Security

We’re often asked about our information security practices and how we protect your data. We can’t dive too deep into the secret sauce, but we’ve included answers to some of our most asked questions to reassure you that we take yours, your employee, and our data security seriously.

How we protect your data

ISO 27001 certification

We’re ISO 27001 certified. That means all our people and processes comply with internationally-recognised standards to process and protect all data.

Weekly10 ISO 27001

Data hosting and back-up

We use Microsoft Azure to host staging and production environments. That means we have access to data centres located globally (UK, US, EU and Asia) which allows you to choose where your data is stored. All data has minute by minute backup and data replication.

Data handling and GDPR

As a UK-based company, we’re strict about GDPR. All our employees are trained on the proper processes and procedures for handling different types of data. They complete regular security and data handling training to stay ahead of new security threats and understand what to do if they do happen.

Data access

The only employees with access to your data are those whose role requires it to support you as a customer. Those employees use strong passwords and multi-factor authentication.

Platform security and architecture

Our platform developers use the best available tech to improve user experience and security. All new features and code are peer-reviewed and then human and auto-tested for function and security risks. We’re proactive when it comes to security risks and deploy patches as quickly as practical and use external penetration testers to verify software security. All data that passes between you and us is sent via HTTPS. Data stored on our databases is encrypted to bank grade TLS 1.2.

Payments

All payments are handled by our PCI Level 1 compliant payment provider and never hit our servers.

How you can protect your data

Use Single Sign On (SSO) to access Weekly10

Weekly10 is available through Microsoft Teams as part of all paid and free plans. We encourage users to sign in using SSO. This reduces a user's tech-stack and also prevents against unauthorised access.

Manage users with Microsoft Active Directory or Google Directory

When detail-heavy processes rely on humans, errors can creep in. Use a corporate directory – Microsoft Entra ID (formerly known as Microsoft Azure Active Directory) or Google Workspace Directory – to add, update, remove or delete users automatically. This prevents leavers being able to access their Weekly10 account, but also means user data has a single source of truth and is less likely to contact contradictory information.

Security logs

Weekly10 automatically logs any activity or changes on user profiles. Company administrators can audit these through profile settings.

Understand your privacy settings

Each customer has their own privacy settings. If you’re unsure of your company’s settings, please contact your customer success partner on support@weekly10.com

Report security threats

If you’re concerned about a potential security or data risk within Weekly10, email security@weekly10.com.