Security Posture Overview

Workbase is built on modern standards and platforms with security in mind.


All data is encrypted at rest and in-transit under the 256-bit Advanced Encryption Standard. Each encryption key is itself encrypted with a regularly rotated set of master keys.

Privileged Access

Only authorized Workbase staff are permitted access to data following the least privileged principle.

Secure Closing

All sensitive data is returned and then deleted within 30 days of a request or when an account is closed.

“Our team were able to smash our goals quicker than we did before”

Annabelle Porter,
Customer Service Officer


Last updated April 2020

Physical Security & Disaster Recovery

Workbase’s services are hosted on Google Cloud Platform and Google Firebase, which are SOC 2 and ISO27001 compliant and enforce strong physical security practices at its data centers. See policy here.

Information and Data Security

Workbase’s information security policy is reviewed with all new employees. All employees are made aware of any information security policy updates and other security-related process updates.
To report an identified security vulnerability in our services, please email us at

Accounts and Passwords

‍Employees are required to use a password manager for all internal and third-party user accounts and are encouraged to use strong, frequently changed, random, non-shared passwords
Passwords for Workbase accounts are salted and hashed using industry standard encryption before storage.