Security

Security is a core part of how Workbase builds and operates its products. This page summarizes the technical and organizational measures we use to protect customer data, accounts, infrastructure, and services.

Data Protection Principles

Workbase separates customer workspace data from shared product, operational, and analytics data. Access to customer data is limited to authorized personnel and systems that need access for service delivery, support, security, or legal compliance. We design systems around least privilege, auditability, and controlled data flows.

Access Controls

We use role-based access controls, account isolation, permission management, and internal access review processes. Administrative access is restricted, logged, and granted only where needed. Customers are responsible for configuring their own users, roles, integrations, and workspace permissions appropriately.

Encryption

We use encryption in transit for connections to Workbase services and encryption at rest where supported by our infrastructure providers and storage systems. Key management, rotation, and access controls are designed to reduce unauthorized access risk.

Infrastructure Security

Workbase uses reputable cloud and infrastructure providers with established security programs. We apply network controls, monitoring, logging, backups, patch management, environment separation, and deployment controls. Infrastructure architecture may evolve as the product and risk profile change.

Application Security

Our development process includes code review, dependency management, testing, secure configuration, vulnerability monitoring, and remediation workflows. We review security-sensitive changes carefully and prioritize fixes based on severity and exposure.

Monitoring And Logging

We collect operational and security logs to detect errors, abuse, unauthorized access, suspicious behavior, and service issues. Logs are protected and retained according to operational, security, and compliance needs.

Incident Response

Workbase maintains incident response processes for identifying, assessing, containing, remediating, and communicating security incidents. If a security incident affects customer data, we notify affected customers as required by applicable law and contractual obligations.

Personnel Security

Personnel with access to sensitive systems are subject to confidentiality obligations and receive access based on role. We use internal policies, onboarding, offboarding, and access review processes to reduce risk.

Subprocessors And Vendors

We assess service providers that process or host customer data and require appropriate contractual, confidentiality, and security obligations. Provider access is limited to what is needed for the services they provide.

Customer Responsibilities

Customers play an important role in security. Customers should use strong authentication, limit user permissions, review integrations, protect API keys, monitor workspace activity, keep exported data secure, and promptly report suspected security issues.

Reporting Security Issues

If you believe you found a vulnerability or security issue, contact security@workbase.com with enough detail for us to investigate. Please avoid accessing, modifying, deleting, or disclosing data that is not yours.

Changes

We may update this security overview as our systems, controls, providers, and products evolve.