Security

Workona maintains a high standard of security across our networks, product, organization, and application. For more information, contact us at security@workona.com.


Network and system security

When you visit the Workona website or use one of the Workona apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption.

Workona’s database service (Google Cloud Firestore) automatically encrypts all data before it is written to disk. With server-side encryption, Google manages the cryptographic keys on our behalf using the same hardened key management systems that Google uses for their own encrypted data, including strict key access controls and auditing. Each object’s data and metadata is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Workona servers are located in the United States.


Service reliability and durability

Workona utilizes industry-leading Google Cloud hosting infrastructure. Backups are performed at regular intervals. Workona maintains business continuity and disaster recovery plans. Workona implements extensive service monitoring, and our operations team is on call 24x7x365.


Product security

Within the Workona product, user permissions can be managed at the organization, team, or workspace level. Workspace permissions allow you to control who can view and/or edit the workspaces that you’ve shared with them.

Workona supports SAML-based Single Sign On (SSO) and additional administration features for organizations on the Business plan — including the ability to restrict members to certain email domains and controls for external users.


Organizational and information security

Workona vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.

Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.

Workona maintains separate production and testing environments.


Application security

Workona commissions external penetration tests on a regular basis. If you are interested in seeing a copy of Workona's most recent Statement of Assessment (SOA), please contact your account manager or sales@workona.com.

As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Workona.


How to report an issue

If you believe you've discovered a security-related issue, please contact us at security@workona.com.