this page answers general questions about information and data security at smart-me AG and aims to enable partners to answer the standard security questionnaires independently.
Contact: security@smart-me.com
Last Update: 16.1.2025
Internationally active company with approx. 50 employees.
Development and production of a billing solution for ZEVs / Mieterstrom, e-mobility and multi-energy.
Terms of Service (ToS)
Data Processing Agreement: Part of ToS
Data Privacy Policy
For the purchase of license using a credit card, the credit card information is processed via Stripe.
For orders and quotations, customer information is processed via Bexio.
Support cases and their information are processed via Freshdesk.
Customers are responsible for their own smart-me accounts and can delete them at any time in the web portal.
If a customer deletes their account, this data is irreversibly removed.
After 30 days, no backup is available.
Data processed via Freshdesk or Bexio can be deleted on request.
Access to our servers is restricted to internal IPs of the cluster. Smart-me only has access to customer account data with the explicit permission of the customer.
All smart-me services are hosted on Microsoft Azure Switzerland servers. We do not operate any servers ourselves.
The servers are protected by Microsoft Azure measures. In addition, we use Cloudflare as a web application firewall (WAF) and load management.
System availability is guaranteed by the Microsoft Azure infrastructure.
The data is not individually encrypted by customer but the database as a whole, in which the data is contained, is.
Communication between meters and the cloud is encrypted using AES-256.
Passwords are hashed using RIPEMD-160 with dynamic salt.
No. The exception is access via our API, which also supports oAuth 2.0 in addition to Basic Auth.
The meter data is subject do daily backups by Instaclustr. More Info
Customer data that is processed via Freshdesk, Bexio or Stripe is subject to the data security of the respective manufactureres and therefore also their backup processes.
No
No
Yes, but the specific details are confidential.
No, but our cloud infrastructure provider Microsoft Azure is ISO27001 certified.
No
No
Yes, but only with publicly available information
As our application is not hosted locally, our network architecture is independent of the server architecture. The local segmentation is as follows:
Production Network
Guest Wifi
Office Network
Yes, syber security training is provided:
Frequency: Every six months and during onboarding.
Additional training courses: Depending on current events or emerging threats.
No
Yes, we have internal cyber security resources.
Yes, all systems and devices are regularly updated to the latest stable versions.
Yes, all devices are equipped with:
Endpoint Detection and Response (EDR)
Network Detection and Response (NDR)
Windows Defender as Antivirus (AV)
No