Smler Logo
SMLER

Security at Smler

We build infrastructure that enterprises trust with their links. Here is how we protect your data and keep your links working.

Infrastructure & reliability

Smler runs on redundant cloud infrastructure across multiple availability zones. We serve 1B+ redirects with 99.9% uptime. If one region goes down, traffic fails over automatically. Your links keep working.

  • 99.9% uptime SLA on Scale and Enterprise
  • Multi-region redundancy with automatic failover
  • 1B+ redirects served and counting

Data handling

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Analytics data retention depends on your plan: 30 days on Free, up to custom retention on Enterprise.

  • Encryption in transit and at rest on every plan
  • Data retention tied to your plan tier
  • 60-day data deletion on request, no questions asked

Access controls

Team seats are available from the Team plan ($49/mo). Each seat has its own credentials. SSO is available on Enterprise. API keys are scoped per app and can be rotated from the dashboard. We enforce rate limits on all API endpoints to prevent abuse.

Payment security

All payments are processed by Stripe. Smler never stores your card number, CVV, or full card details. We store only the last four digits and card brand for display in your billing dashboard. Stripe is PCI DSS Level 1 compliant.

Privacy & DPA

A Data Processing Agreement (DPA) is available on Team and above. Contact us to get yours.

Our privacy policy covers what data we collect, how we use it, and your rights under GDPR and other applicable regulations.

SOC 2 and compliance roadmap

SOC 2 Type II is on our compliance roadmap. Enterprise customers with specific audit requirements: talk to us. We scope compliance work as part of enterprise engagements.

Responsible disclosure

Found a security issue? Please report it to [email protected]. We respond to every report within 48 hours and credit reporters in our security acknowledgements (unless you prefer to remain anonymous).

Questions about security?

Enterprise customers get a named contact, DPA, and compliance scoping as part of their engagement.