At Roomle, the security of your information is our top priority. We rely on industry best practices and strictly enforced operational controls to ensure the security of all electronic data you entrust us with.
The Roomle infrastructure is hosted on Google Cloud. This is one of the biggest cloud providers in the world and ensures the highest level of security, availability and performance. Our servers are located in Frankfurt, Germany, European Union. Google Cloud has various security certificates like:
- ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701
- MTCS (Singapur) Level 3
- PCI DSS
- SEC-Article 17a–4(f), CFTC-Article 1.31(c)–(d) and FINRA-Article 4511(c)
- SOC 1, SOC 2, SOC 3
Only specific Roomle employees have access to the servers. To access SSH is used.
We perform regular backups so we can restore data at any point.
The Roomle service is monitored by automated tools to identify abnormalities and to inform the responsible authorities.
All our services use HTTPS which encrypts all the data which is sent from you to Roomle. Therefore an attacker can not read your information.
Confidential data like passwords are stored encrypted and are therefore also safe if there would be a data breach.
If you sign up to a paid service your billing information (credit card number etc) are only processed by Stripe. Roomle does not store any credit card details. Stripe is one of the leading companies in the field of online payment and has very high security standards. Taken from their documentation:
“Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.”
All our developers are well trained and educated engineers who apply common best practices to deliver the highest quality code possible. We use the following techniques intensively to ensure quality:
- Test first development
- agile development based on the Scrum process framework
- peer reviews: every change is review by other developers
- acceptance criteria: we have specific acceptance criterias and the final acceptance is given by a person who understands the business impact of a given change
- manual testing: although we automated as much as possible from the testing process we still believe that there are certain kinds of problems which can only be detected by a human. Therefore we perform manual testing every second week
- Before a change is deployed to production it has to go through several QA steps. Also it has to run on our staging environment flawlessly