At Office Hours, we take your safety, security and privacy very seriously, so we follow best-in-class security practices.

Security Practices
  • Data encryption at rest: all databases and backups are encrypted at rest.
  • Secure development: we follow OWASP-endorsed best practices and conduct regular secure coding training and code audits.
  • Penetration testing: we conduct regular third-party manual penetration testing, as well as vulnerability scanning, to ensure our application and systems are secure.
  • Server security: all data is hosted on servers in highly-secured US data centers that are SOC 1, SOC 2 and ISO 27001 certified.
  • Personnel security: we conduct regular security awareness training sessions with all employees, and have established policies and technical controls that ensure access to customer data is restricted and secure.
  • Monitoring and alerts: we utilize state-of-the-art monitoring and alerting tools to make sure any security threats or human-error vulnerabilities are quickly detected and remediated.
  • Certified compliance approach: we are SOC 2 Type II certified and run regular audit processes in order to maintain strong security, privacy, confidentiality, and data integrity.

Secure Bug Reporting and Bounty Program
  • Reporting security bugs or concerns:  We offer our bug reporting program in order to further improve our security and provide a safe pathway for security researchers to communicate with our security team regarding any potential bugs.  If you have found a potential security issue that you believe we should know about, please reach out. Your efforts may be eligible for public recognition or a monetary reward.