By using this application, you accept our Privacy Policy and Terms of Service, and the use of cookies for an enhanced user experience.

Security & Privacy

We know you've entrusted us with valuable data, and we take its security very seriously. Below, we've provided a deep dive into our security practices, protocols and tooling.

  • We use TLS everywhere, within the data center and out.
  • Your data is encrypted at rest and in transit.
  • We run 100% on the cloud using AWS (US-West) within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers.
  • We have Amazon CloudTrail and Server side logging turned on at all times.
  • All employees receive regular security training.

Data encryption

WorqHat has you covered with industry-tested and accepted standards of encryption. WorqHat uses TLS 1.2 to encrypt network traffic between users' browsers and the WorqHat platform. WorqHat also uses AES-256 bit encryption to secure your database connection credentials and data stored at rest. Communications over the internet to our public cloud services are encrypted in transit. Our network and infrastructure have multiple layers of protection to defend our customers against denial-of-service attacks.

Secure, Reliable infrastructure

WorqHat works with Amazon Web Services (AWS) data centers for hosting. AWS data centers are monitored by 24X7 security, biometric scanning, and video surveillance. We take every step to ensure your data is always safe and secure.

Operational and Device Security

We develop and deploy infrastructure software using rigorous security practices. Our operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365. Identities, users, and services are strongly authenticated. Access to sensitive data is protected by advanced tools like phishing-resistant security keys.

We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices.

  • Amazon Web Services
  • Google Cloud
  • Segment
  • Crashlytics
  • Intercom
  • Snowflake
  • Stripe

Two Factor Authentication

Your WorqHat account and Workspaces benefit from an additional layer of protection thanks to two-factor authentication (2FA). Others would need your login, password, and access to your second factor of authentication in order to log into your account.

  • One-time passwords dependent on time (TOTP). WorqHat asks you for a code when you sign in when it is activated. Your one-time password authenticator (for instance, a password manager on one of your devices like Google Authenticator or Microsoft Authenticator) generates codes.
  • To log in, time-based one-time passwords (TOTP) are provided to the registered mobile number
  • If you set up a TOTP based on a mobile number, you should also set up a TOTP based on a password manager so you can still get into your account if you misplace the device.

Frequently asked questions

Will other people be able to see my pages?

Your data is safe in WorqHat! If someone tries to navigate to your workspace without having access, they’ll see a page that lets them know that they do not have the correct permission state to access that content. If you enable Share to web in the Share menu at the top right of a page, it will publish that page to the web so that anyone with the link can access it. This is always turned off by default. If you’re sharing a workspace with others, some pages will be visible to everyone in the workspace, or specific groups of people — this is based on the permissions you see in the Share menu at the top right of the page. Use the Private section of your sidebar for pages that you don’t want to share with other workspace members. To learn more about sharing & permissions, read this article from our Help Center.

Can I opt out of WorqHat's tracking/analytics?

Yes you can! This will also disable Intercom, who powers our in-app support chat, and most of the crucial features required for the Platform to function, but you can still reach out to us for help at Just send a message to our support team at that address and we'll opt you out.

Why can I still access my uploaded files via the AWS URL without being logged in?

Your files are secure! You're looking at a signed URL that will expire after 24 hours. Any files uploaded to WorqHat will remain secure private files. You'll notice they point to a URL that has inside it. For workspace exports, the link we email you will expire after 7 days unless specified otherwise.

My browser alerted me that WorqHat is using trackers. What do these trackers do?

We use tracking code in order to effectively run our AI Models and offer you a better and secure service. The trackers are in place to help us understand how our users are using our product, and to help us improve our product. We use this information to improve our Products and Services.