Watch Taking a Sledgehammer to Bottlenecks 🎥 as Ruth & Steph show how AI actually fixes margins.

FAQ

Frequently asked questions

Data residency

Where is my data stored? Core persistent customer data is hosted in Azure UK regions. See Data Residency.

Can I choose a different region? GoSmarter follows a standard hosted model. Region options can be discussed as part of enterprise scoping.

Does any data leave the UK? Some supporting processing may use EU regions where required by platform capability. We do not transfer customer data outside UK/EU operating boundaries for service delivery.

Is my data subject to US law / the CLOUD Act? GoSmarter is delivered on Microsoft Azure under Microsoft’s contractual and compliance framework. Data residency and transfer controls are documented in Data Residency.

AI and document processing

Does GoSmarter use AI? Yes. AI is used for defined document-processing tasks. Non-AI algorithmic processing is also used where appropriate. See AI Security.

Is my data used to train AI models? No. Microsoft contractually commits that your data is not used to train, retrain, or improve their AI models. See Microsoft’s data privacy commitments.

What AI services does GoSmarter use? GoSmarter uses Microsoft Azure AI services appropriate to the workload. Service-level and regional details can be shared under NDA during a security review.

Does the optimisation solver use AI? No. The cutting optimisation service is a pure algorithmic solver using heuristic and genetic algorithm techniques. It makes no external AI or API calls.

Authentication and access

How do users sign in? Via GoSmarter’s Microsoft Entra External ID. Supported sign-in options include organisational and consumer identity methods.

Does GoSmarter support MFA? Yes. MFA is supported and can be enforced in line with our access control policy.

Can a user in Company A see Company B’s data? No. Every API request validates that the authenticated user’s Entra ID group claims include the target company. Requests for companies the user doesn’t belong to are rejected.

Encryption

Is data encrypted at rest? Yes. AES-256 encryption on all storage (Azure SQL with TDE, Blob Storage with SSE, Key Vault).

Is data encrypted in transit? Yes. TLS 1.2 minimum enforced on all services. HTTP connections are rejected.

Can I bring my own encryption keys? Not currently. All encryption uses platform-managed keys. Customer-managed keys (BYOK/CMK) are not available.

Infrastructure

Do you use shared or dedicated infrastructure? GoSmarter runs on managed Azure platform services with isolation controls between workloads.

Is there a public status page? Service status and incident communications are handled through customer support and account channels.

What is your uptime SLA? Availability commitments are provided contractually based on your service agreement.

Compliance

Do you have SOC 2 Type II? GoSmarter runs on Azure, which maintains SOC 2 Type II attestation for relevant platform services. Azure reports are available via the Microsoft Service Trust Portal.

Do you have ISO 27001? Azure maintains ISO 27001 certification for relevant platform services. See Certifications.

Do you conduct penetration testing? Security testing is performed as part of our security programme. High-level outcomes and evidence can be shared under NDA where appropriate.

Can I get a copy of your DPA? Yes. DPA information is available on request.

Can we get detailed architecture and control evidence? Yes. Detailed technical documentation and assurance artefacts are available under mutual NDA.

Still have questions?

Email us, contact us online, or book a compliance call to request the NDA pack.