SmartRent Resident Data Security and Compliance
How we protect and secure resident data
SmartRent’s data security foundation is built with privacy in mind. We only collect necessary data and provide opt-out options
SmartRent’s data security foundation is built with privacy in mind. We only collect the necessary data to run our platform and provide an easy security interaction that allows users to opt out of information they don't want to share.
Data security is an essential part of ensuring that sensitive information is handled responsibly so we build trust with our customers through an extensive third-party SSAE 18 SOC 2 Type II audit and an ISO/IEC 27001 certification that establishes best practices and processes for the protection of customer data.
How we protect and secure data
When building our solution, we created secure methodologies that protect information and ensure we are creating error-free and secure technologies.
- Being transparent that we employ security researchers to review our platform and the new services that are introduced.
- Perform third-party penetration testing on our platform website, mobile apps API and our platform core.
- Follow a secure software development lifecycle that includes peer-review, static code analysis and quality assurance testing.
- SmartRent is ISO 27001:2013 compliant (certification no. IS 719023).
- SmartRent is an SSAE 18 SOC II Type II compliant company and we regularly undergo a series of rigorous audits to maintain our compliance status.
- Utilization of strong password and 2FA.
- Utilizing CDN/WAF to ensure availability and continuous testing of our web application and system with a vulnerability management system that tests utilizing, OWASP, CVE and zero-day security feeds.
- Information Security Program (ISP) that evaluates, identifies and remediates risk. Our ISP program also ensures we evaluate our vendors and suppliers to ensure that we are not introducing any risk to our platform as well as keeping our highly-trained professionals up-to-date with the ever-changing cyber risk.
- Compliant with CCPA and will continue to comply with other state privacy laws as well as international privacy laws like GDPR and applicable data service requests.
- Layered security technologies and hardware controls to include;
- CDN for data throttling to mitigate DOS and DDOS
- WAF for OWASP security threats
- IAM and role-based administrative access
- Utilizing strongest encryption for data being sent across the internet
- Encryption of data being stored at rest
- Security information and event monitoring
- Highly available environment with strong segmentation
- System policy compliance and malware scanning
Personal Data Privacy