Security at Robocorp
In today's rapidly changing world, we believe security must be at the heart of everything.
Our commitment in security
Robotic Process Automation is a powerful way to save time, but we recognize the risks it also poses to companies leveraging its numerous beneficial capabilities.
RPA is used to automate business critical functions for many organizations. Data that is fed to a software robot can be potentially very sensitive by nature or the automated task itself could pose a significant risk if it was to be used for malicious purposes.
That’s why we’re committed to ensuring that:
- Data handled in our tools remains confidential
- The Robocorp Cloud platform can be used in a secure manner, and
- Users can leverage our robust security features to protect and manage their data
Open web application security compliance (OWASP)
Privacy compliance and data processing addendum
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
You can learn more about Robocorp’s commitment to compliance with the General Data Protection Regulation ("GDPR") in our GDPR documentation.
The terms of service applicable to Robocorp Cloud services automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you are processing GDPR related data, your Robocorp Cloud admin should verify that this is being processed through Robocorp Cloud admin panel. If you have questions about how these terms apply, please contact us at [email protected].
Network and system security
When you visit the Robocorp website or use one of the Robocorp apps, the transmission of information between your device and our servers is protected using TLS encryption.
Especially sensitive data such as Vault secrets have two-fold encryption and are also encrypted on the application level. Data is stored in AWS and encrypted at rest using industry-standard AES-GCM encryption.
Service reliability and durability
We use Amazon Web Services (AWS) as our data center provider. AWS maintains SOC2 and ISO 27001 compliance certifications among others and provides robust means to provide secure services to host Robocorp Cloud services securely.
Upon every major architectural change, we conduct a rigorous internal assessment of the solution. We also invite external consultants to conduct thorough penetration tests. If a vulnerability is discovered, we prioritize its fix above other development work and roll out a patch as soon as possible.
User access levels in Cloud can be controlled with role-based management system, which can be used to prevent unauthorized access to settings and data in organizations and workspaces.
Organizational and information security
All of our employees undergo thorough security training when they start. We enforce secure usage of services and leverage services like multi-factor authentication and encryption of assets whenever possible.
Robocorp employees regularly undergo privacy-related training. Teammates are empowered to enable encryption for assets and proactively limit access to sensitive information related to our end users.
Our security motto is to follow the principle of least privilege. We restrict both human and programmatic access to services and data.
Ongoing commitment to security
We understand that security is an ongoing commitment and despite our great efforts to secure our tools, sometimes what is required to discover a problem is to have multiple pairs of eyes looking at the same solution. That’s why we also have a responsible disclosure policy for security researchers in case they happen to find a vulnerability in our tools.