We are getting more and more requests from customers and resellers to fill out a "vendor questionnaire" to answer all sorts of product and security-related questions. While we appreciate the interest and understand the demand to have clarity, especially in the area of security, we simply cannot answer all the questions because of time and resource constraints. We are a small team and want to deliver high-quality software for a very reasonable price. Dealing with these kinds of questions, slows us down and requires us to allocate more resources; this, in turn, affects our pricing.

This article should answer most (if not all) vendor and security-related questions. If you think something is missing or should be explained in more detail, let us know.

Distribution

Since we do not sell our products directly, no funds are transferred directly to our bank account. When you purchase our products, you are actually buying them from our distributor FastSpring (or previously share-it). Many corporations need to enter the company details for their purchasing process. Usually, you need to enter our distributor's information because once you hit the "Buy now" links on our buy page, you are effectively forwarded to our distributor and purchase our products from them. License key generation, your account, invoicing, and payment is all handled by our distributor:

https://fastspring.com/company/

https://secure.shareit.com/shareit/impressum.html

Reseller

Alternatively, you can also purchase our products from a reseller. If you have a preferred reseller, contact them and ask them if they already are registered as a reseller of our products. If they are not, they can contact us here to request a reseller account.

Vendor Information

You can find all necessary information about us (the authors of Royal TS, Royal TSX, and Royal Server) here:

https://royalapps.com/team

Note that each link forwards you to the homepage of each author. There you will find all the legal information (imprint) as well.

Security

We do not offer any cloud services and do not store any data you create in Royal TS/X or Royal Server on any of our systems. All data (including passwords) you enter in Royal TS/X and Royal Server are stored in files on your systems and you have the responsibility to make sure these files cannot be accessed by anyone who does not have permission. We cannot be held responsible if you either lose or leak any information. A good comparison here is Microsoft Excel: if you store sensitive information (such as passwords) in an Excel document and this document gets into the wrong hands, Microsoft cannot be held responsible for that.


Please note that Royal TS/X will prompt the user to enable document encryption as soon as sensitive data is detected. We strongly suggest using strong passwords and evaluate the password strength to ensure that this also occurs. The evaluation of the password strength is done using the "zxcvbn" algorithm, an open-source project from dropbox. You can find more information on it here: https://github.com/dropbox/zxcvbn


Encryption

Whether or not you have password-protected your Royal TS/X documents, all sensitive data (passwords) are encrypted using the industry-standard XTS-AES encryption algorithm. All the data is encrypted on disk and in memory until it is needed.

1st and 3rd Party Components

Royal TS/X and Royal Server rely on external components. Please find a list of components below we use in Royal TS/X and Royal Server. If you have security-related questions regarding a specific component, please contact the vendor/author directly.

CompanyProduct / PluginComponents
MicrosoftRemote Desktop on WindowsRDP ActiveX Control (ships with Windows)
RebexRoyal TS, Royal TSX, and Royal Server
Secure Gateway Feature
Terminal Connection (Telnet / SSH) on Windows
File Transfer Connection
Security (Encryption)
SSH Client / Server
SSH Client and Terminal Control
FTP/SFTP/SCP
Bouncy Castle CryptoSecure Gateway Feature
Terminal Connection (Telnet / SSH) on Windows
File Transfer Connection
Private Key Files
Essential ObjectsWeb Page Connection on WindowsChromium Engine
AppleWeb Page Connection on macOS and iOS
WebKit
TightVNCVNC Connection on WindowsVNC SDK
FreeRDPRemote Desktop on macOSRDP
iTerm2Terminal Connection on macOS
Terminal Control
ChickenVNC Connection on macOSVNC Control

Note: the list above is not a complete list of components we use. These are, however, all the components that handle sensitive data (like passwords).