Skip to Content
NEW! Schedule emails based on employees' time zones to boost open rates & create a better experience icon

Communicate in confidence with enterprise-grade security

Our team is proud to provide leading organizations with a best-in-class product and a serious commitment to security.

SOC 2 Badge

SOC 2 Type 2 Report available

Workshop has been independently audited for SOC 2 compliance and has received a SOC 2 Type 2 report.

GDPR Badge


Workshop is in compliance with GDPR principles. Our DPA is available online here. If you have specific questions, please reach out.

Workshop's simple and secure authentication

Simple and secure authentication

Workshop integrates with Okta, Duo, and other Single Sign-On providers (available on our Enterprise plan) using SAML.

Our security practices

We're deeply committed to employee privacy and will do everything we can to ensure your data is safe and sound.

Industry best-practice development

Workshop follows industry best-practices with respect to our software development process. Workshop’s software development process follows industry best-practices. Our process includes extensive testing across our application and infrastructure including automated testing with every deploy.

Secure data in-transit and at rest

All in-transit data is secured and encrypted with TLS 1.2 or better and at-rest data is encrypted using AES-256 encryption. All production domains are submitted to the HSTS Preload list which is included in browsers to require encryption on all endpoints.

Automated backups

All production information is continuously backed up to encrypted storage on AWS. Workshop has the ability to revert back to specific points in time along a stream of database changes.

Internal security best-practices

All employees undergo security awareness training, use SSO and MFA for all internal tools, and use centrally managed and fully encrypted devices.

Fully tested and reviewed code

All changes to our production code require peer review before being merged. Code changes must pass comprehensive automated testing including OWASP Top 10 scanning, vulnerability scanning, and dependency scanning.

Vetted vendors

Workshop takes reasonable measures to select and engage with third party vendors. Vendor security controls, data retention, and risk are evaluated by Workshop before third party solutions are implemented.

Proactive vulnerability alerts

Security and vulnerability issues in production environments and software dependencies are proactively alerted upon and addressed as soon as possible.

Environment access control

All engineers are required to use multi-factor authentication (MFA) for development. Production environments and data are segregated from those of development. Production customer data is not utilized on Workshop staging and testing environments.

More on Workshop security

Interested in taking a deeper dive into Workshop’s security practices and philosophy? Fill out the form below to request our security policies and SOC 2 report.


Join the Happy Monday Club!

Start your week inspired and energized with our practical newsletter about positive company culture! It features actionable articles and little surprises, sent every Monday morning.

Happy Monday Club