Semly Pro

Security & Data Protection Practices

Last updated: June 17, 2026

Overview: Semly Pro implements industry-standard security measures to protect your data. This page describes our security architecture, compliance certifications, and incident response procedures.

1. Infrastructure Security

1.1 Cloud Infrastructure

Our infrastructure is built on enterprise-grade cloud platforms with industry-leading security certifications:

1.2 Network Security

1.3 Edge Network

Static assets and serverless functions are distributed globally via Vercel Edge Network for:

2. Data Encryption

2.1 Encryption at Rest

2.2 Encryption in Transit

2.3 Key Management

3. Application Security

3.1 Authentication

3.2 Authorization and Access Control

3.3 Input Validation

3.4 Secrets Management

4. Security Monitoring

4.1 Error Tracking

4.2 Security Logs

4.3 Anomaly Detection

5. Incident Response

5.1 Security Incident Procedure

In the event of a security incident:

  1. Detection: Automated alerts or user reports trigger incident response
  2. Containment (1 hour): Isolate affected systems, revoke compromised credentials
  3. Investigation (24 hours): Determine scope, root cause, and impact
  4. Notification (72 hours): Notify affected users and supervisory authorities per GDPR Article 33
  5. Remediation (7 days): Patch vulnerabilities, restore from backups if needed
  6. Post-mortem (14 days): Document incident, update procedures, implement preventive measures

5.2 Data Breach Notification

If a data breach affects personal data, we will:

5.3 Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to security@semlypro.com. We request:

We will respond within 48 hours and provide a fix timeline. We do not currently offer a bug bounty program but will acknowledge security researchers who report issues responsibly.

6. Compliance and Certifications

6.1 Data Protection Compliance

6.2 Infrastructure Certifications

Our sub-processors maintain:

See our Sub-processors List for certification links.

6.3 Industry Standards

We follow security best practices from:

7. Operational Security

7.1 Employee Access

7.2 Development Security

7.3 Testing

8. Data Retention and Deletion

8.1 Retention Periods

See our Privacy Policy Section 7 for full retention details.

8.2 Secure Deletion

When you delete data:

9. Business Continuity

9.1 Backups

9.2 Disaster Recovery

9.3 Uptime Monitoring

10. Third-Party Security

10.1 Sub-processor Due Diligence

Before engaging a sub-processor, we verify:

10.2 Sub-processor Monitoring

11. Security Roadmap

11.1 Planned Improvements (Q3-Q4 2026)

12. Contact Security Team

Semly Pro Security Team

Vulnerability reports: security@semlypro.com

Data breaches: privacy@semlypro.com

Response time: Within 48 hours


Related legal documents:
Privacy Policy | Data Processing Agreement | Sub-processors List | Terms of Service