Security & Privacy

We know you've entrusted us with valuable data, and we take its security very seriously. Below, we've provided a deep dive into our security practices, protocols and tooling 🔒 

security page_edited_edited_edited_edite
  • We use TLS everywhere, within the data center and out. 

  • Your data is encrypted at rest and in transit. 

  • We run 100% on the cloud using AWS (US-West) within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers. 

  • We have Amazon CloudTrail and Server side logging turned on at all times. 

  • All employees receive regular security training. 

DATA ENCRYPTION.png
Data encryption

WorqHat has you covered with industry-tested and accepted standards of encryption. WorqHat uses TLS 1.2 to encrypt network traffic between users' browsers and the WorqHat platform. WorqHat also uses AES-256 bit encryption to secure your database connection credentials and data stored at rest. Communications over the internet to our public cloud services are encrypted in transit. Our network and infrastructure have multiple layers of protection to defend our customers against denial-of-service attacks. 

SECURE AND RELIABLE.png
Secure, reliable infrastructure

WorqHat works with Amazon Web Services (AWS) data centers for hosting. AWS data centers are monitored by 24X7 security, biometric scanning, and video surveillance. We take every step to ensure your data is always safe and secure. 

DEVICE SECURITY.png

Operational and device security 

We develop and deploy infrastructure software using rigorous security practices. Our operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365. Identities, users, and services are strongly authenticated. Access to sensitive data is protected by advanced tools like phishing-resistant security keys. 

Sub-processors 

We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices. 

  • Amazon Web Services 

  • Google Cloud 

  • Segment 

  • Crashlytics 

  • Freshdesk 

  • Snowflake 

  • Stripe 

TFA 2.png

 Two Factor Authentication 

Your WorqHat account and Workspaces benefit from an additional layer of protection thanks to two-factor authentication (2FA). Others would need your login, password, and access to your second factor of authentication in order to log into your account. 

WorqHat accepts the following as a second authentication factor: 

• One-time passwords dependent on time (TOTP). WorqHat asks you for a code when you sign in when it is activated. Your one-time password authenticator (for instance, a password manager on one of your devices like Google Authenticator or Microsoft Authenticator) generates codes. 

• To log in, time-based one-time passwords (TOTP) are provided to the registered mobile number.  

If you set up a TOTP based on a mobile number, you should also set up a TOTP based on a password manager so you can still get into your account if you misplace the device.