Security at Wokflow

The security of your personal information and data is critical to everything that we do here at Wokflow. Here are some relevant details about the safeguards we have built into our technology stack.

Compliance and Certifications
PCI-DSS
GDPR

Overview
Wokflow is PCI-DSS compliant. We are held to the same rigorous security standards as your bank.

Data At Rest / Infrastructure
Passwords are hashed using PBKDF2 and salted to make rainbow table attacks more difficult. Customer data is stored in Google Cloud Platform (GCP) which is ISO 27001, SOC2 and CSA STAR compliant. Google Cloud encrypts all data at rest by default. See a full list of certifications here

Data is never sent in plaintext. All web traffic is sent over Transport Layer Security (TLS) HSTS for privacy and security. Inter-data center communication automatically encrypted in Google Cloud and encrypted inter-service communication can remain secure even if the network is tapped or a network device is compromised.

Policies
Servers are firewalled and regularly updated with the latest security patches. All code is peer-reviewed before deployment. For access controls, we follow principles of least privilege.

Inventory/Configuration
Infrastructure is kept as code using Terraform, and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging and live environments, with no sharing of data between environments.

Failover/Disaster Recovery
All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over multiple availability zones in Google Cloud.

Monitoring/Logging
We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.Automated alerts are set up with an on-call schedule with escalations. In case an issue isn't acknowledged within 10 minutes, it's escalated to all other members of the devops team.

Security questions or issues?
If you think you may have found a security vulnerability within Wokflow, please get in touch with our security team. Read more about our Data Safety, Privacy & Security, Privacy Policy & Terms of Service.