Our Commitment to Security
At Workblox, security is a fundamental principle embedded in our platform's design. We're building a defense-in-depth strategy to protect your data with multiple layers of security controls, from infrastructure to application level.
We understand that you're trusting us with your business information. That's why we're implementing security measures aligned with industry standards and best practices.
Data Encryption
Encryption in Transit
Data transmitted between your devices and Workblox servers is protected using:
- TLS 1.3 encryption for all connections
- Strong cipher suites
- HSTS (HTTP Strict Transport Security) enforcement
Encryption at Rest
Your data is encrypted when stored in our databases and file systems using industry-standard encryption protocols.
End-to-End Encryption (Roadmap)
Optional end-to-end encryption for certain sensitive content is on our roadmap.
Authentication & Access Control
We're implementing multiple layers of authentication and granular access controls:
Multi-Factor Authentication (MFA)
- Support for TOTP authenticator apps
- Hardware security keys (FIDO2/WebAuthn)
- Backup codes for account recovery
- Admin-enforced MFA policies for organizations
Single Sign-On (SSO)
- SAML 2.0 support for enterprise identity providers
- Integration with major identity providers (Okta, Azure AD, Google Workspace)
- User provisioning capabilities
Role-Based Access Control (RBAC)
- Granular permissions at workspace, project, and task levels
- Custom roles with specific permission sets
- Team and group-based access management
- Guest access with limited permissions
- Audit logs for permission changes
Infrastructure Security
Workblox is built on industry-leading cloud infrastructure with security best practices:
- Hosted on reputable cloud providers
- Network isolation with firewall rules
- DDoS protection and Web Application Firewall (WAF)
- Regular vulnerability scanning and security testing
- Infrastructure as Code (IaC) with security reviews
Application Security
Our development practices prioritize security at every stage:
Secure Development Lifecycle
- Security training for all engineers
- Threat modeling for new features
- Secure code reviews
- Static and dynamic security testing
- Dependency scanning for vulnerable libraries
- Container image scanning
Input Validation & Protection
- Protection against SQL injection attacks
- Cross-Site Scripting (XSS) prevention
- Cross-Site Request Forgery (CSRF) protection
- Content Security Policy (CSP) implementation
- Rate limiting to prevent abuse
- Input sanitization and validation
Data Privacy & Compliance
We're designing Workblox to support major data protection regulations and working toward industry certifications:
Security & Compliance Roadmap
- SOC 2 readiness program (in progress)
- Designed to support GDPR requirements (EU General Data Protection Regulation)
- Designed to support CCPA requirements (California Consumer Privacy Act)
- ISO 27001-aligned controls (planned)
- Regular security assessments
Data Residency Options
- Regional hosting options as availability expands
- Compliance with applicable data protection laws
Privacy by Design
- Minimal data collection (only what's necessary)
- User consent for data processing
- Right to access, correct, and delete your data
- Data portability (export your data anytime)
- Transparent privacy practices and policies
Business Continuity & Disaster Recovery
We're implementing backup and recovery procedures to protect your data:
- Automated backups with retention policies
- Point-in-time recovery capabilities
- Tested disaster recovery procedures
- Regular backup restoration testing
Monitoring & Incident Response
Security Monitoring
- Security event monitoring
- Automated threat detection and alerting
- Regular security metrics and reporting
Incident Response
- Documented incident response procedures
- We follow applicable legal requirements and will notify customers promptly when required
- Post-incident analysis and improvements
- Transparent communication during incidents
Employee Security
Our team members are trained to protect your data:
- Security and privacy training
- Least privilege access controls
- All access is logged and audited
- Confidentiality and non-disclosure agreements
- Secure remote work policies
Third-Party Security
We carefully evaluate third-party service providers:
- Security assessments for vendors
- Data Processing Agreements (DPA) with processors
- Regular vendor security reviews
- Minimal data sharing (only when necessary)
- Contractual security requirements
Audit & Transparency
We believe in transparency and accountability:
- Audit logs for user actions
- Security event monitoring capabilities
- Regular security assessments and testing
- Transparent disclosure of security incidents
- Public security documentation
Your Responsibilities
Security is a shared responsibility. Here's how you can help protect your data:
- Use strong, unique passwords
- Enable multi-factor authentication
- Keep your devices and software updated
- Don't share login credentials
- Be cautious of phishing attempts
- Report suspicious activity immediately
- Review user access regularly
- Follow your organization's security policies
Vulnerability Disclosure Program
We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please:
- Email security@workblox.ai with details
- Allow us reasonable time to address the issue
- Avoid accessing or modifying data that doesn't belong to you
- Don't perform attacks that could harm our service or users
We appreciate security researchers who help keep Workblox secure.
Questions & Contact
For security-related questions or concerns, please contact our security team:
Email: security@workblox.ai
For urgent security incidents: security-urgent@workblox.ai
PGP key available upon request
For general privacy questions, contact: privacy@workblox.ai