Smart Advisor handles sensitive client and compliance data for advisory firms. Security is foundational to how we build. This page summarizes the safeguards we use to protect your data.
We design the Service with a defense-in-depth mindset: layered controls across the application, infrastructure, and operational levels, with least-privilege access and continuous monitoring. We host on established United States cloud infrastructure.
The Service runs on reputable United States cloud infrastructure that maintains industry certifications such as SOC 2 and ISO 27001. Production environments are isolated from development and staging, and network access is restricted by firewall and security-group policies.
For firms using our archiving features, supported records can be retained in a write-once, read-many (WORM) configuration designed to support recordkeeping workflows. You control retention settings. These features assist with — but do not by themselves guarantee — compliance with SEC, FINRA, or state requirements.
Content processed by AI features is transmitted securely to our AI providers solely to generate output for you. Our providers are contractually prohibited from using your data to train their general models. AI Output should always be reviewed before you rely on it.
We maintain audit logs of key system and administrative events and monitor for anomalous activity. Logs are retained to support security investigations and recordkeeping.
Customer Data is backed up regularly with encryption. We design for redundancy and maintain procedures to restore service in the event of a disruption.
We apply security patches on a risk-prioritized basis, use dependency scanning, and conduct periodic security testing of the application and infrastructure.
We maintain an incident response process. In the event of a confirmed breach affecting your data, we will notify affected customers without undue delay and consistent with applicable law and your agreement.
Security is a partnership. We secure the platform; you are responsible for safeguarding your credentials, configuring access for your team, enabling multi-factor authentication, and ensuring you have consent to record meetings and submit client data.
If you believe you have found a security vulnerability, please email security@smartadvisorx.com. We appreciate responsible disclosure and will work with you to verify and address valid reports.