SmartRent Data Security and Compliance

How we protect and secure data

SmartRent’s data security foundation is built with your privacy in mind. We only collect necessary data and provide opt-out options

Foundation

SmartRent’s data security foundation is built with your privacy in mind. We only collect the necessary data to run our platform and provide you with an easy security interaction that allows you to opt-out of information you don't want to share.

How we protect and secure data

When building our solution, we created secure methodologies that protect your information and ensure we are creating error-free and secure technologies.

  • Being transparent that we employ security researchers to review our platform and the new services that are introduced.
  • Perform third-party penetration testing on our platform website, mobile apps API and our platform core.
  • Follow a secure software development lifecycle that includes peer-review, static code analysis and quality assurance testing.
  • SmartRent is ISO 27001:2013 compliant (certification no. IS 719023).
  • SmartRent is working toward SSAE 18 SOC 2 Type II certification.
  • Utilization of strong password and 2FA.
  • Utilizing CDN/WAF to ensure availability and continuous testing of our web application and system with a vulnerability management system that tests utilizing, OWASP, CVE and zero-day security feeds.
  • Information Security Program (ISP) that evaluates, identifies and remediates risk. Our ISP program also ensures we evaluate our vendors and suppliers to ensure that we are not introducing any risk to our platform as well as keeping our highly-trained professionals up-to-date with the ever-changing cyber risk.
  • Compliant with CCPA and will continue to comply with other state privacy laws as well as international privacy laws like GDPR and applicable data service requests.
  • Layered security technologies and hardware controls to include;
    • CDN for data throttling to mitigate DOS and DDOS
    • WAF for OWASP security threats
    • IAM and role-based administrative access
    • Utilizing strongest encryption for data being sent across the internet
    • Encryption of data being stored at rest
    • Security information and event monitoring
    • Highly available environment with strong segmentation
    • System policy compliance and malware scanning

Personal Data Privacy

Keeping your data private allows us to collect only what is essential for our services to work and to validate your identity. We ensure that your data is never sold. We provide you with a privacy policy and a term of service which spells out exactly what we are doing and how we process your data. We also remove device activities from our system every 30 days. We comply with state privacy laws as well as federal and international.