How Smylor keeps data secure & safe

Data Security & Safety

Data Safety, Privacy & Security

Your site and user data are safe with Smylor. There are a number of steps we take to ensure you are the only person who can access your site data and that your users' privacy is respected.

Data storage

User and usage data that Smylor collects through its software is stored in Switzerland and Germany data centers. Our application and database servers run inside a Virtual Private Cloud (VPC). Access to the VPC is limited to Smylor team members on a need-to-know basis. Data stores within the VPC are not directly exposed to the internet. Only systems with a direct technical need are exposed (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).

For exception-based logging, Smylor has designated sub-processors which are based outside of the EU. Smylor uses these designated sub-processors to provide reliable service to its users for infrastructure and application monitoring. The data they process is used solely by Smylor's engineering team to operate and improve the software's reliability. It is not queried or used for any other purposes.

User privacy

Site users are assigned a unique user identifier, UUID, so that Smylor can keep track of returning users without relying on any personal information, such as the IP address.
No end-user IP addresses are stored at rest.

IP Addresses can optionally be passed to Smylor as a User Attribute

In the case of IP addresses passed to Smylor that are stored, they are subject to the same privacy requirements as any other personal information passed to Smylor. This includes requiring user consent, and for you to have accepted our Data Processing Agreement.

Data collection and transmission

Firewalls are in place exposing only the necessary ports through the internet and between different servers.
Threat Management including Intrusion Detection System (IDS) and Intrusion Protection System (IPS) support provides a second layer of security, which will block access as soon as any suspicious login activity is detected.
Smylor transmits data from the user's browser to our system using HTTPS.
The protocols and ciphers suite used to encrypt data in transit are available at the end of this article.

Data access and authentication

Only Smylor engineers who require such access to perform their job efficiently are given this type of access. Different engineers are given different access rights on different system components as well depending on what their job requires. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs.

Data collected through Smylor is exclusively reserved for use by our users and customers. Smylor does not make use of the data collected in any form or way unless consent is officially given by an admin of the Smylor account, clearly outlining what the data will be used for.

Data access and backup

At Smylor we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day and kept for seven days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.

Compliances, Certificates, and Audits

Smylor utilizes certified data centers where our client data resides. Certifications are as follows:

ISO-27001 Certification for Telemaxx https://www.telemaxx.de/rechenzentrum/sicherheit/zertifizierungen
ISO-9001 & ISO-27001 for DataSource AG https://www.datasource.ch

Smylor manages payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Stripe, with no electronic storage, processing or transmission of any cardholder data on Smylors infrastructure. https://stripe.com/docs/security/guide

Smylor Architecture & Security

Data in transit is encrypted using the following protocols and ciphers:

SSL Protocols
TLSv1.2

SSL Ciphers

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA256

Updating your Privacy Policy for use with Smylor

As a company based in the European Union, our technology and processes adhere to the strictest legal privacy requirements. In fact, we engaged a specialized German law firm to assist us with the process of drafting a policy that is suitable for us, as well as for Smylor users around the world.

While we always recommend you seek legal advice within your territory, we suggest you review the provisions of our Privacy Policy and ensure your own policy mirrors the same principles we have included.

How does Smylor manage it's applications?

Application Security

Smylor has built both internal and external security checkpoints into the Smylor application’s development pipeline.

Smylor Coding Development
Application Staging Testing
Application Live Bug Testing

With this coding development approach our engineers have the ability to be creative with new features while sustaining tried and tested end user secure experiences.

How Smylor applies security in it's Data Centers.

Cloud Security

Access to Smylor’s systems is strictly controlled through both our Access Control policies as well as technical controls. Our approach will always be to provision on a ‘need-to-know’ basis.

Smylor’s site-reliability engineers take ownership of Infrastructure and Application performance monitoring. Below are a few of the measures taken by this team to ensure Smylor monitors performance while maintaining a strong security mindset.

Which Sub-Processors Used by Smylor?

Smylor Subprocessors

Smylor is committed to ensuring that all of its sub-processors have the appropriate legal and security safeguards in place to ensure that your data will remain protected to the highest standards. This includes signing a Data Processing Agreement (together with Standard Contractual Clauses, where applicable) with all of our sub-processors and ensuring they all have supplementary measures in place, where applicable

How long does Smylor keep my data?

Data Retention

Smylor will retain data for up to 3 years from the date of capture depending on the type of data entered. Most data will usually be taken off-line after 12 months and only maintained in a backup as encrypted files. This applies to all accounts and plans.

Dental Clinics Near You

Book a Dental Treatment

Our Smylor dental marketplace allows you to review and request bookings from 100s of dentists near you. Currently available in Switzerland (Zürich & Zug) and Germany (Köln, Düsseldorf and Bonn), launching new cities throughout 2023.

Click on your region.

Zürich-Schweiz NRW-Deutschland