Encryption
TLS 1.2 or higher protects data in transit, and AES-256 encryption protects data at rest.
Security
Customer data is encrypted, separated by account, and handled through controlled production systems. Workforce AI completed an independent SOC 2 Type II examination of its security controls.
Core practices
Security spans the product, infrastructure, people, vendors, and recovery process.
TLS 1.2 or higher protects data in transit, and AES-256 encryption protects data at rest.
Customer data is separated by account, with connected systems and access scoped to the configured workspace.
Administrative access follows role-based and least-privilege practices, with multifactor authentication for privileged systems.
Production systems are monitored, operational alarms are active, and incidents follow a documented response process.
Encrypted backups, retained snapshots, and recovery procedures support service continuity.
Production changes use version control, review, testing, and deployment controls across the core application repositories.
Subprocessors are inventoried and reviewed, with their purposes disclosed in the trust center.
The SOC 2 Type II examination covered the design and operating effectiveness of controls for the 2025 examination period.
Security review
Request the SOC 2 report, security assessment material, an NDA, or help completing a vendor questionnaire.