SmartRent Data Security and Compliance
How we protect and secure data
SmartRent’s data security foundation is built with your privacy in mind. We only collect necessary data and provide opt-out options
Foundation
SmartRent’s data security foundation is built with your privacy in mind. We only collect the necessary data to run our platform and provide you with an easy security interaction that allows you to opt-out of information you don't want to share.
SmartRent's Response to Apache’s Log4j zero-day vulnerability
SmartRent was notified of Apache’s Log4j zero-day vulnerability through a security intelligence feed on Thursday, December 9, 2021.
SmartRent Response
SmartRent is proactive and vigilant in protecting customer and end-user PII, which is why SmartRent has moved quickly to complete a review and assessment of Apache's Log4j zero-day vulnerability.
Based on that review and assessment, SmartRent is not impacted by the remote code execution vulnerability related to Apache Log4j and does not require applicable patching. Therefore, at this time, there have been no compromises or successful exploits observed in SmartRent solutions.
SmartRent will continue reviewing and following any applicable future advisements/updates associated with vulnerability and update this advisory should additional information become available.
How we protect and secure data
When building our solution, we created secure methodologies that protect your information and ensure we are creating error-free and secure technologies.
- Being transparent that we employ security researchers to review our platform and the new services that are introduced.
- Perform third-party penetration testing on our platform website, mobile apps API and our platform core.
- Follow a secure software development lifecycle that includes peer-review, static code analysis and quality assurance testing.
- SmartRent is ISO 27001:2013 compliant (certification no. IS 719023).
- SmartRent is working toward SSAE 18 SOC 2 Type II certification.
- Utilization of strong password and 2FA.
- Utilizing CDN/WAF to ensure availability and continuous testing of our web application and system with a vulnerability management system that tests utilizing, OWASP, CVE and zero-day security feeds.
- Information Security Program (ISP) that evaluates, identifies and remediates risk. Our ISP program also ensures we evaluate our vendors and suppliers to ensure that we are not introducing any risk to our platform as well as keeping our highly-trained professionals up-to-date with the ever-changing cyber risk.
- Compliant with CCPA and will continue to comply with other state privacy laws as well as international privacy laws like GDPR and applicable data service requests.
- Layered security technologies and hardware controls to include;
- CDN for data throttling to mitigate DOS and DDOS
- WAF for OWASP security threats
- IAM and role-based administrative access
- Utilizing strongest encryption for data being sent across the internet
- Encryption of data being stored at rest
- Security information and event monitoring
- Highly available environment with strong segmentation
- System policy compliance and malware scanning
Personal Data Privacy
Keeping your data private allows us to collect only what is essential for our services to work and to validate your identity. We ensure that your data is never sold. We provide you with a privacy policy and a term of service which spells out exactly what we are doing and how we process your data. We also remove device activities from our system every 30 days. We comply with state privacy laws as well as federal and international.
