Security

Workona maintains a high standard of security across our networks, product, organization, and application. For more information, contact us at security@workona.com.


SOC for Service Organizations

SOC 2 Type II compliance

Workona has undergone a Service Organization Controls audit (SOC 2 Type II). Please contact your account manager or sales@workona.com to request Workona's most recent report.


Privacy compliance and data processing addendum

We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.

You can learn more about Workona’s commitments to user privacy here, our privacy practices in our Privacy Policy, and our compliance with the General Data Protection Regulation (“GDPR”) here.

You can sign our Data Processing Addendum by entering your information here. You will be able to download and review the DPA before signing it. In addition, you can find a current list of Workona’s data subprocessors here.

At any time, you may export data from Workona.


Network and system security

When you visit the Workona website or use one of the Workona apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.

Workona’s database service (Google Cloud Firestore) automatically encrypts all data before it is written to disk. With server-side encryption, Google manages the cryptographic keys on our behalf using the same hardened key management systems that Google uses for their own encrypted data, including strict key access controls and auditing. Each object’s data and metadata is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Workona servers are located in the United States.


Service reliability and durability

Workona utilizes industry-leading Google Cloud hosting infrastructure. Backups are performed at regular intervals. Workona maintains business continuity and disaster recovery plans. Workona implements extensive service monitoring, and our operations team is on call 24x7x365.


Product security

Within the Workona product, user permissions can be managed at the organization, team, or space level. Space permissions allow you to control who can view and/or edit the spaces that you’ve shared with them.

Workona supports SAML-based Single Sign On (SSO) and additional administration features for organizations on the Business plan — including the ability to restrict members to certain email domains and controls for external users.


Organizational and information security

Workona vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Workona maintains separate production and testing environments.


Application security

Workona commissions external penetration tests on a regular basis. If you are interested in seeing a copy of Workona's most recent Statement of Assessment (SOA), please contact your account manager or sales@workona.com.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Workona.


How to report an issue

If you believe you've discovered a security-related issue, please contact us at security@workona.com.