Security and Governance

Understand how your organization can control and protect your accounts.


Workplace is built on three principles of trust.

Workplace accounts are separate from personal Facebook accounts

Workplace is built on Facebook's infrastructure, but it is a separate platform. The same is true for data that is added on Workplace.

Workplace and Facebook accounts are separate, with separate profiles and login credentials for each account. Content is never shared between your Workplace and personal Facebook account.

Workplace data is also segregated via what we call logical boundaries. When a company signs up for Workplace, we create a unique enterprise ID for that Workplace community. All data that is created within this community - or by any account associated with it - is then contained within the boundaries of your community. These boundaries restrict the ability for anyone outside of your authorized community to access or view content within it. None of the contents are publicly accessible.

We hold ourselves to the same data and privacy standards as other leading SaaS providers and enterprise software products. Workplace is ISO27001 and ISO27018 certified, and our security practices are regularly audited by independent third-party auditors with an industry standard SOC3 Report. A detailed SOC2 report is available upon request.

ISO 27001 certification demonstrates security best practice and provides an independent validation of the design and operational effectiveness of our security management program and information security management system.
ISO 27018 certification indicates conformance with commonly accepted control objectives, controls and guidelines for public cloud service providers to protect Personally Identifiable Information (PII) housed on their services.
SOC 2 is an extensive independent audit of how we host and operate Workplace, which is performed annually by third-party auditors and covers everything from how we secure and protect the application and our data centers, to how we verify the identity and background of our employees. This is available upon request, subject to an NDA. SOC 3 report provides a summary of the SOC 2 report.

Workplace is GDPR compliant. We have a Data Processing Addendum in the agreement to offer the data processing protections of the General Data Protection Regulation (GDPR) to all of our customers. The commitments we make under the Data Processing Addendum apply to all customers and we do not differentiate between EU users and those in other territories.

Security is our top priority

We built Workplace in collaboration with our security experts. We regularly evaluate and test it via full source code reviews, penetration tests, security audits by independent third-parties, and more.

You’re in control of your data and privacy

Your organization owns and administers the account data - you can modify, delete, or export it at any time. Our industry standard APIs allow for real-time activity monitoring and content exports. If we receive a request for your data, we will redirect the request to you. If you would like to use third party tools for eDiscovery and compliance, we provide integrations with several industry-leading providers.