Workliq processes financial and operational data for CA firms, R&D labs, and SaaS RevOps teams. Security isn't an afterthought — it's tested on every deploy and audited every quarter.
Six security pillars
Every API call is scoped by `client_id` extracted from your signed JWT. Cross-tenant queries return 403 — verified by automated tests on every deploy.
TLS 1.3 in transit. Connector credentials encrypted at rest with Fernet (rotation-ready). Disk-level encryption on the host.
Every upload, query, ML run, share, and settings change written to an immutable audit_logs table with hashed IP, timestamp, and resource id. Exportable as CSV.
Workspace roles: owner / admin / analyst / viewer. A viewer can read shared datasets but cannot delete, share, or export.
Cloud AI providers only receive your natural-language question + dataset schema for that single query — never the raw rows.
Per-client sliding-window rate limits on upload, ask, ML, and external API. SQL Guard blocks non-SELECT statements, injection attempts, system table reads.
Compliance posture
| Framework | Status | Notes |
|---|---|---|
| DPDP Act 2023 | compliant | Built for India. Data residency in Bangalore. |
| GDPR-aligned | compliant | DPA available for EU customers on request. |
| SOC 2 Type 1 | in progress | Drata controls being implemented. Audit target: Q4 2026. |
| SOC 2 Type 2 | planned | After Type 1 audit pass. |
| ISO 27001 | planned | Roadmap item for enterprise customers. |
Found something? Email security@workliq.me. We acknowledge within 24 hours.
For enterprise security reviews (questionnaires, DPA, pen-test report), contact hello@workliq.me.