Disclosure

• SOC 2 Type 2
• Datacenter Security
• Encrypted Transmission
• Encryption of Authentication Data
• Penetration Testing
• Disclosure Policy
• Contact

‍If you become aware of any items such as operational or security failures, incidents, system problems, concerns, or have other complaints with the HourWork system, please contact the appropriate person at HourWork.

Data security is a top priority for HourWork, and HourWork believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in HourWork’s service, please notify us; we will work with you to resolve the issue promptly.

SOC 2 Type 2

When enterprises move their most important data to the cloud, security is an essential consideration when using new software. The SOC 2 Type II certification provides assurance that a platform’s security is held to an extremely high standard. The AICPA SOC 2 is specifically designed for guaranteeing secure practices in the handling of data within the cloud by SaaS companies. The Service Organization Control (SOC) 2 Type II certification is understood to be one of the most thorough examination of an organization’s data-handling practices. It establishes that an expert team of third-party auditors have meticulously examined the data-handling process, and found it to be safe and secure.

Datacenter Security

At HourWork, we use a third-party, top-of-the-line datacenter that has earned multiple industry-recognized certifications.

Our hosting service is  compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and many others.

Encrypted Transmission
‍
All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

Encryption of Authentication and Session Data

All of our customer’s authentication and session data is carefully encrypted, protecting your data in an unreadable state for all instances of transfer.

Penetration Testing

We work with prestigious third-party penetration professionals to make sure our software is secure.

We’re committed to working with security experts across the globe to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we’d love to hear from you.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email within Five business days. Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within Five business days of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the HourWork service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from:

– Distributed Denial of Service (DDoS)Spamming
– Social engineering or phishing of HourWork employees or contractors
– Any attacks against HourWork’s physical property or data centers

Thank you for helping to keep HourWork and our users safe!

Changes

We may revise these guidelines from time to time. The most current version of the guidelines will be available at this page.

Contact

HourWork is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at:
– [email protected]
– Incident reporting: [email protected]
– Compliance questions: [email protected]
– System problems or vulnerabilities, or to request HourWork’s Vulnerability Management Program: [email protected]
– Billing questions: [email protected]

Other questions, concerns, or suggestions about HourWork: [email protected]

Responsibility

It is the IT team’s responsibility to see this policy is enforced. Last updated: 2019-1-30