Enterprise-grade security.
Built on Cloudflare's infrastructure. Your data never leaves their network.
Infrastructure
WORKWAY runs entirely on Cloudflare. No AWS. No GCP. One provider, audited.
All workflows execute on Cloudflare's global edge network. 330+ locations. 449 Tbps DDoS capacity.
SQLite at the edge. AES-256 encryption at rest. SOC 2 Type II audited infrastructure.
Strongly consistent state. AES-256 encryption at rest. TLS 1.3 in transit.
Security Practices
How we protect your data and credentials.
Encryption in Transit
All data encrypted via TLS 1.3. HTTPS enforced on all endpoints.
OAuth 2.0 Authentication
No passwords stored. Integration credentials use OAuth with automatic token refresh.
Audit Logging
All workflow executions logged with timestamps, inputs, and outputs. Retention: 90 days.
Rate Limiting
Per-user and per-workflow rate limits prevent abuse. DDoS protection via Cloudflare.
Compliance
Current certifications and roadmap.
SOC 2 Type II Infrastructure
Cloudflare CertifiedBuilt on Cloudflare's SOC 2 Type II audited infrastructure. WORKWAY application audit planned.
ISO 27001 / 27701 / 27018
Cloudflare CertifiedInformation security, privacy management, and cloud data protection certifications.
GDPR
CompliantEU data processing via Cloudflare's EU-U.S. Data Privacy Framework. Deletion on request.
PCI DSS Level 1
Cloudflare CertifiedPayment card data transmitted through PCI DSS Level 1 compliant infrastructure.
API Security
Integration security practices.
Authentication
- • OAuth 2.0 with PKCE for integrations
- • API keys with per-key rate limits
- • JWT tokens with 1-hour expiration
Rate Limiting
- • 100 requests/minute per API key
- • 1,000 workflow executions/hour
- • Automatic backoff on 429 responses
Questions?
Security concerns or compliance requirements? We respond within 24 hours.