How SmartRent Maintains Your Privacy and Security

We keep your personal information safe using cloud-security protocols. Here’s how:

• We use the latest technologies to make sure your personal information is secure, including firewalls, security controls and encryption.
• We have strict access controls and policies in place to make sure only vetted, authorized individuals have access to your personal information.
• We constantly monitor potential threats to information security so we can quickly address them if the need arises.

Data Security Compliance

Compliance is just as important as having ironclad security for the collection, storage, and use of your personal information. SmartRent maintains certified compliance with the most widely accepted security standards in the world:

• ISO/IEC 27001 Certification: This certification establishes that we use the best information-security practices and processes for the protection of all data for users like you.
• SOC 2 Type II: SmartRent regularly completes an SSAE 18 SOC II Type II audit. We undergo this audit to receive an updated SOC 2 Type II attestation report. We do share this attestation report with customers, but only under NDA (non-distribution agreement) terms. You can request our latest SSAE 18 SOC 2 Type II attestation report. First, download the NDA.

Cloud Security

SmartRent employs rigorous cloud-security measures that keep your personal information safe from hackers, cyber attacks, data breaches, and any other potential threats. We use a variety of technologies and policies to protect our platform:

• Cloud hosting: SmartRent utilizes Amazon Web Services (AWS); this provider has been certified for ISO 27001: 2013 and has an audit report for SSAE 18 SOC 2 Type II. Learn more about AWS compliance.
• Encryption in Transit and at Rest: All personal information is encrypted both in transit using HTTPS/TLS and at rest using AES-256-bit encryption. Our encryption practices align with industry standards and are regularly audited to ensure the highest level of security.
• Network protection: SmartRent’s network is protected through the use of AWS security services, integration with our Web Application Firewall (WAF)-protected networks and regular audits, which may monitor and/or block known malicious traffic and network attacks. SmartRent also utilizes strong password authentication and Multi-Factor Authentication (MFA) for access to its production environment.
• Dedicated security team: SmartRent’s security team is available 24/7 to respond to security alerts and events.
  
• Incident response: In case of critical system alerts, events are escalated to our 24/7 team members. SmartRent’s security operations members are trained on security-incident response processes, including communication channels and escalation paths.
• Secure architecture zones: SmartRent’s network security architecture consists of multiple security zones. Sensitive systems, such as database servers, are protected in our most trusted zones.
• Network vulnerability scanning: SmartRent regularly scans its network for potential vulnerabilities.
• Uptime transparency: SmartRent maintains a publicly available system-status webpage, so you can check the security and health of our website anytime, day or night.

Application Security

Application security is a top priority for us from the very beginning of the software-development process, and we take the necessary steps to minimize security risks. This also helps us adhere to applicable regulatory requirements to give you (and us) peace of mind.

• Quality assurance: SmartRent’s Quality Assurance (QA) department reviews and tests our applications’ code base.
• Software Development Life Cycle (SDLC): SmartRent developers follow a Software Development Life Cycle to guide how our solutions are built, tested and forwarded to production. SmartRent has defined milestones for developers to conduct certain levels of testing—QA and static code analysis—and peer reviews to ensure our solutions meet reliable performance and security standards.
• Third-party penetration testing: SmartRent employs third-party security experts to perform penetration testing on the native mobile apps and platform infrastructure.
• Separate environments: SmartRent testing and staging environments are logically separated from the production environment.
• Responsible disclosure: SmartRent’s responsible disclosure policy gives security researchers an avenue for safely testing and notifying SmartRent of any security vulnerabilities.

Built-In Product Security Measures

When our solutions are in use by local app admins, our apps remain secure at the permission level. Our built-in product security measures give local customer admins the power to monitor and grant permissions and require identity verification for all users—which helps keep their most sensitive information and networks safe and secure.

• P2-Factor Authentication (2FA): SmartRent’s Community Manager solution offers MFA (Multi-Factor Authentication) by default for platform admins and users via our authenticator app.
• Single Sign-On (SSO): SmartRent can provide Security Assertion Markup Language (SAML), a login standard that controls access to our apps, upon request. Our SAML is integrated through Okta, the market-leading identity security cloud provider.

Secure Screening & Hiring Practices

SmartRent goes to great lengths to ensure that those who build and maintain our software products have the required skills, certifications, knowledge and/or experience they need to do the job right. Here are some of the things we do to make sure we're getting the right people for the job:

• Background checks: SmartRent performs background checks on new employees in accordance with local laws.
• Security awareness policies: SmartRent employees receive regular security training, covering topics like information security and data privacy.