Workleap Officevibe has been SOC2 compliant since December 2022. Our latest SOC2 certification was received in March 2024.

The Service Organization Control (SOC) 2 Type II audit ensures a high standard of accountability regarding how a company or product handles sensitive information and data.

Our security program is aligned with ISO 27001

We have reviewed our security policies to ensure compliance with GDPR requirements. Our sub-processors who have access to personal data are certified ISO 27001, and we hold Standard Contractual Clauses with them.

Dedicated teams for application and operational security with the full support of upper management.

We conduct regular scans for vulnerabilities and review them. In addition, we have a private bug bounty program with HackerOne for continuous intrusion testing.

Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest.

Only a select few senior production support staff have access to customer data. MFA and VPN are required for access. Production data, including feedback content, group names, company names, etc., never leaves the production environment without being fully anonymized.

Our Security Incident Response Team is well-prepared to handle any incident. Our clients are notified within 48 hours in the event of a breach or compromise of Officevibe’s security program, resulting in a real risk of significant harm to individuals.

Single Sign-On options, including SAML 2.0, are available. Passwords are hashed using PBKDF2 and are salted with unique salts. Logging and auditing are meticulous and monitored.

All employees undergo a background check and have required security training and awareness.

For more security info. and resources, see Workleap's Trust Center.