General Data Protection Regulation (GDPR)

Last updated: August, 2025

Workforce.com and the GDPR: Our commitment to our customers’ privacy

Workforce.com is committed to comply with and respect the General Data Protection Regulation (GDPR), which went into effect on the 25th of May 2018. This regulation represents some of the most significant changes to privacy legislation in recent times. Its intent is to give European citizens more control over their personally identifiable information (PII).

What Workforce.com is doing

  • Upfront and ongoing audits of our third parties and sub-contractors to assess what customer information they receive and ensure they do not compromise our compliance status
  • Development of internal policy relevant to breach notification for the various markets we operate within
  • Appointment of a privacy officer to ensure that these matters are given priority internally as well as provide our customers a point of contact for relevant issues
  • Engaged in an ongoing capacity with third party security auditors to continually invest in our technical measures to both preempt and prevent a breach of customer data
  • We’ve undertaken training led by privacy office to ensure all arms of our business across our various offices are aware of our obligations to you as a customer and how we might help you with any concerns you may have
  • Deployed and maintained a separate set of technical infrastructure in the European Economic Area

Security Measures

Below is a summary of security measures that Workforce uses to keep your data safe.

  • Infrastructure & Network Security - Workforce uses AWS hosting services to host the platform across our EU, US and APAC based data centers and comply with industry best practice for securing our application from external attacks
  • Application Security - Workforce runs both automatic and manual security reviews of the application source code which are checked for vulnerabilities and we employ a continuous penetration testing protocol to discover and fix vulnerabilities in the application.
  • Identify & Access Management - Workforce ensures access to the system is restricted to individuals with the correct level of access and implements a strong password policy as well as two factor authentication, both internally and externally to our clients.
  • Security Monitoring - Workforce has implemented a monitoring system that logs and reports suspicious activity on the platform. Suspected or reported incidents are investigated by security personnel and appropriate steps are taken to minimize damage or unauthorised disclosure.
  • Governance, Risk & Compliance - Workforce has implemented a governance process which includes periodic audits and risk assessments. We also maintain a SOC2 certification and comply with audit and governance procedures under that framework.

Subprocessor Information

Workforce.com currently uses third-party Subprocessors to provide our service and support our customers. Before engaging any Subprocessor, Workforce.com evaluates their privacy, security, and confidentiality practices, and executes an agreement implementing it's applicable obligations.

This section contains information about the identity, role, and location of each Subprocessor.

Entity Name Subprocessing Activity Data Location Company Region
Aircall Hosting Services (Call Recordings & Voicemails) Germany or Australia
Amazon Web Services Hosting Services Germany or Australia
Anthropic, PBC AI Processing United States
Canny Customer feedback management United States
Chargebee Customer Billing United States
Dekra Customer support services Croatia
Flip Internal communications platform Australia
Github Version Control United States
Gong Meeting recording software United States
Google Workspace File hosting Australia
Intercom Livechat, email, help site United States
Justcall Cloud-based business phone system (voice, SMS, AI, automation) United States
Linear Project management and issue tracking United States
Mailtrap Email Testing United States
MasterTax Payroll tax compliance software United States US Only
Metabase Event analysis United States
Open AI, LLC AI Processing United States
TalkDesk Call centre software United States
TaxBandits Tax Filing Solution (US Payroll Customers only) United States US Only
TaxStatus US Tax Record Service (US Payroll Customers only) United States US Only
Twilio SMS Gateway United States
Xero Accounting (Billing contacts only) Australia
Zapier Integration software United States

Workforce.com and Tanda affiliate sub-processors

Entity Name Subprocessing Activity Data Location Company Region
Caerus Corp Pty Ltd Software development and support Australia
EPI Capital Pty Ltd (t/a Tanda) Software Development & Support Australia
Liezl Swart Software development and support South Africa
Payroll Near Me Payroll processing services United Kingdom UK Only
Tanda Workforce Solutions Customer support services Philippines
Workforce.com Inc Software Development & Support United States