SMART SMS API Security Statement

At SMART SMS API, security, reliability, and compliance are at the core of our platform. We prioritise the protection of customer data, ensuring that our infrastructure meets industry standards while providing seamless, high-performance messaging services.

Compliance & Standards

SMART SMS API hosts its core web platform on Amazon Web Services (AWS) to ensure compliance with industry-leading security and privacy requirements. AWS is accredited with multiple assurance programs, including:

* ISO 27001 – International standard for information security management

* SOC 2 – Controls for security, availability, processing integrity, confidentiality, and privacy

* HIPAA – Compliance for handling protected health information

A full list of AWS compliance certifications is available in the AWS Security and Compliance Whitepaper.

In addition, customer data is hosted on platforms that comply with ISO 27001, and PCI-DSS accreditation is enforced for billing and payment systems.

Our Security Program aligns with ISO 27001, ensuring continuous assessment and implementation of security best practices across all SMART SMS API platforms and support services.

Reliability & Performance

* High availability – Our AWS-hosted platform operates in an active-active configuration across multiple availability zones for 99.95% uptime.

* Low latency – Our API is optimised for ultra-fast performance, with sub-100 millisecond response times.

* Rapid message processing – 95% of messages are processed within 2 seconds for real-time delivery.

* Redundant telecom connections – Multiple carrier connections across Australia’s leading networks ensure continuous service availability.

* Scalability – Built to support high-volume messaging, enabling businesses to scale seamlessly.

* Message prioritisation – Ensures urgent messages are delivered even during peak traffic periods.

Security

Data in Transit

SMART SMS API protects customer data with TLS 1.2 encryption using AES ciphers, ensuring that all communication meets Australian Government Information Security Manual recommendations and global security standards.

Customer data transfers within SMART SMS API are conducted over segregated networks or Virtual Private Networks (VPNs). Access to these networks is strictly controlled, with permissions granted only to authorised personnel.

Data Encryption

All sensitive customer data is encrypted at REST using AES encryption, preventing unauthorised access and ensuring compliance with best security practices.

Network Protection

SMART SMS API’s infrastructure is segregated from corporate networks through physical and cloud-based Virtual Private Networks (VPNs).

* Firewalls and network segmentation ensure that access is restricted to authorised personnel only.

* Role-based access control (RBAC) limits system access based on job function and necessity.

Security Logging, Monitoring & Incident Response

SMART SMS API continuously monitors security logs and events in accordance with industry standards.

* Security incidents are handled via our Security Incident Response Plan, ensuring compliance with Australian Privacy Act regulations, including the mandatory data breach notification scheme.

Access Control

SMART SMS API provides granular access controls for customer accounts:

* Individual user authentication – Each user receives a unique account to enhance security.

* Self-managed API keys – Customers can generate and manage their own API keys securely.

For internal security, SMART SMS API staff access follows strict guidelines:

* Role-based access control (RBAC) to enforce least-privilege access.

* Multi-factor authentication (MFA) for all privileged access.

Data Residency

SMART SMS API adheres to local data residency requirements. For further details, please refer to Section 10 of our Privacy Policy.

Integrations & Ecosystems

SMART SMS API provides secure integrations with various business platforms, including Shopify, HubSpot, and NetSuite.

While we ensure that Data in Transit is encrypted, customers are responsible for securing their own configurations, access control, and infrastructure security within third-party ecosystems.

This Security Statement applies to all users of the SMART SMS API web portal and REST API. Different security protocols apply to users of alternative SMART SMS API services and integrations.