In today's rapidly changing world, we believe security must be at the heart of everything. RPA is a powerful tool, but we recognise the risks it also poses to companies leveraging its numerous beneficial capabilities. Therefore, we have developed and keep improving the Robocorp's secure ecosystem to enable automation and champion modern ways of working.
General Information on Security
Robocorp Cloud is hosted in Amazon Web Services (AWS) data centers. AWS maintains SOC2 and ISO 27001 compliance certifications among others and provides robust means to provide secure services to Robocorp Cloud users.
At the Robocorp, security is very close to our hearts. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.
Robocorp Cloud requires something we refer to as control data in order to operate. This data includes instructions and commands sent to the workers and the packaged code for processes. For various services we may store and process also data generated by the processes, which we refer to as process data. This data is stored for the convenience of the user, such as error logs so they can be viewed within Robocorp Cloud. In addition, we provide a means for securely storing secrets and tokens in Robocorp Cloud Vault.
However, it is to be noted that it is ultimately up to the software robot developer to choose what is uploaded to Robocorp Cloud. It is good to keep in mind that sensitive tokens, such as passwords or personally identifiable information, should not be hard-coded in activity packages. It is also advisable to refrain from printing sensitive data into output logs as they could end up in Robocorp Cloud.
Robocorp Cloud is used to provide orchestration service for your software robots. We may process data that is handled by your software robots to provide the service to you. If you choose to use our Robocorp Cloud Vault, work items or Run Artifacts, we offer a secure means for storing sensitive data on our servers.
Please note to keep your Robocorp Cloud credentials and API access keys private to prevent accidental exposure to any data displayed in your Robocorp Cloud account.
When you use Robocorp Cloud we collect some data for functional reasons, such as providing authentication and authorisation, as well product development and marketing purposes.
As any other company, we collect analytics and diagnostics data by leveraging cookies, to discover ways how to make Robocorp Cloud even better. This data may include visits on a specific website or page, and time spent on that page. We use this data to understand if we are providing you with relevant content (such as articles on our Robocorp Hub) or if there is an issue with the design of our tools.
Robocorp Developer Tools collect telemetry data. This data consists for example of general usage metrics and technical metrics. In addition we offer features such as error reporting.
In order to protect data from unauthorized access, we encrypt data stored on our servers. We use industry standard encryption algorithms for data encryption at rest on Amazon Web Services (AWS) hosted databases and other data storages.
We enforce TLS encryption. All data sent to Robocorp Cloud, whether it is via the web interface or a worker communicating over an API, is encrypted.
We conduct internal security audits regularly, and every major architectural change undergoes an internal security review. We also arrange external penetration tests for Robocorp Cloud in order to verify the effectiveness of our security controls.
In the event of a high-risk vulnerability or a threat that could potentially impact our users data confidentiality or the availability of Robocorp Cloud, we aim to fix the issues outside of our regular production update cycles and as soon as possible.
Build your first software robot in minutes