Trust
How we protect your data and respect your customers' privacy.
SmartSphere is built security-first. We’re a UAE-headquartered company designed to serve enterprises in regulated industries globally — healthcare, banking, real estate, and more. Our architecture, processes, and roadmap are oriented toward making sensitive deployments straightforward to approve and operate.
SmartSphere runs on top-tier cloud providers (AWS and Google Cloud) whose underlying infrastructure is independently audited under SOC 2 and ISO 27001. We support regional deployment options across UAE, EU, and US so customer data can be pinned to the residency you require.
UAE
Primary deployment region for MENA customers.
European Union
GDPR-aligned residency option.
United States
For US-based customers and partners.
In transit
TLS 1.3 enforced across all customer-facing traffic and inter-service calls.
At rest
AES-256 encryption for stored conversations, recordings, and customer records.
Key management
Managed via cloud KMS with rotation policies and access logging.
Documented data flows, a published sub-processor list, a Data Subject Access Request (DSAR) process, and the ability to honor the full set of data subject rights — access, rectification, erasure, portability, objection, restriction, and withdrawal of consent.
Aligned with the UAE Personal Data Protection Law. UAE data residency is available, and our processing roles, retention practices, and breach notification workflows are built with PDPL in mind.
Note: We are designed to support these frameworks. Specific certifications such as SOC 2 Type II and HIPAA-compliant deployments are available on Enterprise plans or are on our public roadmap.
We use a small set of carefully selected sub-processors to power specific parts of the platform. The list below is illustrative; customers under DPA receive an authoritative, version-controlled list with change notifications.
| Sub-processor | Purpose | Region | Notes |
|---|---|---|---|
| OpenAI | Large language model inference | United States | Enterprise data-handling controls |
| Anthropic | Large language model inference | United States | Enterprise data-handling controls |
| Twilio | Telephony, SMS, and WhatsApp Business API | United States | SOC 2 Type II |
| Amazon Web Services | Application hosting and storage | Multi-region (UAE / EU / US) | SOC 2, ISO 27001, ISO 27018 |
| Stripe | Payments and subscription billing | United States | PCI DSS Level 1 |
DSAR process
Submit a Data Subject Access Request to security@smartspheretechnologies.com and we acknowledge within 5 business days.
Data export
Export your conversations, contacts, and analytics — fulfilled within 30 days.
Deletion requests
Account and customer data deletion fulfilled within 30 days, subject to legal retention obligations.
We’re actively investing in deeper compliance certifications. Current targets:
SOC 2 Type II
Audit planned for 2026
Independent attestation of security, availability, and confidentiality controls.
HIPAA-compliant deployments
Enterprise tier
Designed for healthcare customers requiring BAA and PHI handling.
ISO 27001
Planned
Information security management system certification.
Security questions, vulnerability disclosures, and DSAR requests: security@smartspheretechnologies.com.
For procurement, MSAs, DPAs, or BAAs, see our contact page.
We'll plug into a sandbox of your stack and run live calls and chats with your scenarios.
