Worknilo
Get started

TRUST & SECURITY

Security at Worknilo

Last updated July 2026

Encryption

We protect your data at every layer of the stack:

  • All data in transit is encrypted with HTTPS (TLS 1.2+).
  • All data at rest is encrypted using AES-256.
  • Sensitive fields (SIN, bank account numbers, emergency contacts) are encrypted at the column level using Vault-backed key management.

Audit logging

We maintain detailed logs to ensure accountability and detect suspicious activity:

  • Authentication events (sign-in, sign-up, password reset, account deletion) are logged with actor, target email, and outcome.
  • Platform-level administrative actions (org suspension, billing changes) are recorded in the platform audit log.
  • Payroll payout history includes staff-level details for reconciliation and compliance.

Regulatory compliance

Worknilo aligns with data protection regulations across multiple jurisdictions:

  • GDPR (EU) — Right to access, erasure, portability, and objection. Incident response and 72-hour breach notification preparedness.
  • PIPEDA (Canada) — Breach of Security Safeguards notification requirements. Clear retention schedules and data minimization.
  • CCPA (California) — Right to know, delete, and opt-out. No sale of personal information.

Incident response

We maintain a documented incident response plan covering detection, containment, notification, and post-mortem. In the event of a data breach, affected parties and relevant authorities are notified per the applicable regulatory timelines.

Questions

Have questions about our security practices? Contact our team.

Security — Worknilo · Worknilo