Security & Compliance

WeldDesk is currently in the process of obtaining ISO 27001 certification. We have implemented the required information security management controls and are working with an independent auditor to complete the certification process. Contact us at security@welddesk.org for updates on our certification timeline.

WeldDesk is actively working toward SOC 2 Type II certification. Our security controls are designed to meet SOC 2 requirements, and we are in the process of completing the formal audit. Contact security@welddesk.org to learn more about our progress.

GDPR & CCPA

As a Dutch company, WeldDesk is designed to comply with all requirements of the General Data Protection Regulation (GDPR). We are registered as a data processor and follow the guidelines set by the Autoriteit Persoonsgegevens (Dutch Data Protection Authority). Our platform is also designed to help you meet CCPA requirements for California residents.

Physical Access Control

WeldDesk infrastructure is hosted on secure cloud platforms within the European Union, with data centers that maintain strict physical access controls, 24/7 monitoring, and comprehensive security certifications.

Access Control

We implement Just-in-Time (JIT) privileged access controls. All administrative access requires business justification and is logged for audit purposes. Access is automatically revoked after the approved time period.

Penetration Testing

WeldDesk undergoes annual penetration testing conducted by independent security firms. Enterprise customers can request a summary of our penetration testing findings by contacting us.

High Availability

WeldDesk is built on redundant infrastructure with automatic failover capabilities. Our systems are designed to maintain service availability even in the event of component failures.

Data Backups

We perform daily and weekly backups stored in multiple geographic locations within the EU. All backups are encrypted at rest using AES-256 encryption.

Regional Failover

WeldDesk maintains documented disaster recovery procedures including the ability to provision services in a separate region if required. We regularly test our recovery procedures to ensure effectiveness.

Incoming Data

All data transmitted to WeldDesk is encrypted using HTTPS with TLS 1.2 or higher. We reject connections using weaker encryption protocols to ensure the security of data in transit.

Outgoing Data

Our web application, mobile apps (iOS and Android), and REST API all use TLS 1.2 or higher for secure communication. All integrations and webhooks are transmitted over encrypted connections.

Authentication

WeldDesk supports multiple secure authentication methods including email-based magic links, Google Sign-In, and SAML 2.0 for enterprise customers. All authentication methods are subject to regular security assessments.

API Security

Our REST API uses secure API keys with brute-force protection and supports OAuth 2.0 for third-party integrations. API access is logged and can be monitored through your dashboard.

Multi-Factor Authentication

MFA is available for all accounts and can be enforced at the workspace level. We support authenticator apps and security keys for additional protection.

Endpoint Protection

All employee devices are protected with malware protection, endpoint management, and full disk encryption. We maintain an inventory of all devices with access to company systems.

Risk Management

WeldDesk conducts regular asset and scenario-based risk assessments. We test our incident response procedures quarterly and update our security policies annually.

Employee Security

All employees undergo background checks as permitted by Dutch law. Security awareness training is mandatory for all staff, with annual refresher courses and role-specific training for technical teams.

Incident Response

We maintain a documented incident response process aligned with industry best practices. Security incidents are tracked, investigated, and resolved according to defined procedures with appropriate communication to affected parties.