This is an introduction to how Wobby handles and protects customer data.
Key Security Considerations
When it comes to data security, Wobby focuses on three key aspects:
Security by Design
Technical Security
Operational Security
These principles are contractually guaranteed to our customers through relevant agreements and Data Processing Agreements (DPA). Additionally, we are in the process of implementing our ISO 27001:2022 certification to further strengthen our commitment to information security.
Security by Design
At Wobby, we believe that the foundation of security is built during the development of our platform. Early architectural decisions play a key role in ensuring only the necessary data is processed and that it’s handled securely. For example, we design the platform so that data in transit and at rest is encrypted using the latest technologies, without compromising performance.
Our engineering team consists of experienced software architects and developers who are continuously trained in the latest security practices.
Because of this, Wobby was built with security and data protection as top priorities. The platform uses a state-of-the-art cloud architecture, following practices like least privilege access, logical separation, and infrastructure as code.
Importantly, Wobby primarily uses metadata rather than full data, so our AI systems don’t need to store or access complete copies of customer data.
Technical Security
No software works without data, so it’s critical to implement strong security measures to protect the data used. As mentioned, Wobby minimizes the data required to operate effectively.
Here are some of the technical security measures we use:
Encryption of data in transit and at rest using the latest TLS and AES encryption technologies
Data integrity checks using signatures and hashes
Regular system and software updates
Firewalls and virus scanning
Internal virtual networks
Pseudonymization where possible
Separation between production and development environments
Separation of storage and processing systems
Tenant data separation
Logging and audit trails
As part of our ongoing commitment to security, we are also actively working on obtaining the ISO 27001:2022 certification, which ensures that our information security management system (ISMS) aligns with global standards.
This is not an exhaustive list, but it highlights key practices. For detailed information, please refer to the Data Processing Agreement.
Operational Security
In addition to technical measures, Wobby applies various operational security procedures to ensure customer data is protected at all times, including:
Physical and virtual access controls
Strict access and account management protocols
Device management
Non-disclosure agreements with employees and subcontractors
Regular security training for staff
Logging and audit trails
Our goal is to maintain high security standards throughout the entire data lifecycle, further supported by our pursuit of ISO 27001:2022 certification, which formalizes our approach to information security management.