Security and trust at WoneShield

Our platform is engineered with security as the foundation: encryption in transit and at rest, strong and multi-factor authentication, least-privilege access, multi-tenant isolation enforced at the database layer, continuous monitoring, immutable audit logging, and a documented incident-response process. We dogfood our own platform on our own infrastructure before features ship.

Sovereignty is a feature we sell, not a limitation we accept. Customer data is hosted in the region selected for your tenant, and we contractually limit cross-border access. Where transfers are necessary, we apply appropriate safeguards such as standard contractual clauses.

WoneShield maps controls to leading frameworks — including ISO 27001, ISO 22301, SOC 2, NIST, CIS, PIPEDA and Quebec Law 25 — and continuously evidences them within the platform. Current certification status and reports are available to customers and prospects under NDA on request.

We use a limited set of vetted sub-processors to operate the service, each bound by written data-protection obligations. A current list is available on request and referenced in our Data Processing Addendum.

We welcome reports from the security community. Please review our security.txt and email security@woneshield.com. We commit to acknowledging valid reports promptly and working in good faith toward resolution.

Privacy Policy · Terms of Service · Data Processing Addendum · System status

For security questionnaires, audit reports or a copy of our DPA, contact security@woneshield.com.