Skip to content

What our customers think

Juha Järvi
Global Head of Healthcare, Digital Workforce Services Plc

Robocorp has enabled us to deliver a highly scalable and cost-effective solution for the Healthcare areas, and we are able to achieve great benefits for our customers. Our experience with Robocorp has not only solved our immediate challenges but also enabled our developers to create more powerful and reliable solutions.

Asad Nabi
Head of Architecture, Integration & Automation

We believe that Robocorp’s Python-based automation platform provides a seamless integration pathway for AI technologies and enables organizations to leverage rapid innovation in the open-source Python and AI/ML ecosystem.

Ben Carter
Vice President of Engineering, Three Ships

Before Robocorp, our workforce was stuck collecting affiliate revenue information from over 60 sources, manually reviewing and fixing errors, and consolidating information into our data stores. Now, our employees can focus on more strategic work. Robocorp has helped improve data integrity and has become a part of our critical data pipeline.

Securing your automation

Robocorp ensures you can build your automations in a secure manner, taking into account any data privacy requirements.

Secure development and deployment

Robocorp uses best practices for user logins, encryption, and API access. And because we don’t believe in security through obscurity, we’re happy to share our encryption models.

Privacy & Compliance

Privacy compliance and data processing addendum (DPA)

We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations. The best way to ensure data privacy is the principle of least privilege: you have full control of the data within your automations. If you are processing sensitive data, we recommend you build your automations so that data does not leave your control.

You can learn more about Robocorp’s commitment to compliance with the General Data Protection Regulation (GDPR) in our GDPR documentation. Robocorp terms of use automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you are processing GDPR related data, your Robocorp Cloud admin needs to verify that in Robocorp Cloud admin panel.

SOC 2 & HIPAA Compliance

Robocorp is SOC 2 Type II and HIPAA Compliant. These certifications ensure that we are following best practices for security and data handling that were set in place by AICPA, the Office for Civil Rights (OCR), and the Department of Health and Human Services (HHS).

We take our dedication to privacy and data handling seriously. That’s why we work hard to ensure compliance with SOC2 Type II standards, HIPAA regulations, and other data handling best practices. We hope these certifications will bring peace of mind for our partners and customers alike that we are committed to providing the safest run environments and data handling practices. You can read more about SOC 2 Type II and Robocorp’s commitment to security in our post about SOC 2 Compliance.

Frequently asked questions

Authorization and access control
Run environments
Privacy of data processed by robots
Automation management and monitoring
How do robots gain access to the target systems?

Typically robots operate under a service account. It is strongly recommended to store required credentials using a dedicated secrets management system. Robocorp Vault is included in all subscription tiers. Read more here.

Alternatively, attended robots (assistants) may utilize human-in-the-loop for authentication e.g. by having the end-user log into the target system as part of the workflow. From security perspective this is great, as the robot never even needs to access the credentials.

How can the access credentials be controlled and managed by the user?

Credentials required by the robots are stored securely in a Vault. Only the users or robots in a given workspace can view the secrets stored in the Vault of that workspace.

Can I see and track what my automations have done?

Yes, Robocorp provides detailed logs on an individual process run level.

Read more here.

How can I control the read & write access of the users?

Users can be given different access rights within each workspace.

How are vault secrets stored in Robocorp Cloud?

Robocorp Vault encrypts the access credentials securely on multiple levels. Each secret is encrypted with a data key that is unique for the specific secret. The data key is further encrypted with a master key, and the encrypted secret and encrypted data key are stored in a database.

The master key is managed and protected, and it is never accessible in plaintext format by the Vault application. Secret payloads are encrypted to ensure the requested secret can be opened only by the intended recipient.

Can I use my own Vault?

Yes. Robots can be easily integrated with most secret management systems via their APIs. We routinely see also hybrid approaches where the actual secrets are stored in another vault solution and Robocorp Vault is used for storing access credentials needed by robots to access the external vault.

Can I segregate user access between different automated processes?

