Encryption
Workplace.io uses industry-standard encryption to protect data in transit and at rest, and limits retention of
message content by design. This page summarizes our encryption approach at a level suitable for customer review.
Last updated: December 16, 2025
At a glance
- In transit: TLS is used for communication between clients, providers, and Workplace.io services.
- At rest: stored data is protected with encryption at rest in our hosting environments.
- Short-lived content: message content is processed briefly for analysis and then removed; derived metadata is retained.
- Secrets: integration credentials are protected and access-restricted to the services that require them.
Scope
This page covers encryption protections for Workplace.io application traffic, stored data, and integration credentials.
It does not list internal model details, training data, or proprietary signal taxonomy.
Encryption in transit
Workplace.io uses TLS to protect data transmitted between end-user browsers and our application, between our application
and third-party providers (for example Slack or Microsoft), and between internal services involved in processing.
- Browser to application: TLS for all authenticated and unauthenticated pages.
- Provider APIs: TLS for OAuth and API calls to connected services.
- Processing services: TLS for communication between the application layer and inference workloads.
Encryption at rest
Workplace.io stores operational data and derived analysis results in managed databases, and protects stored data using
encryption at rest in our hosting environments. Application hosting and databases run on DigitalOcean, and inference runs
on AWS using Amazon SageMaker.
- DigitalOcean: application hosting and managed database storage protected with encryption at rest.
- AWS (SageMaker): inference and processing workloads run in secured environments with encrypted storage controls.
Short-lived message content
Message content is processed for a short period to produce culture insights. After processing completes, we retain primarily
derived metadata and aggregated results used for dashboards and trends, and we remove message content from storage.
Secrets and integration credentials
When a workspace connects Slack or Microsoft Teams, Workplace.io stores credentials needed to synchronize configured data.
Access to these credentials is restricted to the services that perform synchronization and processing.
- OAuth credentials: stored only as needed to support the configured integration.
- Access restriction: limited to operational services that require the credentials.
- Revocation: disconnecting an integration stops future synchronization.
Webhook authentication
Where webhooks are used, requests are authenticated (signature verification and replay protection) and payload logging is
minimized to avoid exposing message content or credentials.
Key management
Encryption keys are managed within our hosting environments and access is restricted. We follow least-privilege practices for
administrative access and limit the number of systems and operators with access to secrets and key material.
- Least privilege: access to sensitive configuration is limited to authorized personnel and systems.
- Separation: application serving, databases, and inference workloads are logically separated.
- Change control: changes to security-sensitive configuration follow controlled operational practices.
Backups and recovery
We maintain backups and recovery procedures appropriate for a production SaaS environment. Backup protections and access are
controlled to prevent unauthorized access.
Customer responsibilities
Customers play an important role in protecting their data. Recommended practices include enforcing strong identity controls for
your users and limiting access to administrative roles.
- Use SSO where possible and enforce MFA in your identity provider.
- Limit workspace administrator permissions to trusted operators.
- Disconnect integrations that are no longer needed.