Keeping our customers data safe (and encrypted) is the most important thing that Popwork cares about. We go to considerable lengths to ensure that all data sent to Popwork is handled securely.
Popwork has been successfully assessed by cybervadis and rated Silver in 2023 with a score of 900/1000. This shows a mature level in cybersecurity.
Please find below the details of our setup.
Infrastructure
All of our services run in the cloud. Popwork does not host its own routers, load balancers, DNS servers, or physical servers.
All our services and data are provided and hosted in Google Cloud Platform (GCP) facilities in Brussels, Belgium. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Further detail on subprocessors is available here.
Data and encryption
All customer data is stored on our GCP cloud infrastructure in the EU (Belgium) and data at rest is encrypted by default using AES-256 (Advanced Encryption Standards).
All communications between our application servers and backend databases transit through a Virtual Private Cloud (VPC). This means both remain isolated from public networks as they communicate through a private network.
Customer data is stored in multi-tenant datastores, we do not have individual datastores for each customer. However we apply strict privacy controls to ensure data privacy and prevent one customer from accessing another customer's data.
Data transfer and authentication
All data sent to or from Popwork is encrypted in transit using strong TLS encryption.
Popwork is served 100% over HTTPS and our API as well as our application endpoints are TLS/SSL only.
All API routes are secured applying a strict access control policy and using an access control list.
Popwork runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Popwork’s network.
Transactional emails are transmitted to our users over a secured TLS 1.3 protocol using a strong 128-bit encryption key for both encryption and authentication purposes. This combination ensures secure and authenticated communication between the client and the server.
Application monitoring
On an application level, we produce encrypted audit logs for all activity. Part of these logs are stored on third party services which all satisfy the highest security standards and are compliant with the European Union requirements. Further detail on subprocessors can be found here.
For further details on how we manage Information Security please refer to our Information Security Policy.