Compliance Certifications
Smartling complies with PCI, SOC 2, HIPAA, and GDPR standards. The last audit period was from January 1, 2022, to December 31, 2022. Documents and reports are available upon request.
Smartling has continuously maintained:
- PCI Level 1 compliance since 2012
- SOC 2 standards through complete examinations for SOC 2 Type 2 reports on security principles since 2013
- HIPAA compliance since 2013
- Compliance with the EU General Data Protection Regulation (GDPR) since GDPR introduction in 2018
Certification | Purpose | Scope |
---|---|---|
PCI | Certifies presence of best security practices for secure processing and transmission of credit card data. | Web Proxy Service (Global Delivery Network). (Smartling does not store credit card data or other user data in any databases, API, or connectors.) |
SOC 2 | Certifies a third-party vendor’s controls over security, availability, processing integrity, and confidentiality or privacy. | Dashboard, API Service, Web Proxy Service (Global Delivery Network), CAT Tool |
HIPAA | Certifies an external vendor’s controls over privacy and security of certain health information covered by the law. | Dashboard, API Service, Web Proxy Service (Global Delivery Network), CAT Tool |
Smartling is also in compliance with ISO 17100, ISO 13485 and ISO 9001:2015 for Language Services.
Personal Data and Information Security
Smartling maintains strict control over personal data that passes through its systems at all times while remaining committed to data security at all times. In light of evolving data privacy standards throughout applicable law across jurisdicitions – particularly in the EU area – Smartling is happy to share the below statement of policy and practice with its customers and prospective customers. For more information, please view Smartling's privacy policy.
How Smartling’s Business Interacts with Personal Data
Smartling’s business revolves around three main components:
- Productivity tools and cloud data storage, including, for some customers, CMS connector products to move untranslated content into Smartling’s productivity tool and translated content back out to Customers (the “Smartling Platform”);
- A web proxy that intercepts Smartling Customers’ end users’ HTTP requests and returns translated content stored in the Translation Platform (the “Global Delivery Network” or “GDN”); and
- A translation services marketplace to facilitate purchase of translation services by Smartling end users from independent translation service providers.
Many of our customers do not use all of these products. If your firm does not use the GDN, or if it relies on other vendors for translation services, you need not worry about Smartling’s handling of those types of personal data.
Types of Personal Data to which Smartling Has Access
Smartling interacts with personal data in four major contexts: transmission through Smartling infrastructure, Smartling account maintenance/use, outbound marketing communications, and communications between Smartling and Smartling personnel.
- Transmission Through Smartling Infrastructure – Smartling makes a concerted effort during each Customer’s onboarding and throughout their relationship to segregate personal data and prevent it from entering the Smartling Platform.
- Smartling Customer Records – As a matter of course, Smartling must create and maintain files on each of its customers, including personal information belonging to customer representatives that interact with Smartling’s products. This includes names and contact information, but also billing information for the customer, as well as login and password information, among other potentially identifying data points.
- Outbound Marketing Communications – Smartling sends marketing communications to its customers and others, and it maintains lists of contact information to that end.
Smartling Policy Regarding the Protection of Personal Data Belonging to Customers
Because we are keenly aware of the risks associated with personal data, Smartling is happy to work with its customers to ensure data security, proper handling of personal data, and privacy.
- Smartling assumes full responsibility for its handling of personal data. Our standard agreements make clear that Smartling assumes responsibility for its employees, its contractors, and its suppliers in this and every other compliance area. We take time out of our onboarding process to work with our customers to help prevent the mistaken transmission of personal data into channels where it does not be
long. - Smartling relies on industry-leading cloud services to keep data secure and compliant. Smartling uses Amazon Web Services locations across the globe to house customer data, largely because of the risks associated with data crossing jurisdictional boundaries.
- Smartling relies on independent contractors. Smartling employs a number of independent contractors to provide services throughout its business. Because Smartling relies on these vendors to maintain its service standards, we cannot agree to allow our customers special control over these vendors’ assignments, or provide lists of these contractors.
- Smartling works with its customers to ensure compliance. Because we know that each customer’s situation is different, should the need arise, Smartling’s team is happy to work with customers to ensure that every one of our customers has what it needs to use Smartling with confidence. Contact your sales representative or account manager if you have any additional concerns about using Smartling.