Information Security Management Program at WAIR

This document declares the WAIR Information Security Management Program.

Security at WAIR

Cloud Security Architecture

WAIR hosts its software on AWS Cloud Services, which means that as a WAIR customer you’ll inherit the robust standards of cloud security maintained by AWS, which WAIR builds on top of for its own security best practices. WAIR also uses industry best practices for the development and testing of the WAIR application, ensuring that code quality meets our standards before becoming part of a WAIR release.

Cloud Infrastructure

AWS facilities

The WAIR application is managed on AWS facilities which comply with over 50 data security certifications, regulations, and frameworks. Physical security is managed by AWS, with facilities monitored by video surveillance and intrusion detection systems.

Physical separation of data

The WAIR application is hosted in a single-tenant environment physically separating the instances of WAIR customers from each other. The WAIR application is hosted in a single tenant AWS Availability Zone (AZ) environment by default.

Data Security Architecture

WAIR follows AWS best practices for security architecture. Architecture is designed to minimize attack surface and automate configuration management to ensure consistency.


WAIR employs a Cloud-based distributed backup framework for all customer data.

Availability and durability

The WAIR application is hosted in a variety of different AWS data centers.

Monitoring & Authentication

Network and application vulnerability scanning

WAIR’s front-end application and back-end infrastructure are scanned for known security vulnerabilities at least monthly.

Centralized logging

Logs across the WAIR production and corporate environments are collected and stored centrally for monitoring and alerting on possible security events.

Reputation monitoring/threat intelligence

Collected logs and network activity are checked against commercial threat intelligence feeds for potential risks.

Anomaly detection

Anomalous activity, like unexpected authentication activity, triggers alarms.

Data Security Encryption

AES encryption

Locally-stored sensitive application data, including database connection configurations and cached query data, is encrypted and secured using AES encryption.

Secure credential storage & encryption

Native usernames and passwords are secured in Auth0 using best-in-class security measures.

TLS encryption

Data in transit is encrypted and secured from the user's browser to the application via TLS.

Product Security


Code development

Code development is done through a documented SDLC process that includes guidance on how code is tested, reviewed, and promoted to production.

Peer review and unit testing of code

Code is peer reviewed before being committed to the master code branch of the WAIR application. Functional and unit tests are performed using automated tools.

Routine developer training

Developers are regularly trained on secure coding practices.

Code quality tests

WAIR utilizes automated tests specifically targeting injection flaws, input validation, and proper CSRF token usage.

Two-factor authentication

Ability to use two-factor authentication is currently in development and will be available in the upcoming months.

Corporate Security

WAIR has robust security protocols that are meant to secure WAIR office spaces and materials that contain sensitive information. WAIR also values properly vetting and training staff to ensure that there is an organization-wide appreciation for data security.

For more information about how we work with your data, see WAIR's Privacy Policy

Personnel & Third Parties

Security organization

Led by the Chief Technology Officer (CTO), WAIR has established an information security function responsible for security and data compliance across the organization.

Policies and procedures

WAIR has implemented various security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities.

Confidentiality agreements

New contractors and employees are required to sign confidentiality agreements.

Security awareness education

WAIR’s new hires complete security training as part of their initial training with the company. Employees receive routine security awareness training and confirm adherence to Company security policies. WAIR employees are reminded of security best practices through informal and formal communications.

Vendor management

WAIR maintains a vendor management program to ensure that third parties comply with an expected level of security controls.

Risk management

WAIR maintains a robust security risk management program. Our CTO leads a quarterly meeting to address security initiatives with respect to risk management.

Incident Response


WAIR’s Security and Operations team is available to respond promptly to security alerts and events.

Policies and procedures

WAIR maintains a documented incident response plan.

Incident response training

Employees are trained on security incident response processes, including communication channels and escalation paths.

WAIR Hardware

Laptop protection

Laptops have encrypted hard drives and are protected with sign-on password. Additionally, an AV solution is installed on laptops to protect against malware and monitor for possible security events.

Data Security, Privacy & Compliance

One of the priorities of WAIR’s security practices is to ensure that use of your data is transparent, safe, and respectful. To that end, WAIR performs assessments and ensures that risks are appropriately being mitigated and that controls are designed and operating correctly.

Please consult WAIR’s Privacy Policy for more information.