Security & Privacy

At Office Hours, we take your safety, security and privacy very seriously, so we follow best-in-class security practices.

  • Data Security Practices. Office Hours follows industry best practices to ensure strong data security throughout our platform. We enforce strict access-control across our applications and infrastructure, and embrace least-privilege permissioning with our personnel and verified third-parties.

  • Privacy and Data Ownership. Your Office Hours account belongs to you — we do not sell or rent your information, and we do not help third parties’ attempts to advertise to you.

  • Certification. Office Hours is certified SOC 2 Type 2 compliant, meaning our security controls and policies meet high industry-set standards. We are committed to compliance with privacy regulations and standards.

  • Secure Infrastructure. Office Hours sets strong data privacy and security standards for our secure infrastructure. Our applications and systems receive external penetration testing from leading security partners, and our security team runs continual vulnerability testing and code audit processes.

  • Encryption and Secure Development. Office Hours encrypts all data both at rest and in transit. Industry-leading processes and tools are implemented throughout our software development lifecycle, including dynamic and static vulnerability testing (”DAST” and “SAST”).

  • Secure Hosting. Data on Office Hours is hosted in highly-secured AWS data centers located inside the United States that are certified SOC 2 compliant, ensuring continual data availability and reliable security.

  • Organizational Information Security. All Office Hours personnel have completed background checks and are trained in information security and operational security, including regular re-training on the latest security research to address novel cybersecurity targets and modes of attack. All devices that can access corporate data are subject to strict security controls and monitoring.

  • Vendor Policy. All third-party vendors are vetted and regularly re-audited to meet Office Hours’ security and privacy standards. All personal information is removed from third-party systems upon request or once it is no longer necessary.

  • Secure Bug Reporting and Bounty Program. Office Hours provides a safe pathway for security researchers to communicate with our security team regarding any potential bugs. If you have found a potential security issue that you believe we should know about, please reach out. Your efforts may be eligible for public recognition or a monetary reward.