Security and Trust
Protecting your data is our top priority
Following are some frequently asked question.
TL;DR - Only the admin needs to be authenticated. Full control over which channels are monitored.
Authentication - Worknet is a Slack native app. It is installed by Slack workspace admin authenticated by their Slack credentials. All other Slack workspace users will automatically get access to Worknet Slack app services. No authentication is required. It is possible to control Slack users access to the Worknet Slack app home page.
Scope control - Slack admin/s or selected users can point the Worknet Slack app to monitor certain channels. It is done by inviting the Worknet app to the relevant channels. Only when invited will the Worknet Slack app start synchronizing messages history and on-going messages posted to this channel. By default, the last 90 days of message history is captured.
What data is captured and how can I control it?
TL;DR - It is possible to skip medium-high and medium sensitive data elements.
Important: Worknet can support a scenario when it only stores Slack generated IDs and timestamps. No organization sensitive data. Translation into names and message content will be done by Slack during runtime.
Worknet captures two types of data elements: 1/ users and 2/ messages info. To minimize risk the sensitive parts of each type are managed separately allowing each customer to skip capturing them.
Low sensitivity - only Slack artificially generated IDs
1. Slack users - Slack user ID, team ID
2. Slack messages metadata only - User ID, post time, reactions, user ID mentions, channel ID.
3. Slack users - name, title and email can be captured in full, or just the email domain.
4. Message text - each customer can can select the preferred method:
default - tokenizing PII elements prior to saving to Worknet database
skip capturing message text all together.
Where is the data stored?
Worknet is hosted in Google Cloud Platform (GCP) data centers and in the US. Our data is stored in Google BigQuery segmented by customer. All data is transmitted encrypted using industry standard TLS 1.2 or TLS 1.3. All storage is encrypted at rest under the Advanced Encryption Standard (AES) encryption at rest. It can also support customer-managed encryption keys (CMEK). Google BigQuery is ensuring high availability and durability.
How is data in my account protected?
Multiple measures are taken to protect your data.
Best-in-class software development lifecycle security practices: We use code review best practices, automated tests to ensure the security of our codebase.
Robust infrastructure security: Worknet's production servers and data are hosted in Google Cloud Platform. Google employs a robust physical security program with multiple certifications, including an SSAE 16 certification, ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP, HITRUST, MTCS, IRAP, and ENS. For a full list of additional compliance standards supported in Google Cloud Service and their physical security please visit the Google Cloud Service - Security and Trust page.
Processes to ensure data security including the following:
Infrastructure management policies: Worknet datacenter infrastructure policies cover escalation, management, knowledge sharing, risk management, and day-to-day operations.
Data Access: Only a limited set of employees can access customer data stored in our databases. There are strict security policies for employee access; logins and resource modifications are logged and monitored. We limit access to customer data to employees with a job-related need and require all these staff members to sign a confidentiality agreement and complete a comprehensive criminal background check. Accessing customer data is only done on an as-needed basis, and only when approved by the customer or under authorization from senior management and security for the purposes of providing support, maintenance, or improving service quality
Encrypted communication: Worknet uses Transport Layer Security (TLS) 1.2 with AES algorithm. Communication is encrypted to/from the Worknet service.
Encryption at rest: All data stored in the Worknet application including users, messages and access tokens are encrypted at rest using AES encryption and is FIPS 140-2 compliant.
Corporate policies and procedures: Every Worknet employee signs a Data Access Policy that binds them to the terms of our data confidentiality policies, available at https://worknet.ai/terms-and_conditions/ and https://worknet.ai/privacy-policy/.
Can I control who can access data within my account?
Yes, you can configure security policies and permissions on a granular level.
Authentication: Only the person that installs the Worknet Slack apps needs to be authenticated using OAuth 2.0 via Google Identity. All other Worknet Slack App users can access it using their Slack credentials. Worknet does not store user passwords.
User management: Administrators can control user level access to Worknet Slack App home page .
Privacy, Visibility, and Sharing Settings: Worknet Slack App synchronizes Slack data. Any PII content at the Slack message level is tokenized prior to saving it to Worknet database. It is possible to configure the message sync to skip capturing message text all together.
What is the data retention policy?
All data is retained while customer accounts are active. Worknet can delete all customer data upon request at service cancellation; otherwise data is retained for a limited time period to allow for service restoration and backup. If a customer stops using Worknet, their data is retained until the customer requests the removal of their data.
Do you maintain logs for your service operations?
Worknet maintains logs for our service operation as well as for operations that occur inside Worknet. Operational logs are used for diagnosing and troubleshooting issues only by employees who have passed our comprehensive background checks. PII data is not logged.
Worknet user activity logs are available in the activity feeds of the product.
How can I report security concerns?
Please use email@example.com to report security or related concerns.