1. Infrastructure Security
ROME AI's services are hosted in enterprise-grade, highly available cloud infrastructures (Amazon Web Services and Google Cloud Platform). Our hosting environments utilize multi-layered, perimeter security controls, active firewalls, network isolation via Virtual Private Clouds (VPCs), and 24/7 automated intrusion detection monitoring.
2. Data Encryption
Your sensitive business, candidate, and patient data is fully encrypted at all times:
- In Transit: All web traffic, API integrations, and chat connections are forced over HTTPS utilizing TLS 1.3 encryption with top-tier cipher suites.
- At Rest: Databases, logs, and storage backups are encrypted using enterprise AES-256 cryptographic keys managed through reliable Cloud Key Management Services (KMS).
3. Access Control
We follow the Principle of Least Privilege. Only authenticated, authorized ROME AI operational engineers can access internal infrastructure systems, and all sessions require strict multi-factor authentication (MFA). We maintain comprehensive audit logs of all access attempts, database changes, and system logins.
4. Application Security & Pentesting
We build security directly into our development lifecycle (SDLC). Our engineering teams run automated static application security testing (SAST) and software composition analysis (SCA) on every code pull request. In addition, we execute independent, professional third-party penetration tests at least once a year.
5. Vulnerability Disclosure
We welcome contributions from security researchers to keep our platform secure. If you discover a vulnerability in our application or network, please report it immediately to our dedicated response inbox: security@romeai.com.