Data & Security
TABLE OF CONTENTS
Governance
Rentsync’s Security and Privacy team establishes policies and controls, monitors compliance with those controls, and is working towards proving our security and compliance to third-party auditors.
Our policies are based on the following foundational principles:
- Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
- Security controls should be implemented and layered according to the principle of defense-in-depth.
- Security controls should be applied consistently across all areas of the enterprise.
- The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
Data Protection
Rentsync uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) where possible to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS for client websites, and Google for the Rentsync Platform, and are deployed via Load Balancers.
Product Security
Rentsync regularly engages with leading penetration testing organizations to periodically conduct comprehensive penetration tests. All areas of the Rentsync Platform are tested, and source code is fully available to the testers in order to maximize the effectiveness of testing.
Rentsync also utilizes several vulnerability scanning tools internally as well to continuously monitor our code and software.
- Static application security testing of code (SAST)
- Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain
- Malicious dependency scanning to prevent the introduction of malware into our software supply chain
- Dynamic analysis of running applications (DAST)
- Network vulnerability scanning multiple times daily
Enterprise Security
Endpoint Protection - All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored 24/7/365. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Security Education - Rentsync provides comprehensive security training to all employees upon onboarding and quarterly through a 3rd party training platform, KnowBe4.
Rentsync’s security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.
Responsible Disclosure
Looking to report a security concern? Please email security@rentsync.com. We’ll acknowledge your email within 1 week.
Trust Report
Learn more about Rentsync’s cybersecurity posture, and compliance by visiting our Trust Report at: https://trust.rentsync.com