Any responsible software provider will be taking every possible precaution to safeguard your data, treating your data as if it were their own. Data security cannot afford to be an afterthought, and we take our responsibilities very seriously in this regard, since your trust and both your business and ultimately our own business depends on it.
RentPro Ltd is registered with the UK Information Commissioner's Office (registration number ZA006617), and conforms to the legal obligations laid out in the Data Protection Act 1998 and the Privacy, the Electronic Communications Regulations 2003, and now the GDPR. This governs everything relating to the physical storage and security of your data, as well as how this data is used.
We consider the following areas:
- Data protection by design
- Server infrastructure
- Vulnerability scanning
We consider encryption of all data both in transit and at rest, i.e. preventing hackers from intercepting and reading data when it is being sent over the Internet, and also preventing anyone from accessing it while it is being stored over time in the database
The server itself has a Secure Sockets Layer (SSL) digital certificate installed, which is indicated by the trusted padlock in the browser address bar. This means that all data transmitted between your browser and our servers is encrypted "on the wire" while the data is in transit over the Internet.
Once data gets to our server itself, all data transfer between the various servers in our platform (e.g.load balancer, application servers database servers or file servers) are encrypted using SSL technology also.
User passwords which must be provided when logging into our system are encrypted using a one-way algorithm which means that they cannot be reversed and recovered, even by ourselves.
All sensitive data such as bank account details is also stored in a securely encrypted format within the database, so that without the appropriate decryption key and matching decryption software these details cannot be read by anyone who might manage to hack in deep enough to snoop into the database directly.
Data protection by design
A key part of the GDPR is ensuring that data security is considered right from the outset in the design stage, to ensure maximum security throughout the application.
We have custom built our application infrastructure from scratch using the many resources available on the Amazon Web Services (AWS) environment, and can take advantage of the great resilience and availability mechanisms provided by that platform.
On top of that we have built our application code, which powers the logic of the system. We have considered encryption as outlined above, and restrict access to various data and functionality depending on user roles and privileges which are configurable within the system by admin users.
We also consider the typical hacking approaches commonly adopted by individuals who may seek to gain unauthorised access to servers with ill intent, and conduct vulnerability scanning to validate our countermeasures for these types of intrusion.
RentPro’s servers are located within Amazon Web Service’s secure European data centre in Dublin, which are extremely well protected both physically and digitally.
After Brexit, this will present the situation for UK-based companies where data will be stored in the EU while they are located outside the EU. From a data protection perspective this does not cause an immediate conflict so long as we have established that adequate processes and safeguards are in place to ensure that data is treated to the same standards as required within the UK, which we have done.
We conduct regular vulnerability scanning within our development workflows, and we also employ the services of a well regarded cybersecurity company to perform penetration testing on the live system to find any weak points which may be exploited by hackers.
With the even more stringent standards being demanded now with GDPR, this is an area we plan on devoting increased resources towards in the near future to bolster our confidence in our system security, and your confidence in turn.