Resident Data Security and Privacy
SmartRent’s Commitment to Safeguarding Your Information
At SmartRent, we value your privacy as much as you do. We collect the information that’s essential to making our platform work for you and never sell your personal information. That's why we go above and beyond to meet the highest information security standards in the world. So you can use our platform with ultimate confidence, knowing your personal information is secure.
How SmartRent Maintains Your Privacy and Security
We keep your personal information safe using cloud-security protocols. Here’s how:
- We use the latest technologies to make sure your personal information is secure, including firewalls, security controls and encryption.
- We have strict access controls and policies in place to make sure only vetted, authorized individuals have access to your personal information.
- We constantly monitor potential threats to information security so we can quickly address them if the need arises.
Data Security Compliance
Compliance is just as important as having ironclad security for the collection, storage, and use of your personal information. SmartRent maintains certified compliance with the most widely accepted security standards in the world:
- ISO/IEC 27001 Certification: This certification establishes that we use the best information-security practices and processes for the protection of all data for users like you.
- SOC 2 Type II: SmartRent regularly completes an SSAE 18 SOC II Type II audit. We undergo this audit to receive an updated SOC 2 Type II attestation report. We do share this attestation report with customers, but only under NDA (non-distribution agreement) terms. You can request our latest SSAE 18 SOC 2 Type II attestation report. First, download the NDA.
SmartRent employs rigorous cloud-security measures that keep your personal information safe from hackers, cyber attacks, data breaches, and any other potential threats. We use a variety of technologies and policies to protect our platform:
- Cloud hosting: SmartRent utilizes Amazon Web Services (AWS); this provider has been certified for ISO 27001: 2013 and has an audit report for SSAE 18 SOC 2 Type II. Learn more about AWS compliance.
- Encryption in Transit and at Rest: All personal information is encrypted both in transit using HTTPS/TLS and at rest using AES-256-bit encryption. Our encryption practices align with industry standards and are regularly audited to ensure the highest level of security.
- Network protection: SmartRent’s network is protected through the use of AWS security services, integration with our Web Application Firewall (WAF)-protected networks and regular audits, which may monitor and/or block known malicious traffic and network attacks. SmartRent also utilizes strong password authentication and Multi-Factor Authentication (MFA) for access to its production environment.
- Dedicated security team: SmartRent’s security team is available 24/7 to respond to security alerts and events.
- Incident response: In case of critical system alerts, events are escalated to our 24/7 team members. SmartRent’s security operations members are trained on security-incident response processes, including communication channels and escalation paths.
- Secure architecture zones: SmartRent’s network security architecture consists of multiple security zones. Sensitive systems, such as database servers, are protected in our most trusted zones.
- Network vulnerability scanning: SmartRent regularly scans its network for potential vulnerabilities.
- Uptime transparency: SmartRent maintains a publicly available system-status webpage, so you can check the security and health of our website anytime, day or night.
Application security is a top priority for us from the very beginning of the software-development process, and we take the necessary steps to minimize security risks. This also helps us adhere to applicable regulatory requirements to give you (and us) peace of mind.
- Quality assurance: SmartRent’s Quality Assurance (QA) department reviews and tests our applications’ code base.
- Software Development Life Cycle (SDLC): SmartRent developers follow a Software Development Life Cycle to guide how our solutions are built, tested and forwarded to production. SmartRent has defined milestones for developers to conduct certain levels of testing—QA and static code analysis—and peer reviews to ensure our solutions meet reliable performance and security standards.
- Third-party penetration testing: SmartRent employs third-party security experts to perform penetration testing on the native mobile apps and platform infrastructure.
- Separate environments: SmartRent testing and staging environments are logically separated from the production environment.
- Responsible disclosure: SmartRent’s responsible disclosure policy gives security researchers an avenue for safely testing and notifying SmartRent of any security vulnerabilities.
Built-In Product Security Measures
When our solutions are in use by local app admins, our apps remain secure at the permission level. Our built-in product security measures give local customer admins the power to monitor and grant permissions and require identity verification for all users—which helps keep their most sensitive information and networks safe and secure.
- P2-Factor Authentication (2FA): SmartRent’s Community Manager solution offers MFA (Multi-Factor Authentication) by default for platform admins and users via our authenticator app.
- Single Sign-On (SSO): SmartRent can provide Security Assertion Markup Language (SAML), a login standard that controls access to our apps, upon request. Our SAML is integrated through Okta, the market-leading identity security cloud provider.
Secure Screening & Hiring Practices
SmartRent goes to great lengths to ensure that those who build and maintain our software products have the required skills, certifications, knowledge and/or experience they need to do the job right. Here are some of the things we do to make sure we're getting the right people for the job:
- Background checks: SmartRent performs background checks on new employees in accordance with local laws.
- Security awareness policies: SmartRent employees receive regular security training, covering topics like information security and data privacy.
Frequently Asked Questions
What personal information does SmartRent collect from me?
SmartRent collects three types of personal information from users:
- Information you or your community have provided about yourself, such as your email address and mobile number, so we can send you your registration link and access codes.
- Details you or your community have provided about your home, such as your address or the room names you’ve assigned using the SmartRent app.
- Sensor data from devices connected to your SmartRent account; this includes information about your device interactions and app usage.*
Who has access to the personal information SmartRent collects from me?
The SmartRent service is hosted through AWS data centers maintained by industry-leading service providers. These providers offer state-of-the-art physical protection for the servers that store your personal information. These service providers are also responsible for restricting physical access to our systems to authorized personnel. Learn more about AWS cloud security.
How does SmartRent use my personal information?
The personal information we collect is used to provide you with the best user experience. Device-activity data*—like when you change the thermostat temperature or lock your front door—is deleted after 30 days. And after you move out, we fully delete your device-activity data. We do not sell any of your personal information to third-party affiliates.
Does SmartRent sell my personal information?
We do not sell your personal information, period. We only use the personal information we have on file to power your SmartRent devices and provide services.
Is my device activity data visible to landlords or property owners/operators?
Your device-activity data is encrypted and not visible to your landlord or property owner/operator in the platform. All your device-activity data (changing the thermostat temperature, locking your door, allowing access to visitors or service providers) is deleted after 30 days, with a full delete of your device-activity data* upon move out.
What can I do to keep my home secure?
Here are some steps you can take to ensure access to your home via the SmartRent mobile app is secure and protected:
- Never share your phone with others.
- Ensure a passcode or biometrics (like a face scan or fingerprint) is required to log in to your smartphone and/or SmartRent mobile app.
- Never share your personal access codes.
- If you have any reason to reset your door code, you can easily do so by following the steps laid out in our How Do I Reset or Customize My Access Codes? article.