Security at SmartCue
We take the security of your data seriously. Here's what we do to keep your demos and data safe.
Encryption in Transit
All data transmitted over HTTPS/TLS 1.2+. No unencrypted connections accepted.
Encryption at Rest
Data stored with AES-256 encryption.
Role-Based Access Control
Four roles — Admin, Editor, Viewer, Guest. Granular permissions for every team member.
Audit Logs
Track who did what, when. Available on Growth and Enterprise plans.
Cloudflare Infrastructure
Hosted on Cloudflare’s global network with built-in DDoS protection, WAF, and edge caching.
Data Handling
We don’t sell your data. Demo content stays yours. See our Privacy Policy for details.
Additional Practices
- Regular dependency updates and security patches
- Input validation and sanitization on all API endpoints
- Rate limiting on all public-facing APIs
- CORS with explicit origin allowlists (no wildcards)
- Content Security Policy headers on all pages
- Sandboxed iframes for embedded content
A Note on Where We Are
We're a lean team, not a Fortune 500. We don't have SOC 2 or ISO 27001 (yet). What we do have is a security-conscious engineering culture, transparent practices, and a commitment to doing right by our customers.
If you have specific security requirements, reach out — we're happy to discuss.