Last Updated: November 11th, 2022
Our Security Commitment
Wrky maintains the highest standards of data privacy and security possible. Wrky is GDPR compliant and all data is encrypted while at rest and in transit.
Secure and Reliable Infrastructure
Wrky uses Amazon Web Services for the hosting and staging of production environments. AWS data centres are monitored 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
World Class Application Security
- Data Encryption
Data is encrypted in-transit using bank-grade TLS 1.2. Data is encrypted at-rest using 256-bit encryption via native AWS capabilities.
- Data Permissions & Authentication
Access to customer data is limited to authorized employees who require it for their job and data access is logged.
- Incident Response
Security breaches will be communicated within 48 hours, and vulnerabilities are fixed ASAP.
Enterprise Ready Compliance
- EU GDPR
Wrky is GDPR compliant. Organizations in the EU or who employ EU-based individuals can rest assured that Wrky is handling their personal information in compliance with the latest EU laws.
Ongoing Commitment to Security
- Employee Training
Security is a company-wide endeavour. All employees complete an annual security training program and employ best practices when handling customer data.
- Secure Software Development
Wrky utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
- Security Team
Wrky Responsible Disclosure Policy
Data security is a top priority for Wrky, and Wrky believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Wrky’s service, please notify us; we will work with you to resolve the issue promptly.
- Disclosure Policy
- If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at firstname.lastname@example.org. We will acknowledge your email within five business days.
- Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
- Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Wrky service. Please only interact with domains you own or for which you have explicit permission from the account holder.
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Social engineering or phishing of Wrky employees or contractors
- Any attacks against Wrky’s physical property or data centres