Security at Rentals United

Rentals United software is trusted by thousands of companies around the world including top world’s OTAs, Property Management Software, Property Managers and other innovative tech partners.

At Rentals United, the security and privacy of our partners’ data is a core priority. Our platform is trusted by thousands of companies worldwide, including leading OTAs, PMS providers, and property managers. We are committed to maintaining the highest standards of security across our systems, operations, and practices.

Employee Commitment to Security

We recognize that security starts with people. All Rentals United employees, contractors, and partners are required to sign Non-Disclosure Agreements (NDAs) to ensure confidentiality and data protection.

In addition to mandatory security awareness training, our staff undergoes a wide range of required training programs designed to reinforce our culture of security and compliance across the organization. We partner with Vanta to support our employee onboarding, device management, and continuous compliance efforts.

Compliance Standards

Rentals United adheres to rigorous compliance frameworks to meet enterprise-level security and privacy requirements:

  • SOC 2 Type II: Currently undergoing certification with support from Vanta. 
  • PCI DSS Level 1: Rentals United is fully PCI DSS Level 1 compliant, the highest level of certification for payment security, and audited by a world-renowned, independent audit firm. 

Data Security

Rentals United’s physical infrastructure is hosted within Amazon Web Services (AWS) secure data centers, leveraging AWS’s world-class technology and operational excellence to maintain a secure and scalable environment.

Amazon continually manages risk and undergoes independent assessments to ensure compliance with globally recognized security and privacy standards.

AWS data centers and infrastructure have been accredited under:

  • ISO 27001 
  • SOC 1, SOC 2, and SOC 3 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II) 
  • PCI DSS Level 1 

Additionally, AWS actively works to comply with evolving regulations and industry requirements, including:

  • FISMA Moderate 
  • Sarbanes-Oxley (SOX) 
  • HIPAA 
  • FEDRAMP 
  • GDPR 

To learn more, view the full list of AWS certifications and compliance programs.

Application Security

Our application is built with security by design. Rentals United operates within isolated environments hosted in AWS regions eu-west and eu-central, utilizing Virtual Private Clouds (VPCs) to enforce strict process isolation, secure communications, and granular network controls. Host-based firewalls, role-based access, and routine security reviews are part of our application lifecycle.

Encryption and Secure Transmission

We employ modern encryption practices to safeguard data:

  • Data in transit is protected using TLS 1.2 and above, aligned with industry best practices. 
  • Data at rest is encrypted using AES (Advanced Encryption Standard), ensuring strong protection for stored information. 

Vulnerability Management

We take a proactive approach to identifying and mitigating risks across our platform. Our security program includes:

  • Regular internal and external vulnerability scans 
  • Patch management and continuous monitoring 
  • Independent security assessments and audits 
  • Annual penetration testing of our entire platform and infrastructure by qualified third-party professionals 
  • Collaboration with external experts to continuously strengthen our security posture 

These measures help ensure that vulnerabilities are identified early and remediated promptly to protect our users and systems.

Bug Bounty Program

We support responsible disclosure and collaborate with the security research community through our Open Bug Bounty program. This initiative follows the ISO 29147 framework and provides a safe avenue to report vulnerabilities responsibly.

Privacy Commitment

We are fully committed to protecting your personal information. For more details on how we handle personal data, please refer to our Privacy & Cookie Policies.

GDPR Compliance

Rentals United complies with the General Data Protection Regulation (GDPR). We have implemented both technical and organizational safeguards to help clients meet their own compliance requirements.

PCI DSS Compliance

Rentals United is certified PCI DSS Level 1 compliant—the highest level of certification available in the payment industry.

We are audited as a Level 1 Service Provider, which is held to more stringent requirements than merchants. This designation means that a broader scope of our infrastructure, systems, and processes is assessed, resulting in a more rigorous and comprehensive security audit.

Our compliance is verified annually by a world-renowned independent Qualified Security Assessor (QSA), ensuring we meet all applicable controls for securely storing, processing, and transmitting payment information.

Service Reliability

Our platform is engineered for reliability and resilience, with a commitment to 99.9% uptime. You can view real-time status updates and historical uptime on our status page.

Security Features

We offer security-enhancing features to all users, including:

  • Single Sign-On (SSO) with Google and LinkedIn 
  • Multi-Factor Authentication (MFA) 
  • Strong password requirements 

These features help our customers manage access securely and reduce account compromise risks.

Responsible Disclosure Policy

We value the contributions of ethical hackers and security researchers. If you identify a potential vulnerability, please report it to security@rentalsunited.com. While we review all submissions, we respond only to reports that result in actionable security findings. For those, we commit to acknowledging the report within 7 days and aim to resolve critical issues within 10 business days.

Disclosure Guidelines

When reporting a vulnerability, please:

  • Give us adequate time to investigate and address the issue before any public disclosure. 
  • Avoid any activities that could harm users or compromise service availability. 
  • Only test against accounts and data you own or have explicit permission to use. 

Prohibited Activities

To maintain platform integrity, the following activities are strictly forbidden:

  • Denial-of-Service (DoS) attacks 
  • Spamming 
  • Social engineering or phishing attempts targeting Rentals United personnel 
  • Physical attacks or unauthorized access attempts against our infrastructure 

Engaging in any of these activities will result in the immediate deactivation of all associated credentials and may lead to further action.

This policy applies to all Rentals United applications hosted at rentalsunited.com, as well as any subdomains or services associated with the Rentals United system.

Contact

We appreciate your efforts in helping us maintain a secure and trustworthy platform. Your responsible disclosure helps protect our users and strengthens the Rentals United ecosystem.

If you have questions or feedback about this policy, contact us at security@rentalsunited.com.