Security at Werbot

Last updated: 20/09/2022

How Werbot uses the best security practices to protect our customers.

Overview

At Werbot, customer trust is one of our top priorities.
That‘s why we maintain the highest standards of data security and privacy. We understand that it is important for you to keep your data and your employee data secure. It is our promise. Werbot implements the security testing and reviews, designed to be GDPR compliant, and encrypts your data.

Facilities and Cloud Infrastructure

Werbot is hosted and delivered by Amazon Web Services (AWS), DigitalOcean (DO) and Hetzner (HZ). Amazon is responsible for the security of its actual data centers and the AWS cloud. Werbot is responsible for monitoring, managing, and securing the Werbot cloud.
AWS, DO and HZ manages the data centers that host the Werbot cloud. For more information about security at those AWS data centers, DO data centers and HZ data centers.
Werbot Cloud data is hosted in the EU Central region (Frankfurt, Helsinki).

Certification

Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations and manages many compliance programs 24/7 to comply with laws and regulations. A list of such certifications and compliance statements for AWS data centers, DO data centers and HZ data centers.
AWS has SOC 1, SOC 2, and a public SOC 3 report on Security, Availability & Confidentiality (pdf).
DO has SOC 1, SOC 2, and a public SOC 3 report on Security, Availability & Confidentiality (pdf's).
HZ has ISO/IEC 27001 information security, certifies (pdf's).
Werbot is GDPR compliant. Organizations in the European Union (EU) or who employ EU-based individuals can be sure that Werbot protects their personal information securely in compliance with the EU laws.

People and Access

Within Werbot, only a few trusted members of our team have access to the production environment to maintain our cloud services and assist our customers. Additionally, we monitor all access to the Werbot cloud. Werbot implements a variety of data security and vulnerability checks to ensure secure software development.
Customers are responsible for maintaining the security of their own login information.

Data Encryption and Storage

In the Werbot cloud, data at rest is encrypted following the best industry standards - 256-bit encryption via native AWS, DO and HZ capabilities. Additionally, all data-in-transit and communications with the Werbot cloud are protected with HTTPS using TLS 1.2 and within the cloud with VPN network connections.

Data Retention

Your data is retained indefinitely while you are our customer. In case you leave our service, all data will be removed upon the customer request or within one year of inactivity. If you want to remove your data, please contact us at [email protected].

Incident Response

Breaches will be communicated within 48 hours, and any vulnerabilities are fixed as soon as possible.

Backups

Customer data is backed up once a day, once per week and once per month and is encrypted following industry standards.

Security Tests

Werbot cloud services are tested regularly by our security team. If findings occur, they will be solved immediately.

Disaster Recovery

Werbot‘s cloud team has a disaster recovery process in place, and it is tested on a regular basis.

Privacy

Werbot understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant with privacy laws and regulations. For more information, please see our Privacy Policy.

Responsible Disclosure Policy

If you believe you have found a potential security vulnerability on Werbot, please let us know right away by emailing [email protected]. We will investigate all reports and do our best to fix valid issues quickly.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of the disclosure.
Make a reasonable faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Werbot service. Please only interact with servers you own or for which you have explicit permission from the account holder.

Exclusions
1) Distributed Denial of Service (DDoS) attacks.
2) Spamming.
3) Social engineering or phishing of Werbot employees or contractors.
4) Any attacks against Werbot‘s physical property or data centers.

Thank you for helping to keep Werbot and our users safe!

Changes to the security and disclosure guidelines

We may revise these guidelines from time to time. The most current version of the guidelines will be available at https://werbot.com/legal/security/.