Security practices.
SmartTec's administrative, technical, and physical controls — plus the trust, privacy, and legal docs a procurement team needs.
Last updated: June 2026
We take the security of customer data seriously at SmartTec. If you have additional questions, please email security@smarttec.io.
Hosting and Architecture.
Cloud-based (hosted) services
SmartTec infrastructure is hosted on AWS GovCloud and Microsoft Azure for Government. Customer telemetry, control plane, and operational data live in SOC 2 Type II environments with FedRAMP Moderate authorization in process.
On-premises (self-hosted) services
For self-hosted SmartTec deployments, the full AURA control plane runs on your infrastructure — your data center, your VPC, your hardware. No telemetry ever leaves your environment.
Battery cell supply chain
All cells are manufactured in our Tulsa, Oklahoma facility. We do not source from foreign suppliers. Full chain-of-custody audit available to federal customers under NDA.
Storage of customer telemetry
Operational data is stored on encrypted filesystems. Access is tightly controlled, audited, and revoked automatically when employee access is terminated. Vector embeddings are stored separately and can be disabled per-customer.
Confidentiality and Security Controls.
Personnel
All SmartTec employees undergo background checks before employment and receive security training during onboarding and ongoing. All employees sign our information security policy covering confidentiality.
Access controls
Role-based access with least-privilege defaults. Production access requires MFA + hardware key. All access is logged and audited quarterly.
Encryption
TLS 1.3 in transit. AES-256-GCM at rest. Customer-managed keys (CMK) available for Enterprise and Federal customers.
Return and deletion of data
Customer data can be returned within 30 days of termination. Customer-initiated hard delete removes data from production systems within 24 hours. Backups destroyed within 30 days.
Monitoring and Validation.
Certificates
SOC 2 Type II compliant. ITAR registered. HIPAA-ready. FedRAMP Moderate in process. Customer-facing trust center at trust.smarttec.io.
Penetration testing
Annual third-party pen tests by a CREST-accredited firm. All findings remediated within 30 days. Executive summary available under NDA.
Continuous scanning
24/7 hybrid automated vulnerability scanning. CVE monitoring with automated patch deployment for non-breaking security updates.
Incident response
Documented IR plan with 1-hour acknowledgment SLA for P1 incidents. Status page at status.smarttec.io.
Trust Center.
Compliance documents, certifications, and security artifacts available to prospects, customers, and procurement teams. Request access at security@smarttec.io.
Subprocessors.
Third parties that process customer data on SmartTec's behalf. We notify customers 30 days before adding a new subprocessor.
Privacy Policy.
Effective June 2026. Plain-English summary of how SmartTec handles personal data.
What we collect
Account information (name, email, billing), operational telemetry from your SmartTec resources (instance IDs, region, GPU type, runtime metrics), and support correspondence. We do not inspect customer workloads, model weights, or inference inputs/outputs.
How we use it
To provide and improve the service, bill for usage, respond to support requests, send service notifications, and meet legal obligations. We do not use customer data to train third-party models.
Cookies & analytics
Strictly necessary cookies for authentication. Optional analytics cookies only with consent (off by default). We do not sell or share behavioral data with advertisers.
Data retention
Account data is retained while your account is active and for 30 days after termination for recovery. Operational telemetry is retained for 90 days, then aggregated and anonymized. Backups destroyed within 30 days of termination.
Your rights (GDPR / CCPA)
Access, correction, deletion, portability, restriction of processing, objection to processing. Email privacy@smarttec.io to exercise any right. We respond within 30 days. EU/UK representative on request.
International transfers
Customer data is stored in US regions by default. For EU customers, we offer EU data residency (Frankfurt) on Enterprise plans. Standard Contractual Clauses apply for any cross-border transfer.
Subprocessors
See the Subprocessors section below. We notify customers 30 days before adding a new subprocessor that handles customer data.
Security
See Hosting & Architecture, Security Controls, and Monitoring & Validation above for the technical and organizational measures protecting your data.
Children's privacy
SmartTec is a B2B service not directed at children under 16. We do not knowingly collect data from children.
Contact our DPO
Email privacy@smarttec.io or write to SmartTec, Inc., Attn: Data Protection Officer, [Registered address — confirm before publishing], Tulsa, OK, USA.
Terms of Service.
Effective June 2026. Master terms for using SmartTec. Enterprise contracts may supersede these via order form.
1. Acceptance
By creating an account or using SmartTec, you agree to these Terms of Service. If you are entering into them on behalf of a company, you represent that you have authority to bind that company.
2. Service description
SmartTec provides on-demand and reserved access to NVIDIA and Cerebras compute running on SmartTec's grid-independent battery-backed power infrastructure. Specific features, GPU types, and SLAs are described on the Compute, Pricing, and Status pages.
3. Acceptable use
You may not use SmartTec for illegal activity, to deploy malware, to attempt unauthorized access to other customers' resources, or to violate export control laws. Cryptographic mining is permitted on dedicated bare-metal reservations only.
4. Fees & payment
Fees are billed monthly in arrears based on usage, or in advance for reservations. Payment is due net-30 for Enterprise contracts. Late payment may suspend service after 15 days written notice.
5. Intellectual property
You retain all rights to your data, models, and workloads. We retain all rights to the SmartTec platform, AURA orchestration layer, and z1power hardware designs. We may use aggregated, anonymized operational metrics to improve the service.
6. Confidentiality
Each party will protect the other's confidential information with the same care it uses for its own (no less than reasonable care). Obligations survive termination for 3 years.
7. Warranties & disclaimers
We warrant that the service will perform materially in accordance with the documentation and the SLA on /status. Except as expressly stated, the service is provided "as is" and we disclaim all other warranties to the maximum extent permitted by law.
8. Limitation of liability
Neither party's aggregate liability exceeds the fees paid by you in the 12 months preceding the claim. Neither party is liable for indirect, consequential, or punitive damages. These limits do not apply to breach of confidentiality, indemnification obligations, or gross negligence.
9. Indemnification
We will defend you against any third-party claim that the service infringes a US patent, copyright, or trademark, and pay damages awarded. You will defend us against claims arising from your data or your use of the service in violation of these terms.
10. Termination
Either party may terminate for convenience on 30 days written notice (on-demand accounts may terminate any time). Either party may terminate immediately for material breach uncured after 30 days notice. Upon termination, we will return or delete your data per the Privacy Policy.
11. Governing law & disputes
These terms are governed by the laws of the State of Oklahoma, USA, without regard to conflict of laws principles. Disputes are resolved exclusively in the state or federal courts located in Tulsa County, Oklahoma.
12. Changes to terms
We may update these terms. Material changes will be notified 30 days in advance by email to your account contact. Continued use after the effective date constitutes acceptance.
DPA.
Our Data Processing Agreement covers GDPR Article 28, UK GDPR, and the standard contractual clauses for international transfers. Available as a counter-signed PDF on request.
Questions about security?
Reach out to security@smarttec.io. We'll respond within 24 hours.
Contact us