Security measures

Passwords

OwnersRoom uses Auth0 for handling login tokens and storing passwords. In addition to being compliant with several security standards including ISO27001 and SOC 2 Type II, Auth0 additionally protects our users against brute-force attacks against passwords and notification of password breaches. You can read more about Auth0’s security here.

 

Traffic

All traffic between the client and the server is encrypted and sent over TLS.

 

Data Storage

All data in OwnersRoom is stored on Google Cloud Platform on servers located within the EU. All data is encrypted at rest using AES-256 encryption.

 

Documents

Documents uploaded to OwnersRoom are stored on Google Cloud Platform and AES-256 encrypted with a set of keys specific to that organization. The encryption keys themselves are then encrypted with another set of keys (envelope encryption) that are stored separately.