Encryption
Traffic is encrypted in transit with TLS, and your data is encrypted at rest.
Security & data protection
Your data, handled with care.
SmashOne holds your account, your connected channels, and the customer messages your assistant replies to. Here's exactly how we protect them — in plain language.
Encrypted in transit & at rest
Hosted in the EU
We never sell your data
The basics, done properly
The essentials.
Four things we get right before anything else.
Access control
Two-factor authentication on accounts, and least-privilege access for our team — only what's needed to support you.
Your data is yours
We don't sell your data, and we never use your customers' conversations to train external AI models.
Backups & reliability
Regular backups and monitoring keep your cabinet running and your data recoverable.
How we handle your data
What we hold, and where it lives.
No surprises. Here is the data that flows through SmashOne, where it sits, and the rights you keep over it.
What we hold
Your account details, the social channels you connect (via secure tokens — we never see your social passwords), your business catalogue and FAQ, and the customer messages your assistant handles.
Where it lives
Your data is hosted in the European Union with our infrastructure providers.
Your GDPR rights
You can access, export, correct or delete your data at any time, and a Data Processing Agreement is available. We keep your data while your account is active and delete or anonymise it afterwards, per our Privacy Policy.
Sub-processors
Who helps us run SmashOne.
We use a small set of trusted providers. Each handles a specific job — nothing more.
| Provider | What they do |
|---|---|
| DigitalOcean | Cloud hosting & databases (EU – Frankfurt) |
| Cloudflare | CDN, DNS & network protection |
| Google Cloud (Vertex AI) | The AI that drafts assistant replies |
| Stripe | Payments (PCI-DSS Level 1 provider) — planned, added when EU billing goes live after KRS |
| Brevo | Transactional email (verifications, receipts) |
| Sentry | Error monitoring to fix issues fast |
This list can change as we improve the service; the current list is always in our Privacy Policy and DPA.
How the AI uses your content.
The assistant drafts replies from the business catalogue, FAQ, and tone you configure. In line with the EU AI Act, AI replies are clearly labelled as automated. We don't use your customers' conversations to train external models, and a human on your side can always step in.
What you control
Security in your hands.
A few settings in your cabinet keep your account locked down.
Two-factor authentication
Turn on 2FA in your cabinet settings.
Strong passwords
We enforce strong passwords and never store them in plain text.
Session control
Sign out of other sessions anytime.
Found a vulnerability? Tell us.
We welcome responsible disclosure. Email info@smashone.ai with the details and steps to reproduce, and we'll respond. Please don't access other users' data or disrupt the service while testing.
Run your social with confidence.
Honest protection, plain language, and data that stays yours — hosted in the EU.