Yes. Workspaces in Robocorp are confined environments for both users and robots. A user with access to a given workspace, has access to all the automations in that workspace. Workspaces are a convenient way to separate e.g. functional or team access to accounting automations or HR automations. Similarly, you can use workspaces to separate between production and development environments.

How do I control the user access to Assistants?

Robocorp Cloud is a convenient way to distribute Assistant to users across your organizations. By adding an Assistant to your workspace, you can control the users who are able to download and use the Assistant from their desktop. It is convenient to maintain the code and manage access and use of the Assistants from your Robocorp account.

Read more here.

Where do my robots run?

You decide and control where your robots run.

On a dedicated machine with Robocorp Workforce Agent or Assistant installed.
In case your target systems need special configuration or Windows operating system, or you want to make sure that under no circumstances any data processed leaves the environment.

On cloud containers
In case you want a no set-up option for running your automations in a hosted cloud environment.

Read more here.

Do I need to open up any incoming firewalls rules when implementing with Robocorp?

No. All communications for Robocorp applications are outbound.

Read more here.

Your developers are in full control deciding the level of detail of the data your robots process in cloud. It is possible to process even sensitive data as a part of your automations, at an abstraction layer where no sensitive data gets send outside of your decided environment.

Does Robocorp collect sensitive data about its users?

Robocorp Control Room is an orchestrator tool for companies and software robot developers, that can be deployed as Robocorp Cloud. For the sake of operations, we collect some data on users and usage of Robocorp. For more information, please refer to our Privacy Policy and our Terms of Use.

How is data protected in Robocorp Cloud?

Any data travelling through the Internet is encrypted in transit using TLS. Furthermore, especially sensitive data such as Vault secrets have two-fold encryption and are also encrypted on the application level. This means proxies or application logs cannot view the data, even accidentally.

What data is stored in the work items processed by the Robots?

It is ultimately up to the software robot developer to choose what is uploaded to Robocorp Cloud. It is good to keep in mind that sensitive tokens, such as passwords or personally identifiable information, should not be hard-coded in robots. It is also advisable to refrain from printing sensitive data into output logs as they could end up being accidentally exposed.

Is using open source technologies secure?

Robocorp’s developer tools and resources are open source. Using open source makes it possible for you to audit the entire automation implementation, ensuring you can drill down to as detailed level as required to be assured of how your automations work.

The open source libraries listed in Robocorp Docs are curated and/or maintained by Robocorp. This means, we are continuously putting effort to making sure these libraries get bug fixes and new features. When using open source libraries as a part of your automations, you are still in control of locking in the version you are using, and when to update the code.

Does Robocorp collect sensitive data that the automations process?

Robocorp Cloud requires something we refer to as control data in order to operate. This data includes instructions and comm

ands sent to the runtime environments and the packaged code for processes. For various services we may store and process also data generated by the processes, which we refer to as process data. This data is stored for the convenience of the user, such as error logs so they can be viewed within Robocorp Cloud. In addition, we provide a means for securely storing secrets and tokens in Robocorp Cloud Vault.

How do the automations store the data they process?

Work items are units of processing. Content and definition of work item is defined by the developer. It can be for example one invoice, one customer record, or a file that needs to be uploaded to another system.

Is it possible to choose our data residency?

Yes, this is possible in our Enterprise plans.

How is Control Room hosted?

Control Room is hosted in Amazon Web Services (AWS) datacenters. AWS maintains SOC2 and ISO 27001 compliance certifications among others and provides robust means to provide secure services to Control Room users.

In addition to AWS, we use a number of carefully chosen third-party providers. These providers are used for operative, security and analytics purposes. For more information on privacy and our third-party providers, please refer to our Privacy Policy.

What kind of security measures are taken for Control Room?

We conduct internal security audits regularly, and every major architectural change undergoes a security review. We also arrange external penetration tests for Control Room in order to verify the effectiveness of our security controls.

In the event of a high-risk vulnerability or a threat that could potentially impact our users data confidentiality or the availability of Control Room, we aim to fix the issues outside of our regular production update cycles and as soon as possible.

If an external security researcher discovers a vulnerability in any of our products, our Security.txt has information on how to get in contact with us.