WorkestraDocs
PlatformSecurity & Privacy

Security & Privacy

Security features, compliance, and data protection in Workestra.

Security & Privacy

Workestra is built with security and privacy at its core. Learn about our security architecture, compliance certifications, and data protection features.

Security Overview

Workestra implements defense-in-depth security across all layers:

Multi-Tenancy

  • Complete data isolation between workspaces
  • workspace_id enforced on all database queries
  • No cross-tenant data access possible

Authentication

  • Email/password with bcrypt hashing
  • OAuth 2.0 for social login
  • TOTP-based two-factor authentication
  • Backup codes for recovery

Session Management

  • JWT tokens with short expiration
  • Refresh token rotation
  • Brute force protection (6 attempts = 15 min lockout)
  • Automatic session timeout

Encryption

DataEncryption
Data at restAES-256
Data in transitTLS 1.3
API keysAES-256-GCM
Passwordsbcrypt
Backup codesbcrypt

Row-Level Security (RLS)

Database Policies

125 RLS policies across 32 tables ensure:

  • Users only see their workspace data
  • Role-based access enforced at database level
  • Even admin queries respect policies

Policy Example

-- Users can only see their workspace contacts
CREATE POLICY contact_isolation ON contacts
  FOR ALL
  USING (workspace_id = current_setting('app.current_workspace')::uuid);

Rate Limiting

Four-tier rate limiting on critical routes:

TierRequests/Minute
Anonymous10
Standard100
Professional500
Enterprise2,000

Prevents abuse and ensures platform stability.

GDPR Compliance

Data Rights

Workestra supports GDPR data subject rights:

RightFeature
AccessData export tool
RectificationEdit any record
ErasureData deletion request
PortabilityStructured export (CSV/JSON)
ObjectionOpt-out mechanisms

Data Processing

  • Controller: Your organization
  • Processor: Workestra Inc.
  • DPA: Available for Enterprise customers
  • Data Location: EU (Frankfurt) by default

See GDPR Documentation for details.

Audit Logging

Logged Events

9 event types tracked:

EventDescription
user.loginAuthentication events
user.logoutSession termination
user.invitedTeam invitations
user.role_changedPermission changes
record.createdData creation
record.updatedData modification
record.deletedData deletion
settings.changedConfiguration changes
export.requestedData exports

Audit Log Details

Each entry includes:

  • Timestamp (UTC)
  • Actor (who performed action)
  • Action type
  • Target resource
  • IP address
  • User agent

Retention: 2 years

See Audit Log for more.

Compliance Certifications

Current Certifications

CertificationStatus
SOC 2 Type IICertified
GDPRCompliant
CCPAReady

Reports Available

  • SOC 2 reports (Enterprise customers)
  • Penetration test summaries
  • Vulnerability assessments

Contact support for compliance documentation.

Security Best Practices

For Users

  1. Enable 2FA — Strongest security improvement
  2. Use strong passwords — Unique, complex passwords
  3. Review sessions — Revoke old/unused sessions
  4. Be phishing-aware — Verify emails are from Workestra

For Admins

  1. Principle of least privilege — Minimum necessary access
  2. Regular access reviews — Quarterly permission audits
  3. Offboarding — Remove departed users promptly
  4. Monitor audit logs — Watch for unusual activity

Vulnerability Disclosure

Reporting Security Issues

If you discover a vulnerability:

  1. Email security@workestra.app
  2. Include detailed description
  3. Provide reproduction steps
  4. Allow 90 days before public disclosure

We respond to all reports within 48 hours.

Bug Bounty

Responsible disclosures may be eligible for rewards.

Infrastructure Security

Hosting

  • AWS infrastructure
  • ISO 27001 certified data centers
  • Geographic redundancy
  • DDoS protection

Backup & Recovery

  • Daily automated backups
  • 30-day retention
  • Point-in-time recovery
  • Tested restoration procedures

Monitoring

  • 24/7 security monitoring
  • Automated threat detection
  • Incident response procedures
  • Security team on-call

Next Steps

AI Insights

Proactive AI-powered recommendations and anomaly detection across your workspace.

GDPR Compliance

Data export, deletion requests, and privacy rights.

On this page

Security & PrivacySecurity OverviewMulti-TenancyAuthenticationSession ManagementEncryptionRow-Level Security (RLS)Database PoliciesPolicy ExampleRate LimitingGDPR ComplianceData RightsData ProcessingAudit LoggingLogged EventsAudit Log DetailsCompliance CertificationsCurrent CertificationsReports AvailableSecurity Best PracticesFor UsersFor AdminsVulnerability DisclosureReporting Security IssuesBug BountyInfrastructure SecurityHostingBackup & RecoveryMonitoringNext Steps