Data handled in our tools remains confidential. We adhere to data privacy best practices, including GDPR rules.
With our state-of-the-art encryptions, access control systems, and compliance, you can rest assured that the Robocorp platform is secure.
Robocorp gives options on where the robots are run and the robots can operate with just metadata.
Our products are compliant with various data privacy regulations, enabling our customers to build compliant automations.
We’re against security through obscurity, and we are confident in discussing our product security design.
Robocorp's security by design approach allows Thoughtful Automation to focus on our primary goal of delivering business value through Digital Workers. Robocorp helps us mitigate attack vectors out of the box with options to adapt to any InfoSec model.
We have chosen to build on the Robocorp platform because it is extremely robust and reliable, their excellent security practices allow us to focus on building trusted automations that our clients love.
Robocorp takes security seriously and it is an evident part of their culture as a technology organization. With their platform we deploy automations with confidence and no concerns have gone unaddressed.
All our projects have security at the forefront, Robocorp and its engineering team aligns with this fact, allowing us to deliver secure automations in even the most stringent of circumstances.
Robocorp ensures you can build your automations in a secure manner, taking into account any data privacy requirements.
To prevent unauthorized access to settings, data and automations, Robocorp offers Role Based Access Management. In addition, isolated workspaces separate access to automations and data.
To ensure accountability, Robocorp offers a secure Vault to store access credentials information. And to help with monitoring, each automated process has a unique identity.
Robocorp offers the best CI/CD practices available for robot code change management. We use industry-leading encryption to protect data processed by and stored in your automations.
Detailed audit trails are provided to stay on top of actions performed in a workspace, as well as for each individual robot, helping with maintenance and incident management.”
Robocorp uses best practices for user logins, encryption, and API access. And because we don’t believe in security through obscurity, we’re happy to share our encryption models.
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations. The best way to ensure data privacy is the principle of least privilege: you have full control of the data within your automations. If you are processing sensitive data, we recommend you build your automations so that data does not leave your control.
Robocorp is SOC 2 Type II and HIPAA Compliant. These certifications ensure that we are following best practices for security and data handling that were set in place by AICPA, the Office for Civil Rights (OCR), and the Department of Health and Human Services (HHS).
We take our dedication to privacy and data handling seriously. That's why we work hard to ensure compliance with SOC2 Type II standards, HIPAA regulations, and other data handling best practices. We hope these certifications will bring peace of mind for our partners and customers alike that we are committed to providing the safest run environments and data handling practices. You can read more about SOC 2 Type II and Robocorp's commitment to security in our post about SOC 2 Compliance.
Ensuring that only authorized users or robots have access to your sensitive data and automations:
Typically robots operate under a service account. It is strongly recommended to store required credentials using a dedicated secrets management system. Robocorp Vault is included in all subscription tiers. Read more here.
Alternatively, attended robots (assistants) may utilize human-in-the-loop for authentication e.g. by having the end-user log into the target system as part of the workflow. From security perspective this is great, as the robot never even needs to access the credentials.
Robocorp Vault encrypts the access credentials securely on multiple levels. Each secret is encrypted with a data key that is unique for the specific secret. The data key is further encrypted with a master key, and the encrypted secret and encrypted data key are stored in a database.
The master key is managed and protected, and it is never accessible in plaintext format by the Vault application. Secret payloads are encrypted to ensure the requested secret can be opened only by the intended recipient.
Credentials required by the robots are stored securely in a Vault. Only the users or robots in a given workspace can view the secrets stored in the Vault of that workspace.
Yes. Robots can be easily integrated with most secret management systems via their APIs. We routinely see also hybrid approaches where the actual secrets are stored in another vault solution and Robocorp Vault is used for storing access credentials needed by robots to access the external vault.
Yes, Robocorp provides detailed logs on an individual process run level.
Read more here.
Yes. Workspaces in Robocorp are confined environments for both users and robots. A user with access to a given workspace, has access to all the automations in that workspace. Workspaces are a convenient way to separate e.g. functional or team access to accounting automations or HR automations. Similarly, you can use workspaces to separate between production and development environments.
Users can be given different access rights within each workspace.
Robocorp Cloud is a convenient way to distribute Assistant to users across your organizations. By adding an Assistant to your workspace, you can control the users who are able to download and use the Assistant from their desktop. It is convenient to maintain the code and manage access and use of the Assistants from your Robocorp account.
Read more here.