At OfficeSpace, performance, security, and data privacy are first-order considerations for how we design our products and policies as an organization.
Learn how we couple these principles with best-in-class technology to ensure the integrity of your data so you can deliver an exceptional user experience for your team.
OfficeSpace observes key industry best practices and regulatory schemes to protect the security and privacy of our client’s data.
OfficeSpace has appointed a Chief Information Security Officer (CISO) as the cross-functional company advocate for data privacy and security.
All OfficeSpace employees are trained and certified on data privacy policies and best practices on an ongoing basis. Training is conducted during employee onboarding. Updates are provided regularly throughout the year.
We follow a thorough process for vetting all vendors to ensure they are up to our security standards. We have a vendor management system that is GDPR compliant.
In transit and at rest, all customer data is encrypted using only industry-accepted tools, standards, and best practices for data handling and security.
OfficeSpace lets you set granular access controls to grant and restrict capabilities based on specific roles and authorities.
OfficeSpace is penetration tested regularly by external security experts. Our data centers are ISO certified and SOC audited.
OfficeSpace logs and stores every change, every action, and every event, including the deletion of data, for easy auditing and root cause analysis.
OfficeSpace supports data deletion requests for both the data we control and the data we process.
OfficeSpace is architected specifically to allow us to fully segregate all client data.
OfficeSpace is designed for uninterrupted uptime and enterprise scale, with no degradation of performance.
Data submitted to OfficeSpace and OfficeSpace applications are processed and stored in a secure, multi-tenant environment provided by Google’s Cloud Platform. All data storage is encrypted by default.
Clients can choose between having their data hosted in any of Google’s data center facilities around the world, including the United States and the European Union.
Yes, all data hosted by OfficeSpace is encrypted at rest and in transit.
Data at rest
All data is encrypted at rest using AES 256.
Every client’s full system is completely segregated from other clients. Each instance is protected by multiple layers of security including layered firewalls, intrusion prevention, and intrusion detection systems.
Access to data is secured with two-factor authentication (2FA), and employees are only given access to the environments they work with. This access is timeboxed and auditable.
All systems are actively monitored.
Data in transit
Our API and application endpoints are TLS 1.2 only.
OfficeSpace retains all client data as long as you are an active client. All data will be removed from OfficeSpace after a subscription is canceled.
Yes, OfficeSpace supports Single Sign-On and 2FA. Administrators can disable password-based logins and require authentication through your company’s identity provider.
All major identity providers (IdPs) have built-in connectors for OfficeSpace including Okta, AzureAD, Google, Ping Identity, and One Login.
Yes, OfficeSpace is fully GDPR compliant.
OfficeSpace undergoes third-party penetration testing on an annual basis.