Weeldi takes security seriously.
Weeldi and Amazon Web Services (AWS) best practices
and certifications ensure our customers information
is safe and secure.
Security Highlights
Weeldi is built on a layered defense architecture that helps protect client information from unauthorized access by other company employees, other Weeldi customers, and non-customers. Weeldi has certified it's systems to AICPA SOC 2 Type II, leverages high-granularity access control, audit logs, security scanning and continuous monitoring, all backed by Amazon’s best-in-class security architecture. A formal security summary is available upon approved request.
Compliance
SOC 2 Type II Compliant: Weeldi has obtained independent third-party auditor attestation with the AICPA’s SOC for Service Organizations. Our SOC 2 Type II report is available upon approved request.
Weeldi is built on a layered defense architecture that helps protect client information from unauthorized access by other company employees, other Weeldi customers, and non-customers. Weeldi has certified it's systems to AICPA SOC 2 Type II, leverages high-granularity access control, audit logs, security scanning and continuous monitoring, all backed by Amazon’s best-in-class security architecture. A formal security summary is available upon approved request.
Compliance
SOC 2 Type II Compliant: Weeldi has obtained independent third-party auditor attestation with the AICPA’s SOC for Service Organizations. Our SOC 2 Type II report is available upon approved request.
|
PCI DSS Certified Level 1 Service Provider: Weeldi has obtained certification through The Payment Card Industry Security Standards Council a global forum owned and managed by the major card networks. PCI develops and drives the adoption of data security for payment card data - ensuring that all participants in the card payments value chain keep data safe.
|
In addition you can learn more about Amazon Web Services (AWS) security processes and best practices below. Artifacts are available upon request.
Physical Security
Weeldi is hosted on Amazon Web Services (AWS) and supported by their ISO 27001 certified security and data privacy practices. Further Weeldi’s desktops, laptops and code repositories are secured by password and require Two-Factor Authentication for access. Also, all mobile devices require password protection.
Network Security
Weeldi uses best-of-breed cloud based business application providers with stringent standards for security of data. Weeldi controls access to our production networks through the use of clearly defined rules and requires Two-factor authentication and encrypted connections. In addition, Weeldi requires passwords and Two-Factor Authentication for application access.
Application Security
Weeldi supports SAML, Two-Factor Authentication and granular access control for Weeldi application access. Weeldi runs a third party vulnerability scan upon each new code release.
Data Protection
Weeldi deploys hardened servers with a base configuration image to ensure uniform security. In addition, Weeldi encrypts all data in-transit (via HTTPS) and at-rest. Weeldi stores data on Amazon S3 with short-lived web access for enhanced security. All API call requests require authentication and all access events are logged.
Back-Up and Disaster Recovery
Weeldi completes full back-up daily to Amazon S3.
General Data Protection Regulation (GDPR)
Weeldi aligns our policies and practices to support General Data Protection Regulation (GDPR). Per Article 32, Weeldi, together with Amazon AWS, has the appropriate technical and organization measures to keep your data secure. These polices and practices include: regular vulnerability scans upon each code release, ability to delete customer information upon request, daily back-ups via Amazon S3 and limiting employee access to customer data to only those who need it to help provide our services.
We give our customer’s full control of the data they collect using the Weeldi platform. As a result it is the responsibility of our customers to ensure they are using Weeldi in compliance with the prevailing laws.
Our Sub-processors
Weeldi only uses sub-processors who have stringent standards regarding the safety and security of Personal Data.
Amazon Web Services, Inc. Cloud Infrastructure
Google Email
Twilio SMS
Physical Security
Weeldi is hosted on Amazon Web Services (AWS) and supported by their ISO 27001 certified security and data privacy practices. Further Weeldi’s desktops, laptops and code repositories are secured by password and require Two-Factor Authentication for access. Also, all mobile devices require password protection.
Network Security
Weeldi uses best-of-breed cloud based business application providers with stringent standards for security of data. Weeldi controls access to our production networks through the use of clearly defined rules and requires Two-factor authentication and encrypted connections. In addition, Weeldi requires passwords and Two-Factor Authentication for application access.
Application Security
Weeldi supports SAML, Two-Factor Authentication and granular access control for Weeldi application access. Weeldi runs a third party vulnerability scan upon each new code release.
Data Protection
Weeldi deploys hardened servers with a base configuration image to ensure uniform security. In addition, Weeldi encrypts all data in-transit (via HTTPS) and at-rest. Weeldi stores data on Amazon S3 with short-lived web access for enhanced security. All API call requests require authentication and all access events are logged.
Back-Up and Disaster Recovery
Weeldi completes full back-up daily to Amazon S3.
General Data Protection Regulation (GDPR)
Weeldi aligns our policies and practices to support General Data Protection Regulation (GDPR). Per Article 32, Weeldi, together with Amazon AWS, has the appropriate technical and organization measures to keep your data secure. These polices and practices include: regular vulnerability scans upon each code release, ability to delete customer information upon request, daily back-ups via Amazon S3 and limiting employee access to customer data to only those who need it to help provide our services.
We give our customer’s full control of the data they collect using the Weeldi platform. As a result it is the responsibility of our customers to ensure they are using Weeldi in compliance with the prevailing laws.
Our Sub-processors
Weeldi only uses sub-processors who have stringent standards regarding the safety and security of Personal Data.
Amazon Web Services, Inc. Cloud Infrastructure
Google Email
Twilio SMS
