Features Modules Integrations Pricing
About Blog Roadmap Changelog 404 Page
Contact Login
Start Free Trial
Legal

Security at Worksuite

Last updated: April 9, 2026

Overview

Security is foundational at Worksuite. We follow industry best practices and undergo regular third-party audits to keep your team's data safe. This page outlines our key controls.

1. Infrastructure

Worksuite runs on Amazon Web Services in geographically isolated regions (US-East, EU-West, AP-South). All production systems are deployed inside private VPCs with no direct internet exposure. Customers can choose data residency at signup.

2. Encryption

  • In transit: TLS 1.3 with HSTS enforced on all endpoints.
  • At rest: AES-256 encryption for databases, file storage, and backups.
  • Secrets: Managed via AWS KMS with key rotation every 90 days.

3. Access Control

Internal access to production systems is granted on a least-privilege basis, requires hardware-key 2FA, and is logged. Engineers do not have direct database access — all changes go through reviewed migrations.

For your team, Worksuite supports:

  • Two-factor authentication (TOTP and WebAuthn).
  • SAML / SSO single sign-on (Enterprise plan).
  • Role-based access control with custom roles.
  • Audit logs of all sensitive actions.

4. Compliance & Certifications

  • SOC 2 Type II — annual audit by an independent firm.
  • ISO 27001 — certified information security management.
  • GDPR — full compliance for EU customers; DPA available on request.
  • HIPAA — BAA available for Enterprise customers.

5. Monitoring & Incident Response

We run 24/7 monitoring with automated alerts on anomalies. Our on-call team follows a documented incident response runbook and notifies affected customers within 24 hours of any confirmed security incident.

6. Backups & Disaster Recovery

Customer data is backed up every 4 hours with point-in-time recovery up to 35 days. Backups are encrypted and stored in a separate region. We test our disaster recovery procedure quarterly with a target RPO of 4 hours and RTO of 2 hours.

7. Vulnerability Disclosure

We welcome responsible disclosure from the security research community. If you believe you have found a vulnerability, please email security@worksuite.app with details. We commit to acknowledge within 48 hours and to keep you updated as we investigate. Eligible reports are rewarded under our bug bounty program.

8. Contact

Security questions or to request our SOC 2 / ISO 27001 reports under NDA, email security@worksuite.app.

Theme
Español العربية