WorkSpan Trust Center

The Workspan Promise:

As fellow alliance professionals, we understand that TRUST is the most critical part of being successful when going to market with your partners. This requires exceptional care and attention to detail when protecting your data—a responsibility we take very seriously.

So here’s our promise to you:

WorkSpan’s #1 priority has always been—and continues to be—making sure your experience is as safe and secure as possible, providing you with the information and control to feel comfortable running end-to-end alliance initiatives across company boundaries. This Trust Center ensures you’ll always have access to our latest security, compliance, legal, and privacy information—with the ability to contact us regarding any questions or concerns.

But we didn’t stop there. WorkSpan’s groundbreaking security technology, Attribute Based Access Control (ABAC), lets you intuitively identify what you want (and don’t want) to share—with which people, which companies, and when. No complicated legal jargon or confusing user experiences. Just simple, straightforward security and privacy controls at your fingertips.



We know that developing awesome technology does not matter if it cannot be trusted. Providing you with a safe and secure platform to work with your partners is paramount to our mission. To that end, WorkSpan has achieved stringent standards in industry-wide accreditation. We are proud to be awarded SOC 2 Type I certification. WorkSpan has taken another step towards raising the bar for customer protection, safeguards, and industry best practices.

Our certification means that you can foster deep and meaningful interactions with your partners because everyone has an elevated level of trust in the security underpinning the system. WorkSpan is committed to focusing on the safety of the data so that you can focus on innovative ways to partner with your ecosystem.

SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, and confidentiality.

WorkSpan stringently adheres to AICPA’s Trust Service Principles. Our SOC 2 report is unique to our business practices. WorkSpan undergoes a regular third-party audit to certify individual products against this standard.

Our SOC 2 Tenets


WorkSpan takes immense pride in ensuring that we continue to meet our business objectives based on contracts and Service Level Agreements (SLAs). We take stringent measures, including disaster recovery, incident management, and change management, to ensure the operational readiness of information and systems.


Security is serious business at WorkSpan. We are committed to the protection of information and systems resources against unauthorized access, theft, or misuse of the software. We enforce cutting edge protective measures, including multi-factor authentication, intrusion detection, and network/application firewalls. 


If data can be accessed and disclosed only to a specific set of persons or organizations, then it is confidential. WorkSpan enforces rigorous safeguards to ensure that your confidential data stays that way. We bring to bear fail-secure guards including attribute-based access control and data encryption.

A SOC 2 report is ideal for SaaS and cloud service organizations that want to assure customers that their information is secure and will be available whenever needed. A SOC 2 report also helps organizations to establish the effectiveness of any controls that may be required by their governance process. Enterprises view SOC 2 compliance as a critical requirement when considering a SaaS provider. We cannot overstate the importance of WorkSpan attaining this certification.

For more information on WorkSpan’s SOC 2 certification, please send an email to



WorkSpan is certified to be SOC 3 compliant. SOC 3 reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2® Report. Because they are general use reports, SOC 3® reports can be freely distributed.

WorkSpan SOC 3 Report – Download here

We take GDPR seriously.

WorkSpan stringently adheres to all GDPR tenants.

1. Right to access:

You can access your personal profile and communication preferences via a secure page on WorkSpan.

2. Right to rectification:

You can update your personal profile and communication preferences via a secure page on WorkSpan.

3. Right of erasure:

You can request that we erase some or all of your personal data from our systems.

4. Right to portability:

You can request an export of your personal data.

5. Right to object:

You can contact us to let us know that you object to the further use or disclosure of your data for certain purposes.

WorkSpan can provide evidence for GDPR compliance—including requests for access of profile information, rectification, erasure, and portability requests. You can make a request to

Data security with zero compromises.

WorkSpan has advanced data security strategy, capability, & policies in place.

Q: How safe is my data?

A: Access to your data is defined by attribute based access controls—allowing users, owners, and admins to have fine grained application access control far more advanced than traditional role based applications security models.

Data is stringently protected via encryption:

  • Data in flight is secured via 128 bit TLS 1.2 using AES_128_GCM with ECDHE_RSA key exchange.
  • For Data at rest, each cloud storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128).

WorkSpan policies for its internal employees ensure safe and compliant handling of user data.

Q: What is the retention period for data in the system?

A: Application data related to company’s use of information is subject to company’s data retention policies. Data can be permanently deleted at user or company request. User’s personal data is removed after user is no longer part of WorkSpan.

Q: Do you have a data protection officer? If no, who is responsible for the GDPR Compliance function?

A: Yes, WorkSpan’s Chief Information Security Officer, Milind Joshi, is our data protection officer and responsible for GDPR compliance.

Q: Can I access the WorkSpan application from any region or geography?

A: Absolutely. You can access the WorkSpan application from anywhere in the world with secure credentials.

