Mark the Monkey holding a shield and a Robocorp flag

Security at Robocorp

In today's rapidly changing world, we believe security must be at the heart of everything. We take security seriously, and we are steadfast in our commitment to protecting your data.

Guiding principles

Privacy

Data handled in our tools remains confidential. We adhere to data privacy best practices, including GDPR rules.

Modern standards

With our state-of-the-art encryptions, access control systems, and compliance, you can rest assured that the Robocorp platform is secure.

Configurability

Robocorp gives options on where the robots are run and the robots can operate with just metadata.

Compliance

Our products are compliant with various data privacy regulations, enabling our customers to build compliant automations.

Transparency

We’re against security through obscurity, and we are confident in discussing our product security design.

Securing your automations

Robocorp ensures you can build your automations in a secure manner, taking into account any data privacy requirements.

Robust access control

To prevent unauthorized access to settings, data and automations, Robocorp offers Role Based Access Management. In addition, isolated workspaces separate access to automations and data.

Accountability for bot actions

To ensure accountability, Robocorp offers a secure Vault to store access credentials information. And to help with monitoring, each automated process has a unique identity.

Secure RPA development

Robocorp offers the best CI/CD practices available for robot code change management. We use industry-leading encryption to protect data processed by and stored in your automations.

Detailed audit logs

Detailed audit trails are provided to stay on top of actions performed in a workspace, as well as for each individual robot, helping with maintenance and incident management.”

Secure development and deployment

Robocorp uses best practices for user logins, encryption, and API access. And because we don’t believe in security through obscurity, we’re happy to share our encryption models.

Privacy & Compliance

Privacy compliance and data processing addendum (DPA)

We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations. The best way to ensure data privacy is the principle of least privilege: you have full control of the data within your automations. If you are processing sensitive data, we recommend you build your automations so that data does not leave your control.

You can learn more about Robocorp’s commitment to compliance with the General Data Protection Regulation (GDPR) in our GDPR documentation. Robocorp terms of use automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you are processing GDPR related data, your Robocorp Cloud admin needs to verify that in Robocorp Cloud admin panel.

Frequently asked questions

Ensuring that only authorized users or robots have access to your sensitive data and automations:

How do robots gain access to the target systems?

Typically robots operate under a service account. It is strongly recommended to store required credentials using a dedicated secrets management system. Robocorp Vault is included in all subscription tiers. Read more here.

Alternatively, attended robots (assistants) may utilize human-in-the-loop for authentication e.g. by having the end-user log into the target system as part of the workflow. From security perspective this is great, as the robot never even needs to access the credentials.

How are vault secrets stored in Robocorp Cloud?

Robocorp Vault encrypts the access credentials securely on multiple levels. Each secret is encrypted with a data key that is unique for the specific secret. The data key is further encrypted with a master key, and the encrypted secret and encrypted data key are stored in a database.

The master key is managed and protected, and it is never accessible in plaintext format by the Vault application. Secret payloads are encrypted to ensure the requested secret can be opened only by the intended recipient.

How can the access credentials be controlled and managed by the user?

Credentials required by the robots are stored securely in a Vault. Only the users or robots in a given workspace can view the secrets stored in the Vault of that workspace.

Can I use my own Vault?

Yes. Robots can be easily integrated with most secret management systems via their APIs. We routinely see also hybrid approaches where the actual secrets are stored in another vault solution and Robocorp Vault is used for storing access credentials needed by robots to access the external vault.

Can I see and track what my automations have done?

Yes, Robocorp provides detailed logs on an individual process run level.

Read more here.

Can I segregate user access between different automated processes?

Yes. Workspaces in Robocorp are confined environments for both users and robots. A user with access to a given workspace, has access to all the automations in that workspace. Workspaces are a convenient way to separate e.g. functional or team access to accounting automations or HR automations. Similarly, you can use workspaces to separate between production and development environments.

How can I control the read & right access of the users?

Users can be given different access rights within each workspace.

How do I control the user access to Assistants?

Robocorp Cloud is a convenient way to distribute Assistant to users across your organizations. By adding an Assistant to your workspace, you can control the users who are able to download and use the Assistant from their desktop. It is convenient to maintain the code and manage access and use of the Assistants from your Robocorp account.

Read more here.