Dwellin Web Mobile Header PRIVACY 2x

security of
your data
is our top

Ensuring the privacy and security of your data is of paramount importance at Dwellin. We chose to adopt a security-by-design approach, ensuring that we comply with the best cybersecurity practices.

Dwellin is a fantastic tool for homeowners to take care of their houses, share information, and begin their journey toward a more sustainable lifestyle. We also understand that for such a technology to work, trust is required.

As a result, our dedication to you extends beyond just making homeownership easier. It's all about safeguarding your most precious asset: your personal data.

We want you to feel safe knowing that our expert security team manages all aspects of network, system, data, and application security with industry-leading technologies. With no corners cut. And no exceptions.

Here’s a quick look at the strict principles we live by in order to earn your trust and keep it. Thank you for choosing Dwellin.

Infrastructure &
Network Security

• Network ACLs

We use a microservice architecture, in which many services are loosely connected and each is responsible for only one feature or function within the application.

On a networking level, access is limited to the microservices. By default, AWS services and databases are not accessible from any location; explicit inbound rules must be implemented explicitly.

• Automated Vulnerability Scanning

In order to swiftly detect potentially vulnerable systems, we do automated black-box vulnerability assessments in our cloud environment on a regular basis and in response to infrastructure changes.

• Third-party Penetration Testing

We hire an independent third-party auditor to do a penetration test on our infrastructure and applications at least once a year.

• Web Application Firewall (WAF)

As a first layer of security in front of all customer-facing web traffic, we use a next-generation web application firewall solution in blocking mode.

• Encryption in transit

Between the Dwellin app (iOS/Android application) and the server, we use TLS encryption by default.

TLS is terminated using load balancers, which provide certificates with strong security specifications (2048-bit RSA public keys and the SHA256+RSA signature algorithm).

TLS is also supported for all email communications we have with our users.

• Encryption at rest

All user data is encrypted on the server side with AES-256. The encryption is transparent; keys are managed by our cloud infrastructure provider. We remove all metadata associated with the uploaded photos before storing them in our cloud infrastructure.

• Datacenter

We work with a top-tier third-party cloud service provider that complies with a number of legislation and privacy standards (EU General Data Protection Regulation, HIPAA, GLBA, HITECH), as well as having industry-recognized certifications (SOC, PCI, FedRAMP, ISO and more).

Product Security

• Static Code Analysis

We use tools that automatically identify code modifications against security best practices to assist our secure software development lifecycle. On a daily basis, the Architecture Team examines all code changes that have been marked as potential risks, keeps track of open issues, and engages with engineers to disseminate security-related knowledge and best practices.

• Security Reviews

All architectural blueprints are assessed by the Architecture Team to identify potential security vulnerabilities as early as possible. The Architecture Team also does threat modeling exercises in collaboration with the Engineering teams on a case-by-case basis.

As a result, the Architecture Team meets with developers and engineers on a daily basis to discuss security mindsets, best practices, and efficient technologies.

• Auditing

At the application level, we have detailed user activity recording, which includes (but is not limited to) security-related events like login, password change, home details, asset creation/deletion/modification, privacy settings, and sharing events.

• Authentication & Credential Storage

Dwellin uses one-time code-based authentication models for user logins. No passwords are generated for user accounts.