Workona maintains a high standard of security across our networks, product, organization, and application. For more information, contact us at firstname.lastname@example.org.
Workona has undergone a Service Organization Controls audit (SOC 2 Type II). Please contact your account manager or email@example.com to request Workona's most recent report.
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
You can sign our Data Processing Addendum by entering your information here. You will be able to download and review the DPA before signing it. In addition, you can find a current list of Workona’s data subprocessors here.
At any time, you may export data from Workona.
When you visit the Workona website or use one of the Workona apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.
Workona’s database service (Google Cloud Firestore) automatically encrypts all data before it is written to disk. With server-side encryption, Google manages the cryptographic keys on our behalf using the same hardened key management systems that Google uses for their own encrypted data, including strict key access controls and auditing. Each object’s data and metadata is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.
Workona servers are located in the United States.
Workona utilizes industry-leading Google Cloud hosting infrastructure. Backups are performed at regular intervals. Workona maintains business continuity and disaster recovery plans. Workona implements extensive service monitoring, and our operations team is on call 24x7x365.
Within the Workona product, user permissions can be managed at the organization, team, or workspace level. Workspace permissions allow you to control who can view and/or edit the workspaces that you’ve shared with them.
Workona supports SAML-based Single Sign On (SSO) and additional administration features for organizations on the Business plan — including the ability to restrict members to certain email domains and controls for external users.
Workona vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Workona maintains separate production and testing environments.
Workona commissions external penetration tests on a regular basis. If you are interested in seeing a copy of Workona's most recent Statement of Assessment (SOA), please contact your account manager or firstname.lastname@example.org.
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Workona.
If you believe you've discovered a security-related issue, please contact us at email@example.com.