FeaturesModulesPricingDocsContact
Sign inStart free →
HomeSecurity

Security

How we protect your data and your business

🔐

Encryption at Rest & Transit

All data encrypted with AES-256 at rest. All network communication over TLS 1.2+. Keys rotated quarterly using hardware security modules.

🏢

Multi-Tenant Isolation

Each customer's data lives in fully isolated schema partitions. Row-level security enforced at the database level. No cross-tenant data access is possible.

🔑

Authentication & MFA

JWT-based authentication with RSA-signed tokens. TOTP multi-factor authentication available on Professional and Enterprise plans. Session expiry enforced.

📋

Audit Logging

Immutable audit trails for all user actions, API calls, data access, and configuration changes. Logs retained for 12 months and tamper-evident.

🛡️

Role-Based Access Control

Granular RBAC with Owner, Admin, and User roles. Principle of least privilege enforced throughout the platform. Custom roles available on Enterprise.

🌐

Network Security

WAF protection, DDoS mitigation, IP allowlisting (Enterprise), and private networking options. All infrastructure runs on hardened Docker containers.

Infrastructure Security

Data Centers

DevTech RPA is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certified data centers. All servers run in private networks with no direct public exposure.

Vulnerability Management

We perform automated vulnerability scanning on every code push. Dependencies are audited weekly using OWASP tools. Critical vulnerabilities are patched within 24 hours.

Penetration Testing

Annual third-party penetration tests are conducted against our API and frontend. Findings are remediated before the next release cycle.

Incident Response

We maintain a documented incident response plan. Security incidents are assessed within 4 hours, contained within 24 hours, and customers are notified within 72 hours per GDPR requirements.

Backup & Recovery

Automated daily backups with 30-day retention. Point-in-time recovery available. Database backups are encrypted and stored in geographically separate locations. RTO: 4 hours, RPO: 1 hour.

AI Provider Security

When AI features are used, data is transmitted to OpenAI or Anthropic over encrypted channels. We do not store AI model responses beyond the session. AI providers are contractually prohibited from using your data for model training.

Compliance

DevTech RPA is designed with compliance in mind:

  • HIPAA — Medical Billing module supports HIPAA-compliant workflows. BAA available on request.
  • GDPR — Data subject rights supported. DPA available. EU data residency option available.
  • SOC 2 Type II — In progress (report available Q4 2026).
  • ISO 27001 — Planned certification Q2 2027.

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please email security@devtechrpa.com with details. We aim to respond within 24 hours and will coordinate a fix and disclosure timeline with you. We do not take legal action against good-faith security researchers.

Questions?

Contact our security team at security@devtechrpa.com for security assessments, compliance documentation, or to request a copy of our SOC 2 report.