WorqHat
Sign up

    • Security

    Last updated: January 6, 2025

    Privacy PolicyTerms of Use

    Security Overview

    Security is foundational to WorqHat. As an enterprise operating system that handles sensitive business data, we implement comprehensive security measures to protect your information, systems, and operations. This page outlines our security practices, certifications, and commitments.

    Data Encryption

    Encryption in Transit

    • All data transmitted between your systems and WorqHat is encrypted using TLS 1.3 and above.
    • API communications are secured with industry-standard encryption protocols.
    • WebSocket connections for real-time features use secure, encrypted channels.

    Encryption at Rest

    • All data stored in our systems is encrypted at rest using AES-256 encryption.
    • Database backups are encrypted and stored in secure, access-controlled environments.
    • Encryption keys are managed using industry-standard key management systems.

    Access Control & Authentication

    • Role-Based Access Control (RBAC): Enterprise-grade access management with granular permissions for users, teams, and resources.
    • Multi-Factor Authentication (MFA): Supported for all user accounts with mandatory enforcement for enterprise plans.
    • Single Sign-On (SSO): Integration with SAML 2.0 and OAuth 2.0 for enterprise identity providers.
    • Session Management: Secure session handling with configurable timeout policies and device management.
    • API Authentication: Token-based authentication with rotation capabilities and scope-based permissions.

    Infrastructure Security

    Cloud Infrastructure

    • WorqHat operates on leading cloud infrastructure providers with enterprise-grade security certifications.
    • Infrastructure is designed with redundancy, failover capabilities, and geographic distribution for resilience.
    • Network security includes firewalls, DDoS protection, and intrusion detection systems.

    System Monitoring & Logging

    • Comprehensive audit logs track all system activities, data access, and configuration changes.
    • Real-time monitoring and alerting for security events and anomalies.
    • Log retention policies ensure compliance with regulatory requirements.

    Application Security

    • Secure Development: Code is developed following security best practices, with regular security reviews and vulnerability assessments.
    • Dependency Management: Regular updates and scanning of third-party dependencies for known vulnerabilities.
    • Input Validation: Comprehensive validation and sanitization of all user inputs to prevent injection attacks.
    • API Security: Rate limiting, request validation, and authentication on all API endpoints.
    • Event-Driven Security: Security events are processed in real-time, enabling immediate response to threats.

    Data Protection & Privacy

    • Data Residency: Options for data storage in specific geographic regions to meet compliance requirements.
    • Data Retention: Configurable retention policies with automated deletion capabilities.
    • Data Isolation: Logical and physical separation of customer data to prevent unauthorized access.
    • Backup & Recovery: Regular, encrypted backups with tested recovery procedures.
    • Right to Deletion: Ability to export and delete your data in accordance with privacy regulations.

    Compliance & Certifications

    WorqHat is committed to maintaining compliance with industry standards and regulations:

    • SOC 2 Type II: Regular audits of our security, availability, and confidentiality controls.
    • GDPR Compliance: Adherence to European data protection regulations.
    • Data Processing Agreements: Standard DPAs available for enterprise customers.
    • Industry Standards: Following ISO 27001 principles and other relevant security frameworks.

    Security Incident Response

    In the event of a security incident, WorqHat has established procedures to:

    • Immediately assess and contain the incident.
    • Notify affected customers in accordance with legal requirements.
    • Conduct thorough investigation and remediation.
    • Implement measures to prevent similar incidents.
    • Provide transparent communication throughout the process.

    Security Best Practices for Users

    While WorqHat provides robust security infrastructure, users should also follow security best practices:

    • Enable multi-factor authentication for all user accounts.
    • Use strong, unique passwords and consider password managers.
    • Regularly review and update access permissions.
    • Monitor audit logs for unusual activity.
    • Keep integration credentials secure and rotate them regularly.
    • Report any suspected security issues immediately.

    Vulnerability Reporting

    We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly:

    security@worqhat.com

    Please include detailed information about the vulnerability and steps to reproduce it. We commit to acknowledging reports within 48 hours and providing updates on our remediation progress.

    Contact Information

    For security-related questions or concerns, please contact us:

    Contact Security Team

    For general inquiries, visit our contact page.