Customer confidence and information security is critical to everything we do at ChatShipper.

More than 1000 businesses trust ChatShipper (aka, CS) with their customer communications, expecting their data to be protected and secure. That’s why we sweat the details. Through rigorous security checks, data encryption, employee screenings and compliance with industry regulations, we ensure your data is safe with us.

Data center and network security

CS services are hosted on Google Platform. As such, ChatShipper inherits the control environment which Google maintains and demonstrates via SOC 1, 2 and 3, ISO 27001/27017/27018 and FedRAMP reports and certifications. Web servers and databases run on servers in secure data centers.

Access Controls

Logical access to the ChatShipper production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by our production and security teams. Premises are monitored and access is logged.

Data Encryption

ChatShipper encrypts all customer data, both in transit and at rest. Communications between you and Smooch servers are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.

BEST PRACTICES AND EDUCATION

We implement industry best practices to ensure the confidentiality and integrity of your data.

Incident response plan

We have implemented a formal procedure for security events and have educated all our staff on our policies.

Confidentiality agreements

All new hires are screened through the hiring process and required to sign non-disclosure and confidentiality agreements.

Security and privacy training

All new employees attend a security training during the onboarding process. In addition, all employees must take the ChatShipper Security and Privacy training once a year, which covers the information security policies, security best practices, and privacy principles.

GDPR

ChatShipper has designed its Privacy Program based on European privacy laws to ensure that no matter where they are located, customers using our platform will be able to comply with any privacy framework, including the GDPR.

Investing in your privacy

We understand the privacy commitments you make to your customers, employees, and users.

Internal processes and audit

Our Chief Privacy Officer works with our developers to make sure we comply with applicable international privacy laws.

Service data processing

We primarily process personal data on behalf of our customers. Our privacy practices are outlined in the privacy statement for service data.

Data collection

We collect a limited amount of personal data for our own internal purposes, that is governed by the privacy policy

European Union Data Hosting

ChatShipper customer data is hosted, stored and backed up entirely within the EU.