Q: What are the technical and organisational measures you take to ensure the security of any personal data?

A: SmartSpace operates differently from a typical SaaS solution. Instead of being hosted on our own infrastructure, our product is installed directly from the Azure Marketplace into a client’s Azure environment. This means that our personnel do not have administrative or backdoor access to the installed product, or any customer data—personal or business-related—connected to a SmartSpace dataspace.

SmartSpace requires minimal, read-only access to a client’s Entra ID tenant for SSO purposes. This access can be granted and revoked through the Enterprise Application in your Entra ID settings. The authentication process involves a Microsoft App Registration within the SmartSpace tenant, which is then registered in your tenant as an Enterprise Application. This allows you to manage user access and control what SmartSpace can access in your tenant.

The limited personal data we collect—such as names, email addresses, and phone numbers of partner and client key contacts and prospects—is held in our third-party SaaS CRM platform, HubSpot, in accordance with our Data Retention Policy.

We selected HubSpot as our CRM platform due to its reputation and secure infrastructure. It holds ISO27001 and SOC2 & 3 certifications, ensuring the security and trustworthiness of the personal data we collect.