Your Security Is Our Priority
At Whatfix, the security of our products and associated services always remains a top priority. Our Customer first approach ensures that we remain committed to safeguarding customer information. Whatfix leverages best in class technologies and processes for ensuring Data security, for maintaining and supporting Customer needs in various regulatory compliance requirements including but not limited to Privacy. Check out the resources on this page to learn how to create and optimize your company’s employee onboarding process.
Secured Role based Access, Encryption and Anonymization are some of the various methods we employ to ensure Confidentiality of Our Customer Data.
- Role-based access
- Minimal collection of data
Redundancy, resilience, and the ability to scale at ease are baked into the architecture of our Platform to ensure the availability of Whatfix to our Customers.
- Disaster Avoidance is one of the cornerstone of the design of our platform Application and infrastructure
- Clustering of services or nodes ensure that Whatfix continues to serve its Customers even if there are more than one failures to the nodes or components. Thus, avoiding single point of failures.
- Whatfix Business continuity program ensures that our Plans are tested at least once annually and upon significant change in infrastructure.
At Whatfix we have implemented change controls, elaborate logging and round the clock monitoring of all actions and activities in the production environment to enable us to provide adequate assurance to our customers on the Integrity of their data at Whatfix.
- Change control
- Digitally sign all executables
Red Teaming and Third Party Penetration Tests
- Whatfix partners with Bugcrowd, a leading Crowdsourced cybersecurity platform to play the role of Red Team.
- At least once Annually a reputed third party is engaged for carrying out Infrastructure and Application Penetration tests.
Whatfix complies with all applicable regulations and legislations of Geographies and business verticals it operates and provides services in.
Whatfix believes in remaining transparent with its clients on data collection. As a service provider, we allow our Customers to choose the Personal data that our Platform captures. Clients can also choose not to send any Personally Identifiable Information of their Users and still continue to leverage Whatfix in their Application adoption journeys.
Whatfix offers its services from 2 geographic locations viz. EU and the USA, customers can choose to subscribe to any of the 2 data centers depending on their data localization needs.
Whatfix retains its Customer data on the platform for a period of 2 years post termination of the engagement, Customers can choose to have the data deleted anytime during and after the period of subscription.
Whatfix safeguards the customer data by implementing industry best technical controls and processes such as role based access control, encryption, anonymization etc.
Whatfix can sign Data processing agreements that incorporate the “New” Standard Contractual Clauses as prescribed in EU GDPR with Customers .