Scroll Top

Security and Privacy at Wiiisdom

At Wiiisdom, we prioritize security and compliance. We implement and monitor policies and controls to ensure the safety of our customers’ and employees’ data.

Our approach is built on three key pillars:

icon-acess-control

Strict Access Control

Access is regulated based on the principle of least privilege.

icon-security-control

Comprehensive Security Measures

Security controls are applied across all areas of the company.

icon-security-continuous-improvement

Continuous Improvement

Policies and controls are iteratively developed to continuously enhance their effectiveness.

footer-home-benefits

Security and Compliance at Wiiisdom

To demonstrate our commitment to security and compliance, we maintain a SOC2 Type II attestation. You can access our SOC2 Type II report in our Trust Center.

icon-soc-compliant

Wiiisdom contractually commits to comply with EU and US laws with GDPR, CCPA and applicable local data protection regulations.

icon-ccpa-gdpr

Data Protection

icon-secure-storage

Data at Rest

All data storage systems are encrypted at rest. Sensitive data undergoes additional encryption at the field level, ensuring that neither physical nor logical access to databases is sufficient to read the information.

icon-secure-data-transit

Data in Transit

Wiiisdom employs TLS 1.2 or higher for all data transmissions over potentially insecure networks. We utilize features such as HSTS to enhance the security of our data in transit. Server TLS keys and certificates are managed by Azure and deployed via a CDN.

icon-encryption-keys

Secret Management

Encryption keys are managed through Azure Key Vault, which stores key material in Hardware Security Modules (HSMs). This prevents direct access by any individuals, including employees of Microsoft and Wiiisdom. The keys stored in HSMs are used for encryption and decryption via Microsoft APIs. Application secrets are encrypted and securely stored via Azure Key Vault, with access to these values strictly limited.

footer-home-intro

Product Security

icon-menu-services

Penetration Testing

Wiiisdom conducts penetration testing to ensure the security and resilience of its applications and systems. These tests are performed internally at least twice a year, following OWASP standards, including the Web Testing Guide v4.2 and ASVS.

The goal is to identify and assess vulnerabilities that could affect the integrity, confidentiality, and availability of data and services provided by Wiiisdom’s applications. Additionally, Wiiisdom engages a penetration testing firm to scan externally facing assets. More information and test results can be found on our Trust Center.

icon-audit-solution

Vulnerability Scanning

Wiiisdom’s Secured Software Development Lifecycle (SSDLC) incorporates vulnerability analysis at multiple stages of the cycle.

We perform:

  • Static Application Security Testing (SAST) at the pull request level.
  • Software Composition Analysis to detect and address vulnerabilities in third-party dependencies.
  • Dynamic Application Security Testing (DAST) on live applications.
banner-wiiisdom-soc-2-type-2-certified

Wiiisdom is SOC 2 Type II certified

Read more

Privacy Policy and Code of Ethics

Visit our Trust Center here. | View our Supplier Code of Ethics here. | View our Terms of Service and Privacy Policy here.

footer-section-img

Wiiisdom is proud to be sponsoring Tableau Conference 2025! 🚀
Discover what we've got planned 👉 Learn more ➡

X