Whatfix Security
Your Security Is Our Priority
At Whatfix, the security of our products and associated services always remains a top priority. Our Customer first approach ensures that we remain committed to safeguarding customer information. Whatfix leverages best in class technologies and processes for ensuring Data security, for maintaining and supporting Customer needs in various regulatory compliance requirements including but not limited to Privacy. Check out the resources on this page to learn how to create and optimize your company’s employee onboarding process.
Security
In line with one of our core Organizational Principles of Trust, we leverage best in class Technologies, Processes and Partners to achieve this goal.
Confidentiality
Secured Role based Access, Encryption and Anonymization are some of the various methods we employ to ensure Confidentiality of Our Customer Data.
- Role-based access
- Minimal collection of data
- Encryption
Availability
Redundancy, resilience, and the ability to scale at ease are baked into the architecture of our Platform to ensure the availability of Whatfix to our Customers.
- Disaster Avoidance is one of the cornerstone of the design of our platform Application and infrastructure
- Clustering of services or nodes ensure that Whatfix continues to serve its Customers even if there are more than one failures to the nodes or components. Thus, avoiding single point of failures.
- Whatfix Business continuity program ensures that our Plans are tested at least once annually and upon significant change in infrastructure.
Data Integrity
At Whatfix we have implemented change controls, elaborate logging and round the clock monitoring of all actions and activities in the production environment to enable us to provide adequate assurance to our customers on the Integrity of their data at Whatfix.
- Change control
- Logging
- Monitoring
- SRI
- Digitally sign all executables
Red Teaming and Third Party Penetration Tests
- Whatfix partners with Bugcrowd, a leading Crowdsourced cybersecurity platform to play the role of Red Team.
- At least once Annually a reputed third party is engaged for carrying out Infrastructure and Application Penetration tests.
If you are interested to learn more about how Whatfix achieves these lofty (ambitious) goals of Security, please Click here .
Compliance
Whatfix complies with all applicable regulations and legislations of Geographies and business verticals it operates and provides services in.
Regulatory Compliance
As a leading Digital Adoption Platform provider and a partner to our clients to protect their data, it is imperative we remain cognizant of all regulatory requirements applicable to the type of data and the regulatory body. Whatfix compliance team is committed to ensuring that our Customers remain assured of our data handling and protection practices more than meet the respective regulatory requirements.
Our certifications/attestations include:
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Available only for Whatfix Customers. Please reach out to your respective CSM.
Privacy
Whatfix believes in remaining transparent with its clients on data collection. As a service provider, we allow our Customers to choose the Personal data that our Platform captures. Clients can also choose not to send any Personally Identifiable Information of their Users and still continue to leverage Whatfix in their Application adoption journeys.
Data localization
Whatfix offers its services from 2 geographic locations viz. EU and the USA, customers can choose to subscribe to any of the 2 data centers depending on their data localization needs.
Data retention
Whatfix retains its Customer data on the platform for a period of 2 years post termination of the engagement, Customers can choose to have the data deleted anytime during and after the period of subscription.
Data handling
Whatfix safeguards the customer data by implementing industry best technical controls and processes such as role based access control, encryption, anonymization etc.
Whatfix can sign Data processing agreements that incorporate the “New” Standard Contractual Clauses as prescribed in EU GDPR with Customers .
Contact Us
Report a vulnerability
If you believe you have found a security issue that meets Whatfix’s definition of a vulnerability, please submit the report to our security team via one of the methods below:
- If you are a customer: Submit a ticket to our support team
- If you are a security researcher: Submit a report through our bug bounty program
Definition of a Vulnerability
Whatfix considers a security vulnerability to be a weakness in our Whatfix Digital Adoption Platform or the supporting infrastructure of the Platform that could allow an attacker to impact the confidentiality, integrity, or availability of the product or infrastructure.
Note: The corporate Website of Whatfix is not in scope.
Bug Bounty Program
Whatfix operates a public bug bounty program for its Digital Adoption Platform via our partner, Bugcrowd. Security researchers can receive cash payments in exchange for a qualifying vulnerability report submitted to Whatfix via our bounty programs.
Click here to participate in our bug bounty program
Responsible Disclosure:
In order to protect our customers, Whatfix requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability, and informed customers if needed.
Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time, and the timeline will depend upon the severity of the vulnerability and the affected systems.
Experience the Benefits of Whatfix Today