Security & Operations
Transparent security practices and operational standards for our construction management platform
As a Danish company developing construction management software, we are committed to building security and operational excellence into our platform from day one. This document outlines our approach to protecting your data and ensuring reliable service.
Company & Responsibility
Data Controller
Company: Workload ApS
Address: Denmark
CVR: DK43141821
Website: workloadonline.com
Contact Information
All inquiries: support@workloadonline.com
General: info@workloadonline.com
1. Our Security Approach
As a small Danish company built by contractors for contractors, we take a practical and transparent approach to security:
1.1 Security by Design
- Built-in Protection: Security considerations integrated from the first line of code
- Modern Standards: Following current industry best practices for web application security
- Regular Updates: Continuous security monitoring and timely updates
- Third-party Services: Leveraging proven security infrastructure from established providers
1.2 Realistic Security Measures
We implement security measures appropriate for our size and stage:
- Data Encryption: All data encrypted in transit (HTTPS/TLS) and at rest
- Access Controls: Multi-factor authentication and role-based access
- Regular Backups: Automated daily backups with geographic distribution
- Monitoring: 24/7 automated monitoring for security threats and unusual activity
Pre-Launch Security Framework
We are currently implementing our security framework in preparation for our summer 2025 launch. This document reflects our planned security measures, which will be fully operational before accepting customer data.
2. Data Protection
2.1 GDPR Compliance
As a Danish company, we are fully committed to GDPR compliance:
- Legal Basis: Clear legal basis for all data processing activities
- Data Minimization: We only collect data necessary for platform functionality
- Purpose Limitation: Data used only for stated purposes
- Storage Limitation: Data retained only as long as necessary
- Your Rights: Full support for all GDPR data subject rights
2.2 Data Security Measures
- Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
- Access Controls: Strict access controls with principle of least privilege
- Audit Logging: Comprehensive logging of all data access and modifications
- Data Backup: Regular encrypted backups stored in multiple locations
- Secure Deletion: Secure data deletion when retention periods expire
2.3 Third-Party Data Processors
We carefully select and monitor third-party services:
- Cloud Infrastructure: EU-based cloud providers with GDPR compliance
- Email Services: Professional email services with encryption
- Analytics: Privacy-focused analytics tools (no personal data tracking)
- Contracts: Data Processing Agreements (DPA) with all processors
3. Infrastructure & Operations
3.1 Hosting & Infrastructure
- European Hosting: All data hosted within the European Economic Area
- Reliable Providers: Using established cloud infrastructure providers
- Redundancy: Multi-zone deployment for high availability
- Monitoring: 24/7 automated monitoring and alerting
3.2 Service Availability
- Reliable Service: Targeting high availability with minimal downtime
- Fast Performance: Optimized for quick page loads and responsive interactions
- Email Support: Responsive support during business hours
- Maintenance Notice: Advance notification for planned updates
3.3 Backup & Recovery
- Daily Backups: Automated daily backups of all customer data
- Geographic Distribution: Backups stored in multiple European locations
- Retention: 30-day backup retention with longer-term archival
- Testing: Regular backup restoration testing
- Recovery: Target recovery time of 24 hours for major incidents
4. Incident Response
5.1 Security Incident Response
- Detection: Automated monitoring systems detect potential security threats
- Response Time: Security incidents assessed within 4 hours
- Investigation: Thorough investigation of any confirmed incidents
- Notification: Customers notified within 72 hours if personal data is affected
- Reporting: Incidents reported to relevant authorities as required by law
5.2 Operational Incident Response
- Monitoring: 24/7 automated monitoring of system health
- Alerts: Immediate alerts for service disruptions
- Communication: Status updates during incidents
- Recovery: Rapid recovery procedures to minimize downtime
- Post-Incident Review: Analysis and improvements after each incident
Emergency Contact
For urgent security matters or suspected data breaches, contact us immediately:
5. Transparency & Compliance
6.1 Regular Reviews
- Security Assessments: Quarterly review of security measures
- Policy Updates: Regular updates to security and privacy policies
- Staff Training: Ongoing security awareness training for team members
- External Reviews: Planned third-party security assessments
6.2 Compliance Framework
- GDPR: Full compliance with European data protection regulations
- Danish Law: Compliance with Danish privacy and business regulations
- Industry Standards: Following construction industry best practices
- Documentation: Comprehensive documentation of all security measures
6.3 Customer Rights
As our customer, you have the right to:
- Data Access: Request access to your personal data
- Data Portability: Export your data in standard formats
- Data Correction: Request correction of inaccurate data
- Data Deletion: Request deletion of your personal data
- Processing Restriction: Request limitation of data processing
Questions About Security?
We're committed to transparency about our security practices. If you have questions or concerns:
Last updated: December 2024
This document will be updated as we approach our summer 2025 launch and implement additional security measures.
Start today and launch your success right away.
Workload.
Kickstart your next project with Workload – your shortcut to clarity, efficiency, and growth.
Quick Links