Q: Does WorkSpan give me the capability to selectively share information with my partners?

A: With WorkSpan, you can easily enforce your company’s data privacy and access policy uniformly across all partner facing teams. You can share the data at a record level, and further restrict access at a field level in a shared record:

  • Record Level: Selectively share specific records with your partner companies, specific users in the partner companies, or within your company.
  • Field Level: WorkSpan’s extensible architecture enables you to add shared and private fields. Private fields are only viewable to people in your own company. Shared fields allow you to share the data with your partner teams.

Q: Where is my data stored in WorkSpan?

A: Customer data is stored in secure enterprise-grade public clouds such as Google Cloud, Microsoft Azure, and Amazon Web Services.

Q: How do I set the controls for who can share my data?

A: WorkSpan provides three modes for sharing: Owner Mode, Partner Mode, and Network Mode. These modes are set at a record level. Only Owners can set the sharing mode.

  • Owner Mode: Most restrictive mode, where only the owner can share the data.
    • Example: Only the owner can add new users or companies, and set the company flags for employees to find and request to join.
  • Partner Mode: Delegate the sharing to other member users, facilitating seamless collaboration.
    • Example:All members can share with new users and companies. However, they can only grant access level equivalent to or below the access level that the member has.
  • Network Mode: Broadcast to all companies on the network.
    • Example: All members can share with new users and companies. However, they can only grant access level equivalent to or below the access level that the member has. In addition, any user from any company on the WorkSpan Network can discover and request to join.

Your privacy will always be protected.

WorkSpan goes the extra mile to protect your data privacy.

Q: Does the system receive personal data from another system—if so, which?

A: WorkSpan does not receive personal data from another system.

Q: What categories of processing are performed on personal data and for what purpose?

A: We process personal data to operate, improve, understand, and personalize our services. For example, we may use personal data to:

  • Create and manage user profiles
  • Communicate with you about the services
  • Enable communication and collaboration between users of the services
  • Contact you about service announcements, updates, or offers
  • Provide support and assistance for the services
  • Provide your employer or sponsoring organization with information about your usage of the services
  • Personalize content and communications based on your preferences
  • Meet contract or legal obligations
  • Respond to user inquiries
  • Fulfill user requests
  • Comply with our legal or contractual obligations
  • Resolve disputes
  • Protect against or deter fraudulent, illegal, or harmful actions
  • Enforce our Terms of Service

Q: What categories of personal data are processed?

A: WorkSpan collects personal data about you when you provide such information directly to us, when third parties such as our business partners or service providers provide us with personal information about you, or when personal data about you is automatically collected in connection with your use of our services. WorkSpan applications use your:

  • Name (required)
  • Work email address (required)
  • Profile picture (optional)
  • IP address
  • User added content (which may include personal data if you include personal data in such content)

In addition, via the WorkSpan website, if you sign up for a newsletter, event, webinar, etc. you may volunteer to provide telephone and physical address as needed.

Q: Does the personal data include special category data? Does the personal data include criminal convictions and offenses? If “Yes” please provide details.

A: No special, sensitive data (e.g. race, ethnicity, gender, trade union, health, sexual preference), or criminal convictions are ever captured on WorkSpan.

Q: Does the system provide a privacy statement or notice?

A: Yes, WorkSpan provides a privacy statement. Please find a copy here.

Q: Where can I find my user agreement?

A: You can find the user agreement at sign up and in your personal profile page. Please find a copy here.

Q: How does WorkSpan communicate MDF terms and conditions with partners?

A: In your WorkSpan instance, navigate to the strategy tab on the Programs page. At the bottom of this page, you can find the program policy documents. Similarly, the Campaigns tab has a section at the bottom of the page containing program policy documents for that particular program.

Q: Is an information security risk assessment performed at a planned interval or upon significant organizational, IT, or other relevant changes? Are documented risk assessment results retained?

A: Yes, information security risk assessment is performed annually and after every major change. Risk assessment is presented to the leadership team for discussion and action.

Q: Does your organization provide information security awareness training to employees and relevant third-party contractors upon hire, and at least annually thereafter?

A: Yes, WorkSpan treats security and privacy as a top priority and conducts awareness training for employees and contractors annually and upon hire.

Q: Does your organization define capacity requirements and monitor service availability?

A: WorkSpan monitors services availability and capacity in real-time, and auto provisions for higher availability for peak performance and failover.

Q: Does WorkSpan provide an audit trail for all activity?

A: Absolutely. WorkSpan has an “always on” audit trail that gives you accurate and reliable information at all times of who did what and when in the system.

Q: Can I remove or replace an existing user profile from the WorkSpan system?

A: Yes. An existing user can be removed from every WorkSpan object with a single click. It’s just as quick and easy to remove a user as it is to replace an existing user with another in the system.

Questions? We're here for you.

Create A product first!

Create a product first please!