Customer data is encrypted when in-transit and at rest. All connections with Robin's services are encrypted and served through SSL/TLS 1.2+. You cannot access the service without using HTTPS. All certificates are verified on both sides with third party authorities. Data is encrypted every step of the way:
- Applications → Cloudflare
- Cloudflare → Amazon Web Services
- REST request → Robin application layer
- Robin application layer → Key Management Service → MySQL session
- API response → Applications
When at rest, customer data is encrypted using a key management system which logs all access automatically. Additionally, passwords are both hashed and salted using one-way encryption, which protect them even in the unlikely event of unauthorized database access. Application credentials are stored separate from the code base. Clients authenticate with Robin using a token system.
Each token has specific access scopes, which can be individually revoked without impacting others on the platform. We are also able to invalidate tokens across the entire platform instantly in the event of a security incident.
Servers are patched regularly to maintain a top security rating. Vulnerabilities are tracked via a combination of automated mailing lists, and critical systems are monitored in real time with Threat Stack IDS and vulnerabilities reviewed daily. Third party network vulnerability and web application penetration tests are completed on an annual basis.
Our engineering team actively contributes to security libraries, including an open source library of Microsoft's NTLM encryption used for secure Exchange authentication.
Robin syncs all calendar data with your existing system (e.g. Exchange), and you can continue to use the audit logs generated there to monitor activity between Robin and your system. Additional activity logs are available for download in our admin portal or upon request from your account manager.
System availability and status updates are also available via status.robinpowered.com and updates.robinpowered.com where you may also subscribe for automated notifications.