We are undergoing an audit or certification (ex. SOC, ISO 9001, CMMI) and need additional information about WeWorked’s security.

Over the past decade, we’ve dedicated ourselves to cultivating trust among hundreds of thousands of companies globally. While we’re unable to fill out security questionnaires, we trust our Security Overview provides the necessary information.

Please contact us if you have additional questions or concerns.

WeWorked and the General Data Protection Regulation (GDPR)

The European General Data Protection Regulation (GDPR) is a new privacy regulation that goes into effect May 2018.

This document provides information about the law and how we plan to comply with the requirements set forth in the GDPR. We are actively working to incorporate new features that support user choice and bring increased transparency to our existing policies and procedures around the collection, storage, and usage of your data. We expect WeWorked to be in compliance with the GDPR by May 2018.

Know that we already build security and privacy into everything we do and the protection and proper usage of your data has always been a priority.

What is the GDPR?

At a high level, the GDPR requires companies to be transparent about how they collect, use, and share personal data. It also gives individuals more control over the usage and deletion of their data. Although the GDPR is an EU law, it is applicable to all online sites that collect data from or about residents of the EU.

For more information, read the full law here or take a look at this GDPR infographic.

WeWorked and the GDPR

Data protection and user privacy has always been a priority for us. Our existing privacy policy aligns with any of the GDPR principles. WeWorked was built from the ground up with privacy and security in mind. For example:

Content Control. Our goal is to give you as much control as possible over who can see your data. The security settings in WeWorked give you the ability to control who has rights to see and view certain information.

Government Requests. We understand the importance of safeguarding your data. We have strict guidelines and notification procedures for how we respond to data requests from law enforcement or governments. It is our policy to notify you when these requests are made and fulfilled.

Security is Priority. Understanding that no online service is every 100% secure, we work nonstop to protect your information from unauthorized access. We serve our website traffic over the encrypted Secure Socket Layers (SSL) that is the same level of protection used by the world’s leading banks.

It is your Data. Just as easily as you put your data in, you are able to get it out. It is our goal for you to stay with WeWorked; however, if you need to take your data somewhere else, you can always and easily export your data.

What rights does the GDPR give me?

The GDPR gives EU individuals rights to their personal data. There are some exceptions/exemptions to the rights granted by the GDPR, but in general it includes rights to:

  • request access to the data we store about you
  • request updates/changes to your personal data
  • request the deletion of your personal data
  • take your personal data to a new service
  • request we limit our collection and use of your personal data (e.g., opt out of being tracked by our first party analytics tool)

Although GDPR is a law that only applies within the European Union, we are offering tools to manage your personal data to all of our users.

Additionally, you can expect that we as a company will work to protect the privacy of your personal data, will only collect the data when we have a reason to do so, and will delete your personal data once we no longer have a need for it.

How do I request access to my personal data? How do I request changes to it?

If you’d like to know what personal data we have stored about you, please contact us with your request. If upon reviewing that data you need to request changes to it, please let us know and we will work with you to make the necessary corrections.

How do I take my data to a new service?

Your data is yours and your content belongs to you. We hope you find our services useful, but if you decided to move elsewhere, you can export your data to .csv format using our reports. This file can be used to assist with migrating to a new platform.

How do I delete my personal data?

Simply send us an email requesting complete removal of your account. We will remove your account once we confirm the identify of the owner.

Questions About Your Responsibilities as a Site Owner

What Tools Do You Offer to Help Me Comply with GDPR?

We provide permissions to help you manage your user’s data, and to respond to requests from your users, for example, the ability to edit profiles.  In general we try to make it possible for you to manage your account without needing our help, but if you get a request from one of your site’s users that you don’t have the ability to fulfill, you can contact us to request our help.

For me to be compliant with GDPR, I need a data processing contract from you stating you comply with the GDPR and/or that any data transmitted to your servers is done so in compliance with European law. How do I get that?

We are able to provide data processing amendments to users on active, paid subscriptions. If your account has an active upgrade, please contact us to let us know what you need.

Data Collection Questions

What data do you collect about me?

We have always tried to collect the minimal amount of data that’s necessary.

For example, when you sign up for WeWorked.com, we ask only for limited information needed to set up your WeWorked.com account. We require an email address and a username, nothing more. If you purchase a paid plan, we’ll need additional information to process your payment. You are welcome to add other information to your public profile and account settings, but we don’t require you to give us any other personal information to get your account up and running. The same principle applies to all our products and services.

Do you sell or give away my personal data?

We do not sell your private personal information.

We will share information about you in limited circumstances, and with appropriate safeguards on your privacy. You can read more details of when we share your information, and what we share, in our privacy policy.

How long do you keep logs?

Our system logs, which record information about visitors to our websites, are kept for 30 days after which they are deleted.

Where are your servers located?

Our servers are all over the world. This allows us to provide the fastest service to our users, and to the visitors viewing our users’ sites, no matter where they live. It also allows us to keep our service, and your site, running should one or more of our servers go down.

Although we have servers all over the world, at present all personal and site data is stored exclusively on US-based servers.