ROBOCORP RPA SECURITY MEASURES

Robocorp Platform Security

Questions?  Email [email protected]

Security documentation


In today's rapidly changing world, we believe security must be at the heart of everything. RPA is a powerful tool, but we recognise the risks it also poses to companies leveraging its numerous beneficial capabilities. Therefore, we have developed and keep improving the Robocorp's secure ecosystem to enable automation and champion modern ways of working.
This overview of our security and privacy controls but for the most up-to-date information on privacy and security policies, please refer to our [Privacy Policy](https://robocorp.com/privacy-policy), [Terms of Use](https://robocorp.com/terms-of-use) and [EULA](https://cdn.robocorp.com/legal/Robocorp-EULA-v1.0.pdf).
General Information on Security

General Information on Security

Where is Robocorp hosted?


Robocorp Cloud is hosted in Amazon Web Services (AWS) data centers. AWS maintains SOC2 and ISO 27001 compliance certifications among others and provides robust means to provide secure services to Robocorp Cloud users.

In addition to AWS, we use a number of carefully chosen third-party providers. These providers are used for operative, security and analytics purposes. For more information on privacy and our third-party providers, please refer to our Privacy Policy.

Responsible Disclosure


At the Robocorp, security is very close to our hearts. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please do the following:
  • E-mail your findings to [email protected] Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands,
  • Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data,
  • Do not reveal the problem to others until it has been resolved,
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
  • Do not conduct tests or create proof-of-concepts that violate applicable law or our Terms of Service.
What we promise:
  • We will respond to your report as soon as possible with our initial evaluation of the report and an expected resolution date,

  • If you have followed the instructions above, we will not take any legal action against you in regard to the report,

  • We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission,

  • We will keep you informed of the progress towards resolving the problem,

  • In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise)


We strive to resolve all problems as quickly as possible, and we would like to play an active role in the ultimate publication on the problem after it is resolved.

General Information on Data Protection

Does Robocorp store sensitive data?


Robocorp Cloud is an orchestrator tool for companies and software robot developers. For the sake of operations, we collect some data on users and usage of Robocorp Cloud. For more information, please refer to our Privacy Policy and our Terms of Use.
Robocorp Cloud requires something we refer to as control data in order to operate. This data includes instructions and commands sent to the workers and the packaged code for processes. For various services we may store and process also data generated by the processes, which we refer to as process data. This data is stored for the convenience of the user, such as error logs so they can be viewed within Robocorp Cloud. In addition, we provide a means for securely storing secrets and tokens in Robocorp Cloud Vault.
However, it is to be noted that it is ultimately up to the software robot developer to choose what is uploaded to Robocorp Cloud. It is good to keep in mind that sensitive tokens, such as passwords or personally identifiable information, should not be hard-coded in activity packages. It is also advisable to refrain from printing sensitive data into output logs as they could end up in Robocorp Cloud.

Who owns the data that my software robot processes?


Robocorp Cloud is used to provide orchestration service for your software robots. We may process data that is handled by your software robots to provide the service to you. If you choose to use our Robocorp Cloud Vault, work items or Run Artifacts, we offer a secure means for storing sensitive data on our servers.
Please note to keep your Robocorp Cloud credentials and API access keys private to prevent accidental exposure to any data displayed in your Robocorp Cloud account.


What kind of data is collected when I use Robocorp Cloud?


When you use Robocorp Cloud we collect some data for functional reasons, such as providing authentication and authorisation, as well product development and marketing purposes.
As any other company, we collect analytics and diagnostics data by leveraging cookies, to discover ways how to make Robocorp Cloud even better. This data may include visits on a specific website or page, and time spent on that page. We use this data to understand if we are providing you with relevant content (such as articles on our Robocorp Hub) or if there is an issue with the design of our tools.
With your consent, we also collect data that we will use for more personalised marketing. For more information about the data collection, please refer to our [Privacy Policy](https://robocorp.com/privacy-policy). In this manner we can for example deliver meaningful information and news about Robocorp suite to you.


What kind of data is collected when I use Robocorp Cloud?


Robocorp Developer Tools collect telemetry data. This data consists for example of general usage metrics and technical metrics. In addition we offer features such as error reporting.
For more detailed description, please refer to our [Privacy Policy](https://robocorp.com/privacy-policy) and [EULA](https://cdn.robocorp.com/legal/Robocorp-EULA-v1.0.pdf).


Technical measures to protect data confidentiality and integrity

Encryption


In order to protect data from unauthorized access, we encrypt data stored on our servers. We use industry standard encryption algorithms for data encryption at rest on Amazon Web Services (AWS) hosted databases and other data storages.
We enforce TLS encryption. All data sent to Robocorp Cloud, whether it is via the web interface or a worker communicating over an API, is encrypted.

Penetration testing


We conduct internal security audits regularly, and every major architectural change undergoes an internal security review. We also arrange external penetration tests for Robocorp Cloud in order to verify the effectiveness of our security controls.
In the event of a high-risk vulnerability or a threat that could potentially impact our users data confidentiality or the availability of Robocorp Cloud, we aim to fix the issues outside of our regular production update cycles and as soon as possible.

Robocorp

Ready to Get Started?

Build your first software robot in minutes