We take our customers’ security very seriously, and have extensive experience serving enterprise clients with complex security requirements. This page covers key elements of our security policy. For a detailed summary, please contact support.
Roadmunk is ISO/IEC 27001:2013 and 27701:2019 Certified, the world’s leading standard for information security management. In addition to hosting information on industry leading AWS, Roadmunk has completed an independent third-party audit of its own management and data systems. This audit involved a rigorous review of our technology infrastructure and operational processes, and represents our commitment to continuously improving how we secure our customers and their data.
Roadmunk has further dedicated itself to protecting its customers and their data by successfully obtaining the ISO 27701 certificate of compliance from QAS. This international standard is a data privacy extension to ISO 27001, and it provides the framework for organizations looking to establish, implement, maintain, and continually improve a Privacy Information Management System. Roadmunk is now better equipped to adhere to privacy laws such as (but not limited to) EU's GDPR, California's CCPA, and Canada's PIPEDA.
More information on ISO/IEC 27001 is available here.
Roadmunk’s physical infrastructure is hosted and managed within Amazon’s secure data centers and leverages Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) technology. The data is physically stored on servers in the United States, EU and Australia. Backups are completed every 20 minutes and kept for a period of 30 days.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
AWS also has given special attention in the USA and EU to comply with any new or changing regulations, such as:
A full list of Amazon’s certifications is available here.
All user passwords are hashed. Hashing passwords means we don’t have access to the original passwords, nor does anyone else. So even if our database were compromised, everyone’s passwords would stay secure.
Roadmunk does not store or process payments. All payments go through our partner, Stripe, which is a leading global payments system that is PCI DSS compliant. Details about their security can be found here.
All communication between Roadmunk servers and the client browser is secured using the industry standard Transport Layer Security (TLS). Only the most relevant and secure level of TLS is accepted by Roadmunk (currently 1.2). The connection is encrypted using AES-256 CBC with SHA256 for message authentication and ECDHE RSA as the key exchange mechanism.
Roadmunk conducts annual third party penetration testings on its systems to validate and confirm that there are no technical vulnerabilities that may have been missed.