Trust And Security

SmartSuite is safe and secure

Because your trust and security is paramount to us, we’ve engineered the SmartSuite work management platform following industry leading standards.

Monitor and play icon
Data Encryption

All communications with SmartSuite are HTTPS encrypted, and data at rest is encrypted with the AES-256 algorithm.

Key icon
Security Lifecycle

Security is a fundamental part of SmartSuite’s application development lifecycle and is incorporated into the design, development, testing and deployment processes.

Stacked folders Icon

SmartSuite runs on the PCI compliant AWS platform, leveraging secure tools and platforms to ensure that all transaction data is protected.

Notebook icon
Security Monitoring

SmartSuite monitors security 24/7 and leverages a variety of detection tools and services to ensure that the platform is safe, secure and always available.

Rocket icon
Strong Authentication

Two-factor authentication (2FA) and SAML-based Single Sign-on (SSO) are supported for Enterprise subscribers.

Car Icon

SmartSuite adheres to a strict privacy policy and is GDPR-compliant to ensure that your personal data is always protected.

Separation line

Enterprise Grade Security and Compliance

Advanced permissions and roles put you in control of data access, and our secure AWS-based platform makes user experiences seamless while maintaining security. Robust history logging and audit features, coupled with recycle bin soft-delete and login tracking ensure that you always know who modified your environment or data.

Man holding a lock circle
Shield Icon


User access controls control system modification and data access rights

Shield Icon

Activity History

Changes to SmartSuite structure and content are logged with user and date

Shield Icon

Recycle Bin

All deleted files and structures (such as fields) can be restored from the recycle bin

Shield Icon

Login History

User logins are stored, including source IP address and times stamp

Shield Icon

Active Sessions

Admins can view active sessions and length, and can terminate sessions

Shield Icon

AWS Enviroment

SmartSuite runs on the AWS cloud platform for the best in security and availability

SmartSuite ISO 27001 certification

ISO 27001

Our ISO 27001 certification, awarded by the International Organization for Standardization (ISO), recognizes the strength of our information security management system. It's a clear indicator of our commitment to adhering to globally recognized best practices for protecting sensitive information. ISO 27001 certification isn't just a checkbox for SmartSuite; it's a strategic investment in your data's security.

Learn more

SmartSuite ISO 27001 certification


In addition to ISO 27001, SmartSuite has also earned SOC-2 Type 1 compliance, certified by the American Institute of CPAs (AICPA). This certification stands as proof of our dedication to securing your data while it resides within our systems. Additionally, SmartSuite has begun its SOC-2 Type 2 monitoring period, which ensures that our security protocols aren't just implemented but consistently maintained over time.

Learn more

SmartSuite is powered by the secure AWS platform

AWS Cloud

For your uncompromising security, SmartSuite is hosted by Amazon AWS, which supports more security and compliance certifications than any other Cloud vendor, including: PCI-DSS, HIPAA/HITECH, FedRAMP, FIPS 140-2, NIST 800-171 and GDPR.

Learn more about Amazon’s compliance programs.

Advanced permissions ensure the right people have access


Easily restrict access by member and team or use advanced settings to assign Admin, Editor, Contributor or View-Only access to teams or individuals.

Flexible authentication options support your organization's needs



SmartSuite supports secure cloud authentication using Google, Microsoft and Apple accounts to reduce the burden of login for users. Available for Web and mobile (iOS and Android), this option allows for the use of existing accounts to log in to SmartSuite - no need for an additional password.

Secure your account with two-factor authenticaion (2FA)


Professional and Enterprise accounts come with an added layer of security by requiring additional information in addition to a username and password. Users have the option to receive a text message on their mobile device or use a code from an authentication app to complete their login process.

IP restrictions in SmartSuite

IP Address

SmartSuite includes an advanced security feature: the ability to specify IP Address Restrictions for your Workspace. With this powerful tool, you can establish a whitelist of trusted IP addresses or IP ranges. Users will only be granted access to your workspace if they connect from these authorized addresses, enhancing security and control over your environment.

session management in SmartSuite

Session Management

SmartSuite supports auditing of Member sessions, allowing admins to access detailed login information to monitor user activity and behavior. SmartSuite Administrators can choose to terminate any active session, providing control and a the ability to enforce security measures. This monitoring suite equips SmartSuite admins with the tools to safeguard the integrity of SmartSuite and your organization's data.

data loss prevention

Data Loss Prevention (DLP)

SmartSuite supports a robust API infrastructure designed to integrate with third-party vendor services that monitor the inflow and outflow of sensitive data to the platform. These systems empower administrators with proactive capabilities to safeguard the integrity and confidentiality of critical information. By leveraging this functionality, organizations can implement comprehensive data protection measures, ensuring compliance with regulatory standards and bolstering the security posture of their SmartSuite environment.

smartsute hippa dna gdpr


At SmartSuite, safeguarding our customers' success and data integrity stands as our paramount priority. Operating globally, we steadfastly adhere to the stringent standards outlined in the General Data Protection Regulation (GDPR) and the Healthcare Information Portability Act (HIPAA).

While formal certifications are not issued for GDPR or HIPAA compliance, SmartSuite has proactively taken measures to ensure adherence to both regulatory frameworks. Through strategic collaboration with a reputable third-party security firm, Prescient Security, we conduct thorough audits to validate compliance with HIPAA and GDPR regulations. Our commitment extends beyond mere compliance; we continuously enhance our security infrastructure and practices, implementing robust measures such as data encryption in transit and at rest, meticulous backup protocols, comprehensive logs, and vigilant security alerts.

Security Policy

SmartSuite has a formal security policy that is followed across the organization, and all employees, partners and contractors are required to adhere to its standards.

SmartSuite Security Policy