Smarp is the first employee advocacy provider that earned ISO 27001 security certificate, which is the strictest international standard in information security management.
The audit and certification process to gain the certificate covers a very extensive range of fields from security policies to operational continuity management, physical security, access management, compliance with legal requirements, in-house processes and backup systems. It gives rise to the regular reassessment of risks and results in constant improvement.
In addition, you may also ask the question:
What personal data does Smarp save and for what purposes is the data saved for?
The answer is:
- First name, last name and Email address used for communication and authentication
- Authentication code from social network in the form of OAuth (version 1 and 2) tokens, which are random strings generated by social networks and do not include the username nor the password to the respective social networks, but are only used to interact with respective social network on behalf of user (with his/her consent) in situations such as sharing content to social media .
Social network permissions
When users connect their social media accounts to Smarp to facilitate social sign-in or sharing content to social media, the social networks would ask the users for permissions to conduct certain actions in order to facilitate the functionalities above. Here are a list of permissions which users need to provide to the major social networks. Kindly note that these permission levels for third-party applications are defined by social networks.