Entrusting your data to a third-party service provider requires rigorous security measures. As a company that takes data security and privacy very seriously, we recognize that Woorise’s information security practices are important to you. We have provided some general information below to give you confidence in how we secure the data entrusted to us.
In this article
General Data Protection Regulation (GDPR)
Is by far the most demanding regulation on data protection and privacy in the world. It is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. At Woorise, all our customers’ data is processed complying with this framework, no matter which country it belongs to.
Read more about GDPR compliance.
Security monitoring and auditing
Woorise collects application, infrastructure and systems logs in a centrally managed log repository for monitoring, troubleshooting, security reviews, and analysis by authorized personnel. Strict data access controls, auditing mechanisms, and comprehensive logging are in place to monitor and track data handling activities. Woorise maintains transparent privacy policies and provides clear consent management processes, keeping customers informed about how their data is collected, used, and protected.
Data backups and disaster recovery
Woorise places a high emphasis on data backups and disaster recovery. Regular data backups are performed and stored in secure, off-site locations, protecting against data loss due to system failures, natural disasters, or cyberattacks.
Woorise has robust disaster recovery plans in place, tested regularly to ensure swift recovery in the event of an incident. Woorise employs redundant systems and failover mechanisms to minimize downtime and maintain uninterrupted service availability.
Security organization
Woorise has an information security department specifically responsible and accountable for security administration. The Security department directly manages and oversees risk assessment, development of policies, standards, and procedures, testing, and security reporting processes.
A security committee, formed by the highest-level decision and management in the Organization in matters related to information security is in place. The Security Committee assumes responsibility for ensuring compliance with the corporate security principles, to define the initiatives that in matters of security and continuity of the business are rushed in the company and to ensure the security within the company and the platform.
Infrastructure security
Woorise’s infrastructure is hosted by DigitalOcean. Our main servers are located in Amsterdam, Netherlands (Europe). They are compliant with security and privacy standards. Woorise also utilizes firewalls and intrusion detection/prevention systems (IDS/IPS) to protect its network infrastructure. Regular security patches and updates are applied to address vulnerabilities promptly, and network segmentation and isolation techniques are employed to enhance overall infrastructure security.
Woorise is a 100% worldwide remote company, so the only physical premises are DigitalOcean data centers.
All physical security measures applying to DigitalOcean premises are covered by the DigitalOcean Shared Responsibility Model.
Access control
Woorise enforces stringent access control measures to prevent unauthorized access to its platform. User authentication is a top priority, and the company employs industry best practices, including password-based login and multi-factor authentication (MFA), to verify user identities.
Role-based access control (RBAC) is implemented to ensure that users are granted appropriate permissions based on their roles and responsibilities. Additionally, Woorise employs account lockout and session management mechanisms to protect against unauthorized access attempts and safeguard user accounts.
This means employees can only access Woorise systems with an extra-secure connection. As soon as anyone leaves the company, their access is blocked.
Access to customer data by Woorise
All data collected from our customers and their respondents is classified with the highest levels of criticality. We don’t allow any provider to access respondents’ data, and only the minimum authorized Woorise employees have access to it. Every single access to the repositories of information is audited and controlled.
Woorise stores personally identifiable information (PII) from the following subjects:
- From our customers, in order to be able to provide the service, customer support and for billing (basic identification and contact data plus basic billing data; except credit card information or bank account, which is handled by a PCI DSS certified 3rd party).
- From our customer’s respondents, as we store their answers to the forms (we can’t provide which data the customers are collecting; this is open to them).
Application security
Woorise follows rigorous application security practices to ensure the integrity of its platform. The company adopts secure coding practices, adhering to guidelines such as the OWASP Top 10, to minimize the risk of common vulnerabilities.
Regular code reviews and security testing are conducted to identify and remediate any potential weaknesses. Woorise employs web application firewalls (WAFs) to monitor and filter incoming traffic, providing an additional layer of protection against potential threats such as cross-site scripting (XSS) and SQL injection attacks.
Secret authentication information management
Woorise customers can authenticate with a local password. Their credentials are stored in a third-party service authentication cloud, using salted bcrypt with a high number of rounds to protect passwords. Customers can reset their passwords or unlock their accounts using their pre-configured email addresses at any time.
Woorise provides a two-factor authentication (2FA) mechanism that can be easily enabled by the customer.