Security and privacy at the heart of our mission: our commitments, actions, and the ongoing efforts to safeguard your information
In today’s data-driven world, data security, compliance, and privacy are critical aspects that every business needs to prioritize, especially when handling sensitive or confidential information.
SmartDigiDocs is designed with these priorities at its core, ensuring that customer data is handled with the highest standards of security and privacy. Our platform combines advanced security measures, data retention flexibility, and user control to deliver a secure and compliant document generation experience.
1. Security by Design: Data Flow Architecture
SmartDigiDocs operates on a logically segregated SaaS infrastructure hosted on Microsoft Azure in Western Europe, enabling robust data isolation practices. Each customer’s data is processed and managed in separate environments, ensuring no crossover or unauthorized access between client data.
Our approach to data flow security is multi-layered:
- Data Encryption in Transit: All data exchanges between customer environments and SmartDigiDocs are protected by HTTPS encryption, preventing unauthorized access during transmission.
- Centralized Access Control: Identity and access management (IAM) is handled centrally through LDAP-based identity management, providing strict control over who can access the data, based on predefined roles and permissions.
This architecture supports secure integrations with business applications, enabling document generation through a secure API framework. The use of XML payloads with embedded metadata allows controlled data exchanges, ensuring that customers retain full control over templates, test data, and other information they handle through SmartDigiDocs.
2. Privacy by Design: Data Processing with Purpose Limitation
SmartDigiDocs processes both personal and non-personal data to deliver efficient document generation services, following strict principles of purpose limitation and data minimization. We ensure that only the necessary data is processed at each stage, and that customers retain full authority over their data throughout the document lifecycle.
Our approach to data processing includes:
- Template Management: Customers control the templates and any associated test data they manage in the ModelStore and PublishStore. This includes defining, updating, and deleting templates, ensuring they maintain oversight over data they introduce into the system.
- Document Generation: When generating documents, customer applications initiate requests through the SmartDigiDocs API. During this process, template metadata and variable data are processed, creating customized documents in formats such as PDF, DOCX, or HTML. Generated documents are retained only temporarily to support troubleshooting and support needs, with customers empowered to delete them immediately via an API call, granting them complete control.
3. Data Retention and Lifecycle Management
Data retention at SmartDigiDocs is designed to be both flexible and compliant, aligning with customer requirements while ensuring data is retained only as long as necessary. Key retention practices include:
- Generated Documents: By default, generated documents are stored for seven days to facilitate troubleshooting and support. Customers, however, have the option to delete generated documents immediately using an API call, which provides them with control over data retention duration.
- Support Data: For continuity, information related to support services, such as customer contact details, is retained for the duration of the contractual agreement to ensure ongoing support availability.
This approach to lifecycle management enables customers to define and manage data retention based on their unique requirements, minimizing unnecessary data storage and maximizing control.
4. Data Disposal: Ensuring Secure and Transparent Deletion
At SmartDigiDocs, we prioritize data disposal as part of our commitment to data security. Customers have direct control over when and how data is deleted, with options that include:
- Immediate Deletion via API: Customers can request immediate deletion of documents or other data as needed, empowering them to determine retention based on their preferences.
- Comprehensive Disposal Processes: Once data is no longer needed, it is securely and permanently deleted from the system, aligning with our commitment to data minimization.
By integrating flexible data disposal practices, SmartDigiDocs ensures data is not retained beyond its useful lifecycle, supporting compliance while prioritizing customer control.
Conclusion
SmartDigiDocs is dedicated to providing a secure, compliant, and privacy-focused platform that empowers customers to manage their data with confidence. By embedding security and privacy into every stage of the application’s design, we help clients meet their own data protection goals while ensuring that control over data remains firmly in their hands. This commitment to security and transparency underpins our mission to be a trusted partner in secure, efficient document generation and management.