smartcar uses an OAuth2.0-based user consent flow that requires vehicle owners to review and accept detailed permissions before an app can make API requests to their vehicles. Vehicle owners have the ability to revoke their consent at any time.