Security

Security, Privacy and Compliance

Your meeting minutes and tasks are safeguarded with industry-leading security. We store all your data in Switzerland, within ISO 27001 certified data centers, ensuring both safety and compliance. Our commitment is to provide a secure environment without compromising application performance or user experience.

Visit our trust center Terms and policies

SOC2 Type II

ISO27001

GDPR

nFADP

FINMA

Health Data Hosting

SOC2 Compliance

The SOC 2 Type II audit is an industry-recognized security certification for software-as-a-service (SaaS) companies. It validates that your data is secure, safe, and controlled with WEDO. The 6-month long audit involved a thorough analysis of our controls, the tests we perform to assess their effectiveness, and the results of those tests. Learn more about SOC2 here.

ISO Certifications

ISO 27001:2013 is considered to be the highest international standard of information security as it relates to customer data. WEDO stores data only in ISO 27001:2013 certified data centers, ensuring that your data is safe and secure.

nFADP and GDPR Compliance

WEDO is compliant with the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). We are committed to protecting your data and ensuring that it is used in accordance with the law.

Data Center Security

WEDO customer data is hosted by Exoscale, which is certified ISO 27001. Exoscale maintains an impressive list of reports, certifications, and third party assessments such as ISO 9001:2008, PCI DSS 3.2, SOC-1 Type II and SOC-2 Type II. Exoscale data centers are secured with a variety of physical controls to prevent unauthorized access. More information on Exoscale data centers and their security controls can be found here.

Data Center Locations

Your data is safely stored in Swiss data centers located in Zurich and Geneva.

Hundreds of companies rely on WEDO to keep their data protected

Network and Infrastructure Security

WEDO’s infrastructure is hosted in a high-available, fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features. All WEDO web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data in WEDO is encrypted at rest using AES-256 encryption.

Firewall: Our firewall is designed to protect your data from unauthorized access.
Encryption: All data in WEDO is encrypted in transit using TLS 1.2 and at rest using AES-256 encryption.
Backup: We have multi layers of backups with: real-time replication, daily backups and point-in-time recovery. All backups are encrypted using AES-256.
Incident response: WEDO has an incident response plan in place that is reviewed yearly. This ensures timely detection, mitigation and notification procedures for any incidents in place.
Disaster recovery: WEDO has a both a business continuity and a disaster recovery plan to ensure our staff is ready to continue to serve customers even in the most unlikely of events.
Hardening: Our servers are hardened following CIS standards to protect against common threats and vulnerabilities.

Application Security

WEDO actively monitors ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing. WEDO Security team will continue to do everything to keep your data safe and advise you about risks. Regarding privacy, you can view our full privacy policy here: Privacy Policy.

Two-factor Authentication: You can enable Two-factor Authentication (2FA) to add an extra layer of security to your account.
SAML SSO: A SAML 2.0 interface for Single Sign-On & Active Directory is available in WEDO
RBAC access configuration: Role-based permissions via Admin Dashboard are available in WEDO.
High availability: WEDO is hosted on a highly available infrastructure monitored on our status page.

User Permissions and Roles in Product

WEDO allows you to configure user permissions and roles at multiple layers. By setting up different roles with different permissions you can ensure that your data is secure and accessible only to those who need it.

Software Development Practices and Security

At WEDO, we follow secure software development practices as outlined in our documented software development lifecycle. Every piece of code undergoes rigorous security-focused reviews, along with automated and manual testing, before being deployed to production. We maintain separate environments for development, staging, and production, ensuring that no production data is used in non-production environments. Our continuous integration (CI) pipeline runs a comprehensive suite of tests to guarantee that all code meets security and quality standards prior to deployment.

People Security

Employee Background Checks

All new employees at WEDO are required to undergo criminal background checks, debt registry verification, and reference checks prior to starting their employment.

Security Training

All WEDO employees are required to undergo security training annually. This training covers topics such as phishing, password security, and data handling.

Confidentiality and Privacy

All WEDO employees and service providers sign confidentiality and non-disclosure agreements to ensure confidentiality of all information collected on our systems. Furthermore, our customer support personnel will only access customer information for the purpose of troubleshooting upon asking for permission from said customers. Such access is logged and is monitored by internal security personnel.

Risk Management

WEDO takes risk management seriously and has put in place a risk management policy, associated plan and risk mitigation strategies. We ensure that a risk assessment is performed at least annually or when warranted based on changes that necessitate the activity.

Vulnerability Management

Endpoint Monitoring

WEDO utilizes a centralized endpoint security solution, and ensures that all devices are up to date, clean from malware, and securely encrypted.

Vulnerability Scans

WEDO undergoes third party vulnerability scans on every commit, ensuring that no vulnerabilities exist in our systems. Where such vulnerabilities are identified they are remediated as soon as possible.

Static Code Scans

WEDO uses static code analysis tools for our backend systems and APIs as part of our CI/CD pipeline, ensuring no code is deployed without passing checks for potential vulnerabilities and anti-patterns.

Third Party Penetration Testing

WEDO commissions penetration tests from external security firms at least annually, ensuring that our software remains secure. Any potential vulnerabilities found are remediated in short order.

Latest articles

Security

E-signatures: a complete guide to their legal value

The use of electronic signatures for reports and minutes: a complete guide to their legal value

David Dutch

01/07/20244min read

Security

FADP or GDPR, which law applies to your company?

Determining compliance with the Swiss Federal Act on Data Protection (FADP) or the European Union's General Data Protection Regulation (GDPR) depends on several factors related to your company's business. Here are some guidelines to help you determine which regulations your company must comply with.

David Dutch

03/06/20244min read

Security

Data security and protection: how to keep control of your company's data?

The hosting of computer data and the software used in day-to-day business activities play a major role in the risks incurred. Careful selection can significantly reduce vulnerabilities and offer solid protection against these increasingly sophisticated threats.

David Dutch

15/05/20245min read

Frequently asked questions

Learn more about how we treat privacy.Privacy Policy

Ready to dive in?Start your free trial today.

Live demo Get started