Safety & Trustworthiness
At RoboResponseAI, we have designed our systems to empower businesses to expand securely and efficiently. Our personnel, processes, and offerings demonstrate our unwavering commitment to delivering safe and reliable solutions that empower you to focus on your business objectives.
Our Security Initiatives
Ensuring the safety of our Customers' data is of paramount importance at RoboResponseAI. We strive to establish a secure environment without compromising application performance or the user experience. If you wish to report a vulnerability or any security-related issue, please email us at support@roboresponseai.ai.
Protection of Data
Safeguarded Development Procedures
Our RoboResponseAI developers adhere to the security-focused development guidelines established by OWASP. All modifications or new features must undergo a comprehensive security evaluation before being implemented in our production environment. We consistently utilize vulnerability scanners, code analysis tools, and hands-on code inspection processes to ensure the security of our code.
Data Segregation
RoboResponseAI's horizontal database architecture guarantees that the primary data of our Customers is stored independently. Furthermore, any additional customer data and files are logically separated within our cloud storage to avoid potential data leaks and unauthorized access.
Your data remains exclusively yours. While using our services, it is stored on our dedicated VPCs and never shared with third parties without your explicit permission.
Data Storage and Removal
As long as you continue to use RoboResponseAI services, we retain your data. Upon account inactivity for a period of 30 days for the free plan or subscription termination, your data will be removed from our servers within 90 days.
We only keep invoicing and service-related records to meet accounting and legal obligations.
Data Encryption
All RoboResponseAI Chat connections are encrypted using the 256-bit SSL protocol. Our domains are hosted on a secure HTTPS address. Important credentials including passwords or credit card details, is encrypted with one-way hash algorithms in our database, ensuring that no one can decrypt them.
Secure Data Centers
Amazon Web Services (AWS) hosts RoboResponseAI customer data which is accredited with SOC 2 Type 2 certification. AWS boasts a comprehensive suite of reports, certifications, and third-party evaluations to ensure continuous, state-of-the-art data center security. AWS infrastructure is situated within Amazon-owned data centers globally, with a range of physical security measures in place to prevent unauthorized access. Additional information about AWS data centers and their security protocols can be found here.
Operational Security
Monitoring and Log Analysis
We gather and scrutinize logs originating from our services, internal networks, and devices to uncover any atypical activities.
Load Balancing and Scalability
Our platform utilizes load balancers and automatically scales service nodes, ensuring uninterrupted and secure access to services worldwide.
Data Protection and Restoration
We replicate customer databases across multiple availability zones, achieving near real-time redundancy. We frequently conduct customer backups using snapshots on AWS. Should a customer request data recovery within the specified retention period, we will restore their data and reasonably assure secure access. The duration of data restoration depends on the volume of data and the intricacy of the process.
Incident Handling and Mitigation
The RoboResponseAI security team implements an in-house Security Response program, instructing employees on identifying and reporting suspicious activities. This program's objectives include detecting and addressing security incidents, evaluating the incidents' scope and risk, executing appropriate countermeasures, communicating the outcomes and potential risks to all involved parties, and reducing the likelihood of such incidents happening again.
Sub-processor Assessment
We diligently select sub-processors that adhere to the highest security standards and comply with GDPR regulations.
Before integrating a new sub-processor into our platform, evaluate them thoroughly and maintain transparency with our customers related to the sub-processor's security and privacy policies.
Addressing Vulnerabilities
Our foremost responsibility is to protect customer data. We greatly value the contributions of security researchers and the broader security community in helping us ensure the safety of our systems.
If any vulnerability is reported, our team swings into action immediately and fix the same within a reasonable period of time. If it affects any of our customer’s and their data, we do have a mechanism in place to notify the customers about implications of such vulnerabilities.
Customer Security Best Practices
In addition to the security measures we provide, Customers should implement the following practices to maintain the security of their accounts:
Create a strong, distinct password incorporating a mix of capital letters, numbers, and special characters.
Activate multi-factor authentication for added security.
Regularly update browsers, mobile operating systems, and mobile applications to avoid compromising root devices.
Define suitable roles and access permissions for sharing and modifying data within the RoboResponseAI system.
Utilize IP access controls to restrict RoboResponseAI workspace access to approved networks only.
Stay alert to potential phishing and malware risks, and never disclose sensitive information to someone claiming to be a RoboResponseAI representative.
Application Safety Measures
RoboResponseAI's web application communications are secured using the highest standards of security, ensuring that no third party can access the data.
RoboResponseAI adheres to ongoing PCI compliance, meeting rigorous industry standards for handling, processing, and transmitting credit card information online.
We continuously monitor security, performance, and availability 24/7/365. Automated security testing is performed regularly, and we also engage a third-party service for penetration testing.