Workfolio data safety & security

DATA SAFETY

Our top priority is your data security. we would never do anything with your data that we wouldn't be proud to tell the world about.

Workfolio applications and Workfolio data is hosted on Amazon Web Services (AWS). We take advantage of all the security and privacy features AWS provides, plus our team takes additional pro-active measures to maintain a secure infrastructure and make sure there are always multiple backups for infrastructure disaster recovery purposes (though we can't offer backup in case of user-made errors on a per-account basis). For more specific details regarding how AWS keeps data secure, please refer to https://aws.amazon.com/security/.

We recommend you also review our Terms of Service and Privacy Policy.

DATA CENTER SECURITY

AWS maintains an impressive list of reports, certifications, and independent assessments to ensure complete and ongoing state-of-the-art data centre security. They have many years of experience in designing, constructing, and operating large-scale data centres, which makes them the industry standard when it comes to security.

INFRASTRUCTURE SECURITY

All Workfolio servers are run from our own virtual private clouds (VPCs), with rules that prevent unauthorized requests from entering our network.

Workfolio infrastructure is hosted in a fully redundant, secure VPN environment, with access restricted to operations support staff only. This way we can leverage complete firewall protection, private IP addresses, and other security features.

The whole system on which Workfolio runs is behind a firewall and only the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection. We have enabled the 2FA on our server systems. 

APPLICATION SECURITY

All data to and from Workfolio is sent securely over HTTPS. The initial connection is established over 2048 bit TLS, and the rest of the communication happens over 256 bit SSL. This is the standard technology for keeping an internet connection secure and prevents anyone from reading and modifying any information. Any data transferred between a user and Workfolio is impossible to read or modify.

All your sensitive data is encrypted using SHA256withRSA algorithms, which scramble data in transit, preventing hackers from reading it.

If someone was somehow able to get ahold of a backup of the database, it'd be useless, because they wouldn't have the key to decrypt your sensitive data. We don't store any of your credit card details on our server.

OPERATIONAL SECURITY

Our system is constantly monitored. We get reports in real-time so we can instantly react in case a potential issue arises. All actions taken on production consoles are logged.

We constantly monitor security, performance, and availability 24/7/365. We prioritize, resolve, and deploy discovered security issues quickly after discovery.

We never access your data in Workfolio, unless required for support reasons and with your explicit permission.

Update: Our system is prevented from DDoS attacks.