Security and Privacy
At WOX, we treat your data with utmost care, and we are committed to keeping them secure.
At WOX, we treat your data with utmost care, and we are committed to keeping them secure.
How we manage your data at WOX
Our data is hosted by data centers with the highest level of certifications including ISO 27001 and SOC2. Physical and networking security is Protected. Learn more at Microsoft Azure Data Center Security.
Data are resident in US, but may be accessed internationally via the internet. CDN serves copies of static assets (e.g. stylesheets, photos, images) from servers across the world, but no sensitive customer data is served or cached through CDN.
All data are stored in WOX's databases, or local file systems. Backups are taken every day and stored in Microsoft Azure data center. Sensitive data such as passwords are encrypted with industry grade encryption algorithms (bCrypt) at rest.
All data are transmitted securing using TLS v1.2 and above between browsers, mobile apps or digital panels and WOX servers. Our infrastructure is 100% cloud based on Microsoft Azure data center.
At your request, we will manually remove personal identifiable information data with your account from our database. Derivative unidentifiable data (such as statistics) will not be removed. User accounts with your organization will be manually removed upon request. This including employees and visitors. It may take up to 30 days to complete the removal. Removed data and backups are retained for 30 days, after which time the data will be completely unrecoverable and unobtainable. All customer data is stored in WOX's databases, or local file systems. Please refer to Microsoft Azure data retention policy at Back up Azure Database for PostgreSQL - Azure Backup | Microsoft Docs
You can send your account email and company name to contact@woxday.com to request account removal. At your request, we will manually remove personal identifiable information data with your account from our database. Derivative unidentifiable data (such as statistics) will not be removed.
User accounts with your organization will be manually removed upon request.This including employees and visitors.It may take up to 30 days to complete the removal.Removed data and backups are retained for 30 days, after which time the data will be completely unrecoverable and unobtainable.
WOX aspires to a 99.9% uptime across services. We constantly monitor our services and send out automatic notifications should any service is interrupted. Our infrastructure is designed and operated for best reliability.
We monitor updates from the security community and vendors. When serious vulnerabilities are discovered, we follow proven and stringent procedures to update our servers immediately.
We develop and deploy new features, feature upgrades, performance enhances and bug fixes many times per week. All code is peer reviewed, thoroughly verified on integration/staging environments prior to deployment on production.
We proactively test vulnerabilities and security exposures in our code through peer code review, automated testing, manual testing, penetration tests etc.
All administrator and user access and operation logs are stored. All employees who have accesses to production data are required to use strong passwords that are not used anywhere else, and use two-factor authentication. Customer data access is screened to be limited to a small set of employees required for investigations, support and maintenance. Access to data and logs are further limited to a whitelist of IP address via VPN, and require public key encryption.
Sensitive data at rest is encrypted. Passwords are hashed and salted with one-way encryption. Application credentials are stored separate from code base.
Sensitive data at rest is encrypted. Passwords are hashed and salted with one-way encryption.
Application credentials are stored separate from code base.
Client authentication is using Json-Web-Token mechanism.
WOX does not store your payment method information. We uses Stripe, which is PCI-compliant. View Stripe's security information here. WOX does not store any data with regulatory requirements, such as HIPAA or PCI.
WOX strives for GDPR compliance and help our customers comply with GDPR obligations. Please contact us to receive more information.
We take our customers' data privacy very seriously. We will not sell any customer data without explicit consent, or contact your employees or visitors without permission. Please view our policy for a complete outline.
Our team will send alerts to you immediately if unauthorized access to your data is discovered. Security breaches are constantly monitored.
From data center to data transmission, WOX is committed to security from the ground up.
WOX uses technologies and procedures to protect your data collection, use and disclosure with utmost care.
WOX is constantly enhancing our compliance certifications, and helping customers meet compliance requirements.
All data access operations are logged for constant monitoring and quick alerts should any breaches happen.
Everything essential for a seamless and efficient shift to the Future of Work.