Security & Privacy

Data protection and privacy mean a lot to us. We follow the highest standards when it comes to protecting our customers' data.

Single Sign-on over OpenIDConnect, OAuth 2.0, and SAML 2.0
AES-256 encryption at rest, and continuous TLS 1.2 for data transfer
Fully compliant with GDPR and German DSGVO
Custom hosting available, for location and jurisdiction of choice
ISO 27001 certified data centers for all processing and storage
Regular penetration, disaster recovery, and business continuity tests
SOC-2 certified data centers for all processing and storage
Custom SLAs (service level agreement) available for enterprise customters
Security & Privacy

Your data is safe. Period.

Our top priority is keeping your data safe. Below you find detailed information on what happens with your data when you sign up for Smaply.

If you have specific questions or any doubts, please don’t hesitate to get in touch.


Smaply by More than Metrics is according to our current state of information fully compliant with GDPR. Our company is registered as GmbH in Innsbruck, Austria and therefore European Standards fully apply to all services we provide.

If you have any concerns, want to report a vulnerability or have general questions, please don't hesitate to get in touch with us via

While everyone at More than Metrics GmbH takes Privacy and Data Security very serious we have implemented additional measures to protect your data. Below you can find an overview about the main points of GDPR.

GDPR commitment

In order to comply with the GDPR (DSGVO), we defined a set of technical and organizational measures to be taken based on the strict legislative situation.

Specifically these are:

  • Revised 3rd party contracts with DPA’s in place (done)
  • Specific information on how data is used and stored publicly available (done)
  • Review T&C for GDPR compliance (done)
  • Review and update all policies and processes in regards to security and privacy compliance (done)
  • Granular consent for tracking (in progress)
  • In-app possibility to opt-out of tracking (in progress)
  • Team training on Privacy and Data protection (done)

In addition there are a number of additional steps taken to strengthen compliance wherever possible. We are very happy to share all the details with customers. Please just get in touch with us via

YOUR DATA, your rights

GDPR Rights

The GDPR grants certain rights to the customer and we make sure to adhere (and exceed, wherever possible) those rights. You can find the details in this PDF. Alternatively the summary can be found below.

Your data

Right to access

We only collect data that is essential to providing the service to you: email address and name to authenticate you, invoice details to meet Austrian law and some key usage data like error logs to fix bugs and improve the software. That’s it. To get more information or receive a copy of your personal data, please just get in touch with us via

Your data

Right to be forgotten

This was implemented in Smaply from day one: When you unsubscribe from Smaply all your data will be deleted from the production system immediately. Within 6 weeks it will also be gone from all our backups (we keep backups for 6 weeks by default; after that they will be deleted automatically).

Private by default

Privacy by design

Your privacy comes first. We don’t process/sell any of the data you enter, no matter if personal or not. It’s just stored and served for your usage of the software. This is a really important point for us: Our business model is to provide Software as a Service with a fair pricing model. There are no strings attached and our terms of service are really clear. It's that simple.

Secure cloud servers

Data storage

We use Google Cloud Platform provided by Google Commerce Limited, Ireland as well as Amazon Web Services provided by Amazon Web Services, Inc. as hosting providers.

Google Cloud Platform — Compute Engine locations used:

  • St. Ghishlain, Belgium
  • Changhua, Taiwan
  • Sydney, Australia
  • Iowa, USA

We have a database cluster in place that distributes stored data between all data-centers. However, all data is encrypted both at transfer and at rest and even though we host worldwide, your data is protected according to European standards. You can read more about this here. If you have doubts or questions about how we store data, please don't hesitate to get in touch with us!

Amazon Web Services — S3 + Cloudfront locations used:

  • Frankfurt, Germany

Files and images uploaded to Smaply are stored in S3, provided by Amazon and delivered via Cloud Front for your usage.

External services

Third party data providers, privacy and cookie policy

You can find detailed information about our privacy and cookie policy as well as a current comprehensive list of third party providers here.


Data processing agreement

Every newly registered user of Smaply has to read and acknowledge the basic information about privacy and security. In addition to that we do have a standard contract in place which you can find here: It is available both in German and English and is pre-signed by us. If you have special requirements for your DPA it is of course possible to set up a specific agreement. To do so, please get in touch with us via

We are serious

General remarks

We try to make the information about privacy and security as clear and easy to understand as possible and avoided "legal speech" on purpose. If have questions, need information of further detail or a more formal agreement please don't hesitate to get in touch with our CTO Klaus Schwarzenberger. He takes care of managing privacy and security measures at More than Metrics Gmbh. To do so, please get in touch with us via