Legal

Security

Legal Documents
Terms of ServicePrivacy PolicySecurityCookie Policy
Last updated: March 1, 2025

Our Security Commitment

Security is foundational to WorkForYourWorld — not a feature we added later. As a platform that processes sensitive workforce data for enterprise organizations, we hold ourselves to the highest standards of security engineering, operational practice, and transparency.

Infrastructure Security

  • SOC 2 Type II certified — audited annually by an independent third-party auditor
  • ISO 27001 certified — Information Security Management System in place
  • Multi-region redundancy — data replicated across geographically separated availability zones
  • Zero-trust network architecture — no implicit trust; all access verified continuously
  • 24/7 security monitoring with automated anomaly detection and incident response

Data Encryption

  • All data in transit encrypted with TLS 1.3 minimum
  • All data at rest encrypted with AES-256
  • Encryption keys managed via Hardware Security Modules (HSM)
  • Employee data processed using federated architecture — raw data never leaves your environment

Access Controls

  • Role-based access control (RBAC) enforced at every API endpoint
  • Multi-factor authentication required for all admin access
  • Principle of least privilege applied to all internal engineering access
  • All access to production systems logged and reviewed quarterly

AI Model Security

  • Transformer models trained on anonymized, aggregated data only
  • Federated learning ensures individual employee data remains within your boundary
  • Model outputs are auditable — every match includes a reasoning trace
  • Adversarial input detection on all inference endpoints

Vulnerability Disclosure

We operate a responsible disclosure program. If you discover a security vulnerability in the WorkForYourWorld platform, please report it to security@workforyourworld.tech. We commit to acknowledging reports within 24 hours and providing a remediation timeline within 48 hours. We will not pursue legal action against researchers acting in good faith.

Penetration Testing

The Platform undergoes full penetration testing by a qualified independent security firm every 6 months, with targeted tests following major releases. Results are reviewed by our security team and findings remediated within defined SLAs based on severity.

Incident Response

In the event of a confirmed data breach, we will notify affected customers within 72 hours of discovery, in accordance with GDPR Article 33 and applicable data breach notification laws. Our incident response team is on call 24/7.