OfficeSpace’s commitment to you

At OfficeSpace, performance, security, and data privacy are first-order considerations for how we design our products and policies as an organization.

Learn how we couple these principles with best-in-class technology to ensure the integrity of your data and deliver an exceptional user experience for your team.

Request a demo

Data security and privacy

OfficeSpace observes key industry best practices and regulatory schemes to protect the security and privacy of our client’s data.

Best practices

Chief Information Security Officer

OfficeSpace has appointed a Chief Information Security Officer (CISO) as the cross-functional company advocate for data privacy and security.

Privacy and security training

All OfficeSpace employees are trained and certified on data privacy policies and best practices on an ongoing basis. Training is conducted during employee onboarding. Updates are provided regularly throughout the year.

Vendor audit and approval process

We follow a thorough process for vetting all vendors to ensure they are up to our security standards. We have a vendor management system that is GDPR compliant.

Data encryption and access controls

In transit and at rest, all customer data is encrypted using only industry-accepted tools, standards, and best practices for data handling and security.

Role-based permissions

OfficeSpace lets you set granular access controls to grant and restrict capabilities based on specific roles and authorities.

Audits

OfficeSpace is penetration tested regularly by external security experts. Our data centers are ISO certified and SOC audited.

Audit trails

OfficeSpace logs and stores every change, every action, and every event, including the deletion of data, for easy auditing and root cause analysis.

Data deletion requests

OfficeSpace supports data deletion requests for both the data we control and the data we process.

Data segregation

OfficeSpace is architected specifically to allow us to fully segregate all client data.

Resilience and uptime

OfficeSpace is designed for uninterrupted uptime and enterprise scale, with no degradation of performance.

Two people, one standing with computer

Frequently Asked Questions

Where does OfficeSpace store data?

Data submitted to OfficeSpace and OfficeSpace applications are processed and stored in a secure, multi-tenant environment provided by Google’s Cloud Platform. All data storage is encrypted by default.

Clients can choose between having their data hosted in any of Google’s data center facilities around the world, including the United States and the European Union.

Is data protected?

Yes, all data hosted by OfficeSpace is encrypted at rest and in transit.

Data at rest
All data is encrypted at rest using AES 256.

Every client’s full system is completely segregated from other clients. Each instance is protected by multiple layers of security including layered firewalls, intrusion prevention, and intrusion detection systems.

Access to data is secured with two-factor authentication (2FA), and employees are only given access to the environments they work with. This access is timeboxed and auditable.

All systems are actively monitored.

Data in transit
Our API and application endpoints are TLS 1.2 only.

How long does OfficeSpace store client data?

OfficeSpace retains all client data as long as you are an active client. All data will be removed from OfficeSpace after a subscription is canceled.

Does OfficeSpace support Single Sign-On (SSO) or two-factor authentication (2FA)?

Yes, OfficeSpace supports Single Sign-On and 2FA. Administrators can disable password-based logins and require authentication through your company’s identity provider.

All major identity providers (IdPs) have built-in connectors for OfficeSpace including Okta, AzureAD, Google, Ping Identity, and One Login.

Is OfficeSpace GDPR Compliant?

Yes, OfficeSpace is fully GDPR compliant.

Does OfficeSpace conduct security audits?

OfficeSpace undergoes third-party penetration testing on an annual basis.

Two people, one sitting with computer

More questions?

For more information on security, privacy, and compliance please see our privacy policy or contact us for specific data privacy-related questions.