Security you can build on.
We take the responsibility of hosting your team's work seriously. Here's how Workspace Canvas is designed and operated today.
How we protect your data
The essentials, done properly.
Encryption in transit
All traffic is served over TLS 1.2+ end-to-end between your browser and our servers.
Encryption at rest
Data is stored encrypted at rest on managed, hardened cloud infrastructure.
Authenticated access
Email and OAuth sign-in with secure session tokens and password hashing best practices.
Granular permissions
Row-level security enforces per-user access to every workspace, page, and record.
Managed backups
Automated daily backups with point-in-time recovery on our managed database.
Reliable infrastructure
Built on a managed Postgres platform with monitored uptime and rapid patching.
Least-privilege by default
Internal access to production data is scoped, logged, and reviewed.
Transparent practices
We document how we handle your data and what changes when things evolve.
We're an early-stage product and don't yet hold formal certifications such as SOC 2 or ISO 27001. As our program matures we'll publish updates here — we'd rather be honest about where we are than claim what we haven't earned.
Report a vulnerability
If you believe you've found a security issue in Workspace Canvas, please email us before disclosing it publicly. We aim to acknowledge every report within two business days and will keep you updated as we investigate. We won't take legal action against researchers who act in good faith and follow responsible-disclosure practices.
security@workspacecanvas.com