Dwellin is a fantastic tool for homeowners to take care of their houses, share information, and begin their journey toward a more sustainable lifestyle. We also understand that for such a technology to work, trust is required.
As a result, our dedication to you extends beyond just making homeownership easier. It's all about safeguarding your most precious asset: your personal data.
We want you to feel safe knowing that our expert security team manages all aspects of network, system, data, and application security with industry-leading technologies. With no corners cut. And no exceptions.
Here’s a quick look at the strict principles we live by in order to earn your trust and keep it. Thank you for choosing Dwellin.
We use a microservice architecture, in which many services are loosely connected and each is responsible for only one feature or function within the application.
On a networking level, access is limited to the microservices. By default, AWS services and databases are not accessible from any location; explicit inbound rules must be implemented explicitly.
In order to swiftly detect potentially vulnerable systems, we do automated black-box vulnerability assessments in our cloud environment on a regular basis and in response to infrastructure changes.
We hire an independent third-party auditor to do a penetration test on our infrastructure and applications at least once a year.
As a first layer of security in front of all customer-facing web traffic, we use a next-generation web application firewall solution in blocking mode.
Between the Dwellin app (iOS/Android application) and the server, we use TLS encryption by default.
TLS is terminated using load balancers, which provide certificates with strong security specifications (2048-bit RSA public keys and the SHA256+RSA signature algorithm).
TLS is also supported for all email communications we have with our users.
All user data is encrypted on the server side with AES-256. The encryption is transparent; keys are managed by our cloud infrastructure provider. We remove all metadata associated with the uploaded photos before storing them in our cloud infrastructure.
We work with a top-tier third-party cloud service provider that complies with a number of legislation and privacy standards (EU General Data Protection Regulation, HIPAA, GLBA, HITECH), as well as having industry-recognized certifications (SOC, PCI, FedRAMP, ISO and more).
We use tools that automatically identify code modifications against security best practices to assist our secure software development lifecycle. On a daily basis, the Architecture Team examines all code changes that have been marked as potential risks, keeps track of open issues, and engages with engineers to disseminate security-related knowledge and best practices.
All architectural blueprints are assessed by the Architecture Team to identify potential security vulnerabilities as early as possible. The Architecture Team also does threat modeling exercises in collaboration with the Engineering teams on a case-by-case basis.
As a result, the Architecture Team meets with developers and engineers on a daily basis to discuss security mindsets, best practices, and efficient technologies.
At the application level, we have detailed user activity recording, which includes (but is not limited to) security-related events like login, password change, home details, asset creation/deletion/modification, privacy settings, and sharing events.
Dwellin uses one-time code-based authentication models for user logins. No passwords are generated for user accounts.