We take security and privacy seriously, adhering to enterprise-level security standards that keep your customer data protected.
We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. See our Privacy Shield participant listing.
Please contact us at email@example.com for information on how to sign our DPA.
Roomlio is GDPR compliant. When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. See our Privacy summary page for more details about our GDPR compliance.
Security Monitoring and Patch Management
Our team is constantly monitoring security notifications from all 3rd party software libraries and if identified, we apply any relevant security patches without undue delay. Please contact us at firstname.lastname@example.org if you have any security related concerns or feedback.
All of Roomlio’s application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in.
Designed with redundancy, fault tolerance and disaster recovery at the forefront, our databases (Amazon Aurora) are distributed across three separate availability zones (data centers). All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features.
For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.
We strive for a 99.99% uptime across all our products and to support that, we host our monitoring and logging systems outside of AWS and employ a variety of tools to accurately monitor and report on any anomaly that could impact the delivery of our services.
All data is stored in AWS infrastructure, housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. It is safe to say Amazon is much better at physical security than we are capable of being, so we leave it to them.
Through the use of automated and manual analysis, as well as constant security review of 3rd party libraries, we ensure to the best of our abilities that we are delivering products that are free from security defects. All Roomlio web application communications support TLS v1.2. We enforce the same level of encryption used by many banks and financial institutions.
We do our best to ensure all customer data is encrypted in transit and at rest while stored in our databases, including user email addresses, user passwords, API keys.
Reporting Security Issues
At Roomlio, we understand that security is essential in maintaining the trust you place in us to provide products and services to you. Although our team works vigilantly to help keep customer information secure, we recognize the important role that security researchers and our user community play in helping to keep our users secure. If you are a security researcher and have discovered a security vulnerability in our website or service, we ask for your help in disclosing it to us in a responsible manner.
If you discover a vulnerability or are a customer who is concerned your account has been compromised, please notify us via our Signal number. We encourage you to encrypt sensitive information; please see below for a Signal number.
When reaching out to us, please include:
- A detailed summary of the issue, including a list of steps for how we can reproduce it.
- Correct contact information, such as an email address, by which we can reach you in case we need more information.
We believe in placing our users’ interests first. We believe that responsible disclosure involves privately notifying us of any security vulnerabilities and allowing us appropriate time to diligently address the vulnerabilities before making full disclosure to the public. For our part, while we are working on addressing the vulnerability, we will advise customers of potential risk if appropriate where it does not increase the overall risk to customers. We will do our best to notify you as soon as the vulnerability has been addressed and ask that you do not disclose it publicly or share it with others until then.
We appreciate these types of research activities, but will not tolerate any actions that put our users at risk:
- Do not attempt to access, modify, destroy, or disclose our users’ information.
- Do not attempt to deface or degrade our services.
- Do not violate applicable law.
The combined contributions of all security professionals in our community are essential to keeping us all secure. We thank everyone in the community for their efforts.
Signal Number: We encourage you to encrypt sensitive information you send to us as a part of your vulnerability disclosure. You can use our Signal number by sending a request for our Signal number to email@example.com We will respond promptly.