Security & Compliance Certificates

Executive Summary

Weflow is dedicated to delivering powerful, secure, and reliable AI-powered Salesforce data capture, forecasting and conversation intelligence. Our rigorous security practices ensure customer data is protected, compliant, and managed according to industry-leading standards.

Secure Infrastructure

Weflow leverages cloud hosting solutions from AWS and Google Cloud, providing flexibility in selecting EU, US, or APAC regions. These data centers adhere to stringent compliance frameworks:

  • EU SCCs (Standard Contractual Clauses)
  • AWS and Google Cloud Data Processing Agreements (DPAs)
  • EU–US Data Privacy Framework

Advanced Security Certifications

Our security credentials include:

  • SOC-2 Type II: Continuously audited and re-certified multiple times since 2021.
  • HIPAA Compliance: Ensuring health information protection.
  • GDPR and CCPA Certification: Verified compliance with privacy regulations.
  • CASA Tier 2 Certification: Security certified by TAC Security
  • Regular audits by Microsoft and PwC (for sensitive Google Workspace scopes).
  • Continuous ongoing penetration testing by a third-party auditor.
     

Robust Security Practices

Data Encryption

  • In transit: Encrypted using TLS 1.2+
  • At rest: AES-256 encryption standard

Role-Based Access Control (RBAC)

  • Strict RBAC policies limit access based on necessity.

Least Privilege Principle

  • Systems and personnel maintain minimal required permissions.

Single Sign-On and Multi-Factor Authentication

  • Mandatory SSO and MFA for all internal and customer-facing systems.

Secure Software Development Life Cycle (SDLC)

  • Static code analysis, dependency scanning, and regular code reviews.

Continuous Security Assessments

  • Annual third-party penetration tests.
  • Continuous automated vulnerability scans with swift remediation.

Audit Logging and Monitoring

  • Comprehensive logging and real-time monitoring to swiftly identify and respond to security anomalies.

Incident Response and Recovery

  • Documented and regularly tested incident response plans.
  • Daily encrypted data backups across geographically diverse locations.

Vendor Risk Management

  • Third-party vendors are rigorously evaluated for compliance before integration.

Employee Security Training

  • Bi-Annual security training to ensure team alignment with industry best practices and standards.

AI Model Security

Weflow employs AWS Bedrock and internally trained LLMs, ensuring AI models are secure, compliant, and robust. AI data processing happens within stringent security and privacy protocols, ensuring no sensitive data is externally stored or processed beyond Salesforce.

Weflow does not use customer data to train its models.

Conclusion

Weflow’s comprehensive security measures demonstrate our commitment to protecting customer data and maintaining compliance with global security standards, making us a reliable choice for secure Salesforce integration and AI-driven sales data management.

For questions, please contact security@getweflow.com.


 

Was this article helpful?