Overview of our security program, internal controls, and how we safeguard customer data.

A clear view of how data moves through Workplace.io, what we store, and where processing occurs.

How we encrypt data in transit and at rest, and how encryption keys are managed and protected.

How we enforce least privilege, role-based access, and administrative controls across the platform.

How we log security-relevant events and monitor systems to detect and investigate suspicious activity.

How we build and ship software securely, including reviews, testing, change control, and dependency management.

How we detect, triage, contain, remediate, and communicate security incidents.

How to report security vulnerabilities to us and what our response and remediation process looks like.

How we handle backups, disaster recovery, and continuity planning to support reliable operations.

How we design for availability and monitor service health, performance, and operational stability.

What data we collect, how it’s used, how long it’s retained, and how deletion works.

A current list of subprocessors we use, what they do, and how we evaluate and manage vendor risk.

Our DPA describing how we process customer data, security measures, and contractual privacy commitments.

How we support GDPR-aligned rights requests, customer responsibilities, and privacy-by-design practices.

How we address cross-border data transfers and provide appropriate transfer mechanisms where applicable.

How AI supports culture insights, including data minimization, safeguards, and customer controls.

How we evaluate model quality, manage changes, and maintain consistency of scoring and outputs over time.

How Workplace.io is intended to be used, and the uses we prohibit to prevent surveillance or misuse.

How insights are aggregated and protected to reduce the risk of identifying individuals from results.

Our SOC 2 readiness status, intended scope, and roadmap toward independent third-party attestation.

Our ISO 27001 alignment approach and roadmap toward an information security management system (ISMS).

A detailed security overview for customer reviews, including architecture, controls, and operational practices.

Our responses to the CSA CAIQ to support vendor security assessments and procurement reviews.

How to submit a security questionnaire and what information we provide during due diligence.

The terms that govern use of Workplace.io, including account responsibilities and acceptable use.

The terms that govern use of Workplace.io Partner Program, including account responsibilities and acceptable use.

How we collect, use, share, and protect personal data, including user rights and choices.

How we use cookies and similar technologies, and how users can manage preferences.

How to contact our Trust & Security team for reviews, questionnaires, and security inquiries.