Your Security,
Our Priority

Zamp security
Zamp security hero menu
Protect your business from cyberattacks with our advanced security features
Zamp security hero menu
Scale your business with confidence knowing that your data is safe and secure
Zamp security hero menu
We offer a wide range of security features to meet the needs of businesses of all sizes
Zamp security hero menu
Our security team is available 24/7 to help you protect your business from cyberattacks
Zamp security feature

SOC 2 & ISO/IEC 27001:2022 compliant

Ensuring the highest standard of protection for your data

Zamp security feature

Robust encryption techniques

Offering unparalleled security for your data

Global Security and Compliance
+
At Roma, we understand the importance of security when it comes to handling financial data. We take our responsibility to protect your data very seriously and have implemented a number of security measures to ensure that your financial information is safe. Our security perimeter is air-tight, meaning that it is very difficult for unauthorized individuals to access your data. We also have a team of security experts who are constantly monitoring our systems for any potential threats.
In addition to our security measures, we also take a proactive approach to data protection. We regularly review our security policies and procedures to make sure that they are up-to-date and effective. We also work closely with our customers to ensure that they are aware of the latest security threats and best practices. We understand that you need to be able to focus on building your business, without having to worry about the security of your financial data. That's why we take care of it for you.
Certification and Compliance
+
We maintain highest standards of security with SOC-2 compliance.
Encryption
+
Data-in-transit: All our communications at transit external or internal are done via secure and encrypted channels.
Data-at-rest: We use the Advanced Encryption Standard (AES) algorithm with a key size of 256 bits and with a unique and proper encryption key rotation policy for each customer.
Data Privacy
+
Your data is secure on our platform. All the data you’ve uploaded can only be accessed by you.
At our network layer, we use Firewall to protect your data from all possible threats. In addition, we have other solutions to detect Virus and Malware on the host systems. These include IDS (Intrusion Detection System) and IPS (Intrusion Prevention System). All new vendors, assets and activities pertaining to processing financial data are subject to a review of privacy, security and compliance.
Software Application Security
+
We follow left shift development practices, which means that we rigorously test our platform for security measures throughout the development process. By default, we use time-based authentication and a dual layer of security with multi-factor authentication (MFA) to ensure that your funds are always safe. We also collaborate with App Secure to ensure a strong application security perimeter. Finally, we perform detailed vendor risk assessments (TRAs) of all of our vendors to ensure that you are safe.
Security Issues a Proactive Priority
+
At Roma, we have a proactive security approach wherein, we are constantly committed to secure our perimeter. We perform regular audits on the entirety of our platform and ensure that any security lapses are prioritized with immediate effect. In addition to that, we have security quality check gates in our deployment pipeline which enables us to be ahead of the curve.
Incident Response
+
We have incident response policies and procedures to address service availability, integrity, security, privacy and confidentiality issues.
Data Retention and Versioning
+
Roma takes data protection seriously. All data, including databases, storage buckets, logs, and message queues, are versioned and retained. In the event of data loss, we have hourly backups that we can use to restore the data immediately. All data suites are monitored and backed up constantly. All backup jobs have monitoring in place to ensure that they are running correctly. Finally, if a customer requests to have their data removed from our platform, we remove it immediately.
Internal Policies and Education
+
We invest in continuous security training for our employees, so they can identify and mitigate threats like social engineering, phishing scams, and hackers. Our engineering and product teams, who have access to customer data, are subject to criminal history and credit background checks. All employees sign a Privacy Safeguard Agreement, which outlines their responsibilities in protecting customer data.
Responsible Disclosure
+
We encourage ethical hackers to report any security vulnerabilities they find in our systems to us through our responsible disclosure policy.
Our policy can be found here.Ethical hackers who report vulnerabilities to us in accordance with our policy will be acknowledged and rewarded.
We also welcome ethical hackers to collaborate with us to help us strengthen our security perimeter.