Worklytics Security – Worklytics

Security

Last updated: July 1, 2016

We appreciate you trusting us with your data. It’s a responsibility we take very seriously. If you have any specific concerns beyond the scope of this page, please contact us at support@worklytics.co.

Infrastructure

Worklytics is hosted on the Google Cloud Platform, which has a comprehensive and robust security model. Read the details.

Our application runs on Google App Engine, a platform-as-a-service model, which greatly limits potential intrusion points. You aren’t depending on us to keep all our components such as kernels, web-servers, and their dependencies up-to-date with the latest security patches – you’re trusting Google.

The operation of Worklytics requires that our employees access systems that store and process Customer Data. Such access is tightly restricted to senior team members, whose activity is logged and who must use Multi-Factor Authentication.

Data

All data is encrypted before it is written to disk, following industry-standard practices.

In particular, note that we generally store only meta-data about your work – not the content of the work itself. This means, for example, that for a Google Drive file, we store data such as the title and who edited it, but not the content of the file itself. The only work we store “in its entirety”, is something like a calendar event – where there isn’t any ‘content’ beyond the title and its relations with people.

HTTPS by default. Any sensitive data you exchange with Worklytics is transmitted over SSL. Generally speaking, any data we collect from 3rd-party services on your behalf is also fetched over SSL. If you have any concern about a specific integration, please contact us.

OAuth 2. Wherever possible, we use OAuth 2.0 to access data from your integrations – it’s a widely accepted standard flow for securing authorizing 3rd-parties such as Worklytics to access your data in other SaaS tools. Generally, this means that you may revoke our access to your data from those tools at any time.

We don’t store sensitive payment information. We use Stripe, a certified PCI Level 1 Service Provider, to process payments you make through Worklytics. Read the details.

If you require any additional information on our security practices, please contact us at support@worklytics.co. We can provide Private Cloud deployments that may meet your needs.