Wrenly's Security

Wrenly is preparing for a SOC2 audit using the Drata platform. You can review our live security status and request documentation through our Drata Trust Center.

Cloud Hosting
Wrenly's data and services are hosted with trusted Amazon Web Services (AWS) through Heroku, leveraging their world-class security.

SSL and Encryption
All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are all TLS/SSL to ensure all connections are secure.

Employee Access and Authentication
Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Wrenly employees to ensure third-party access to these cloud services are protected.

Slack Permissions
Wrenly uses Slack's Granular Permissions in order to request only the permissions we need to make the app function. When you install Wrenly on your Slack workspace Slack will be present you with a list of the specific permissions that Wrenly requests, and you will have an opportunity to approve or reject those permissions. You can view Wrenly's Slack permissions without installing the app. Wrenly only has access to public channels, private channels that the bot has be invited into, and content that is explicitly shared with the bot.

Channel and Message Access
Wrenly's access to messages in Slack is very limited, in two ways:

1. Wrenly cannot read any Slack messages posted in any channel besides messages sent directly to Wrenly as a DM

2. Wrenly only needs to be in the channel(s) that you want to use to interact with Wrenly (Feedback, Surveys, Recognitions, etc.). Consequently Wrenly will only be a member of channels that a user invites it to or where a user explicitly sets up Wrenly. This means that Wrenly does not have access to anyone's private DMs (unless it's a DM with Wrenly), nor does Wrenly have access to any public or private channel content unless someone from your team has explicitly added Wrenly to the channel or Wrenly created the channel for set-up purposes.

Slack OAuth
Wrenly uses Slack's OAuth to authenticate users and teams in Slack as well as for our web app, making use of Slack's world-class security.

PCI Compliance
Wrenly uses Stripe as our payment provider. Stripe is a PCI compliant payment gateway service with very strong security practices. No credit card information is stored on our servers.