System Security and Offsite Data Backups

Rentec Direct is very diligent about ensuring the privacy of your data. A brief, non-technical description can be found in our frequently asked questions.

To view frequently asked questions, click the following link: FAQ

Here is a more technical explanation: 

• TLS (Transport Layer Security) & SSL (Secure Socket Layer): - All communication between your computer and our servers is encapsulated within a 256-bit or better encryption layer.  This is the same grade of encryption used by all major banks for internet transactions and is extremely secure.  For more details on TLS and SSL, click on the following link: Transport Layer Security
• Additional Encryption:  For sensitive data such as payment information or information classified as private or personal, we add a 2nd layer of encryption even when such data is transmitted internally between servers.  In the highly unlikely event the TLS layer was decoded, this second layer of security makes it all but impossible for the data to be reconstructed given today's technology.  This level of security extends, in many cases, well beyond the best practices encouraged by the security community.
• Security Best Practices:  Our team specializes in programming security, and takes security into major consideration with every new feature we add to the software.  All common programming vulnerabilities are addressed and re-checked by seasoned programmers, then re-checked by a 3rd party.  New code is then "sandboxed" into a private environment that then undergoes even more functionality, bug, and security testing prior to ever being deployed onto the live servers.   One example of the security embedded in Rentec Direct is transaction-level security.  This transaction-level security goes further than most software platforms and verifies the permission of the user every single step of the way, whether it be adding a transaction, editing one, or editing a tenant or property.  To be able to view or edit any data within the system, a process always runs to verify the particular user has permission.
• Storage Security: Payment, personal, and private data are all encrypted prior to storage within a database.  This is considered a best practice and is also required by the payment industry.  This means that these classifications of data are encrypted via high-grade encryption prior to being written to disk.  This prevents any physical access to the data in the event of a physical theft from within our data center.
• Manual and Automated Review of Access: All access to the system is monitored by automated means and also reviewed by human beings.  This dual-level of access review helps ensure security issues outside of our control, such as brute-force attempts, are dealt with immediately.
• Third-Party Scanning: The banking industry subscribes to a standard called PCI-DSS or Payment Card Industry Data Security Standard.  This standard is very strict and not only requires internal audits but also external verification and scanning of systems.  Rentec Direct employs the same scanning agencies used by banks and other highly sensitive data projects to routinely scan our servers, web sites, and networks to verify that we meet their standards and that no vulnerabilities exist in our systems.
• Offsite Backups: We utilize a content delivery network (CDN) from Cloudflare, which serves your data from the closest Amazon data center to you.  This is not so much a layer of "security" as a layer of safety in knowing that your data is being maintained to the highest of standards.  Even in a worst-case scenario where a meteor wiped out one of the data centers, operations are quickly restored using one of the other 165+ data center locations.
• Experience: Our staff involved in development has been doing development for web-based and internet-enabled applications since 1996.  The public "web" surfaced in 1994, which means our staff has been involved in the development of applications that must remain secure on the internet for almost the entire lifespan of the public internet. Our in-house experience leads to a more secure, faster, and more usable product.

Creating a Strong Password

Between the security measures listed above and the numerous other security mechanisms we have in place, the data stored on our servers is very secure.  Because your access credentials are a layer of security in themselves and are up to you to define, please also be sure you are selecting a password that would be difficult for others to guess. 

Rentec Direct requires each user to have their own log in and password. Here's a basic guideline for what is considered a strong password.

1. Your password should be a minimum of 8 characters, and longer is even better
2. Your password should contain lower and upper-case letters along with one special character or number. If you can mix all 4 character types into your password, that is even better
3. Your password should be easy for you to remember, but hard for others to guess
4. Your password should be stored securely.  In the best case, it should be only in your head if you can remember it, or written down and locked up if you cannot remember it.  Never store your password in plain-text on your computer
5. Your password should not be the same as your email service password