We take data security seriously and protecting your data is a top priority.
We have spent many years working with and handling sensitive business and personal data for customers in highly complex, highly regulated industries like Insurance, Banking & Financial Services and Healthcare.
Your data belongs to you
We understand how important your and your customers' data is to you. It’s important that your infrastructure is designed to protect it. That’s why everything Roots Automation does is fully secured using our Microsoft Azure cloud-based platform. Your Digital Coworker will connect via API, VPN or site-to-site with your systems and infrastructure.
Your Digital Coworker is compliant with industry standard security and data privacy protocols. Roots Automation is SOC 2 Type 2 and ISO 27001, and we are compliant to HIPAA, CCPA, GDPR, and 23 NYCRR 500 standards to protect and use PFI, PHI, and PII.
Our infrastructure
Our services run on Microsoft’s Azure and Amazon's AWS cloud platforms. We do not run any on-premise routers, load-balancers, DNS servers, or physical servers.
Our infrastructure is spread across multiple data centers based in the United States and Europe (based on customer) to offer high availability of services and resiliency in the event of any regional outages. Our servers, applications, and data are kept secure with the latest software, code revisions and security patches, which are reviewed, tested and deployed monthly.
We have uptime of 99.9% or higher in line with our cloud providers Service Level Agreements.
Data encryption
We use end-to-end DOD level encryption. Additional protections are layered together whenever we send or retrieve data from your systems or from the Roots Cockpit, the communication is always secured through HTTPS encryption.
Next to encrypting data in transit, we also encrypt all data at rest. Our databases, as well as all stored data and documents, are encrypted from the moment we receive your data until deleted. Your login details are one-way hashed using a strong hashing algorithm. Not even our staff can see or access your passwords and keys.
Security audits
Roots Automation’s applications and infrastructure are assessed for security vulnerabilities on a regular basis by 3rd party security services performing penetration tests and access reviews. Also, our Cloud Infrastructure engineering teams monitors and use current toolsets for active risk management in daily operations.
In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability found in Roots Automation (info@rootsautomation.com).
.png){kind=logo}
