wayflyer logo

    Keeping your data safe

    You trust us with sensitive information about your business and we appreciate how important it is to look after it properly. Here’s how we make sure your information is used and seen only by the people who need to see it.

    Certifications and best practices

    We follow information security best practices, and use third-party services to confirm what we’re doing is effective.

    SOC 2 Type I
    SOC 2 Type I

    SOC 2 Type I

    Wayflyer Limited has obtained the AICPA’s SOC for Service Organizations, SOC 2 Type I. We were audited by Prescient Assurance. Our SOC 2 Type I report can be requested by emailing security@wayflyer.com.

    Continuous monitoring‍

    We use Vanta to continuously monitor our production and corporate infrastructure.

    Accredited hosting‍

    We host our platform on AWS and use accredited AWS services.

    Penetration testing ‍

    Our products and services are tested through external penetration tests performed by third-party security companies.

    SSL/TLS A Rating‍

    The Wayflyer application is TLS/SSL-only and scores an A rating on Qualys SSL Labs Test.

    CSA Star Program Member‍

    We have completed the Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ).

    The questionnaire has been uploaded to the STAR Registry and can be reviewed here.

    Key security features

    Technical security controls

    • Access control lists (ACL), intrusion detection and prevention (IDS/IPS), and web application firewalls (WAF)
    • Managed employee devices (MDM, Anti-malware)
    • Data anonymization
    • Encryption (at rest and in transit)
    • Logical access control (granular privileges), and multi-factor authentication (MFA)
    • Logging and monitoring
    • Vulnerability management program

    Organizational security controls

    • Information security policies
    • Personnel awareness and training
    • Business resilience planning (disaster recovery and business continuity)
    • Data processing agreements (DPA)
    • External penetration testing
    • Secure development lifecycle (SDLC)
    • Third-party vendor risk management

    Any questions?

    If you have any questions about the above or anything else about security at Wayflyer, we’d be happy to answer them. Contact security at Wayflyer