How we protect your team's data
SMVUE takes the security of your team's data seriously. Our platform is built on Google Cloud Platform using managed services that provide automatic security updates and high availability. We implement defense-in-depth strategies including field-level encryption for sensitive content, multi-factor authentication for administrative access, comprehensive audit logging, and automated security scanning in our development pipeline.
Sensitive data including coaching notes, meeting insights, and AI-generated feedback is encrypted at the field level using AES encryption before storage. We maintain separate encryption keys for different data categories, ensuring that compromise of one key does not expose unrelated data types.
All data transmitted between your browser and our servers is protected by TLS 1.2 or higher. We enforce HTTPS across all services with HTTP Strict Transport Security (HSTS), and database connections require encrypted channels.
User sessions are managed through secure, HttpOnly cookies that cannot be accessed by client-side scripts. We enforce strong password requirements and implement account lockout policies with exponential backoff to prevent brute-force attacks. Session tokens are automatically rotated, and potential token reuse triggers automatic session invalidation.
Administrative access requires multi-factor authentication using time-based one-time passwords (TOTP) with backup code support. When support staff need to view a customer account for troubleshooting, impersonation sessions are time-limited, require a documented reason, and generate a complete audit trail.
Access to your organization's data is strictly controlled through role-based permissions. Each user sees only data within their organization, and administrative staff operate under the principle of least privilege with permissions scoped to their specific job functions.
SMVUE runs on Google Cloud Platform, leveraging managed services including Cloud Run for compute, Cloud SQL (PostgreSQL) for database, and Cloud Storage for file storage. Production secrets are stored in Google Secret Manager and injected at runtime, never stored in code.
Our infrastructure sits behind a global load balancer that terminates TLS connections and routes traffic to our application services. The database is not accessible from the public internet. We implement rate limiting across all API endpoints to prevent abuse and ensure service availability.
Our PostgreSQL database requires SSL for all connections, maintains automated backups with point-in-time recovery capability, and logs all database activity for security monitoring.
We maintain comprehensive logging and monitoring across all services. Logs are structured for efficient analysis and minimize personally identifiable information through hashing and masking. Administrative actions generate audit trails that capture the who, what, when, and why of each operation.
Real-time system status and uptime history are available at https://smvue.betteruptime.com.
SMVUE supports GDPR compliance with built-in data portability and erasure capabilities. Users can export all their data in machine-readable format, and deletion requests anonymize or remove all personally identifiable information while preserving necessary audit trails.
When you delete your account or request data erasure, we remove your data from our systems including cloud storage. We also revoke OAuth connections with third-party services where APIs support it.
We are evaluating formal compliance certifications including SOC 2 Type II and ISO 27001. Our technical controls align with common enterprise security frameworks. We're happy to complete security questionnaires and provide detailed technical documentation upon request.
Security is integrated into our development workflow through automated scanning. Every code change undergoes static analysis, dependency vulnerability checks, infrastructure configuration review, and secret detection before deployment. We also run scheduled security scans weekly to catch newly discovered vulnerabilities.
We welcome responsible security researchers to report vulnerabilities. If you discover a security issue, please contact us at security@smvue.com. We commit to acknowledging reports within 48 hours and working with researchers to understand and address issues promptly.
For security questions, compliance documentation requests, or to report a vulnerability, please contact us at security@smvue.com.
Last updated: March 2026