# Security & Compliance

As WorkLyft's creators, we understand that your data is your business. That’s why our platform was designed from day one to meet modern security standards and ensure full data ownership, privacy, and regulatory readiness.

### Privacy Secured - You Own the Data

While WorkLyft is a cloud-first platform, your company retains full ownership of its data and infrastructure. You are not locked into proprietary hosting — your data stays:

* Private: You choose where and how it’s stored
* Controllable: Database access and backups are under your supervision
* Portable: No vendor lock-in or hostage-style hosting traps

### Data Privacy by Design

We follow the Privacy by Design principle in every module:

* Only essential data stored
* Role-based access ensures employees see only what is important to them,
* Sensitive fields (like salaries, contracts) are encrypted,
* Activity logs track data access and modifications
* Compliant with the latest standards: ISO 27001, GDPR-ready.

### Maintenance & Access Policies

* **Encrypted backups** and versioning supported
* Admin roles can be tightly scoped via role-based **access control** (RBAC)
* Low-code modules include custom validation and access checks

### ISO 27001 Certified Processes

Our company is ISO 27001 certified, meaning we operate under globally recognized information security practices. This includes:

* Risk and threat assessment
* Data classification and encryption policies
* Secure development lifecycle (SDLC)
* Access control and audit logging

### Local & External System Integrations

We support secure integrations with:

* External accounting systems and services
* **JIRA**, **YouTrack and other tracking tools** (for time reporting)
* **NBP** (currency quoting)
* **KSeF** for Poland-based clients.
* **Others** via **secure** **API** and webhook access

All integrations follow authenticated, auditable flows — never exposing direct data endpoints to unauthorized tools.

> Your data - and so your company is safe with WorkLyft.