Whatfix Security

Your Security Is Our Priority

At Whatfix, the security of our products and associated services always remains a top priority. Our Customer first approach ensures that we remain committed to safeguarding customer information. Whatfix leverages best in class technologies and processes for ensuring Data security, for maintaining and supporting Customer needs in various regulatory compliance requirements including but not limited to Privacy. Check out the resources on this page to learn how to create and optimize your company’s employee onboarding process.


In line with one of our core Organizational Principles of Trust, we leverage best in class Technologies, Processes and Partners to achieve this goal.

Download Whatfix Security Whitepaper

Security Illustration

SSL Support   Confidentiality

Secured Role based Access, Encryption and Anonymization are some of the various methods we employ to ensure Confidentiality of Our Customer Data.

  • Role-based access
  • Minimal collection of data
  • Encryption

Availability   Availability

Redundancy, resilience, and the ability to scale at ease are baked into the architecture of our Platform to ensure the availability of Whatfix to our Customers.

  • Disaster Avoidance is one of the cornerstone of the design of our platform Application and infrastructure
  • Clustering of services or nodes ensure that Whatfix continues to serve its Customers even if there are more than one failures to the nodes or components. Thus, avoiding single point of failures.
  • Whatfix Business continuity program ensures that our Plans are tested at least once annually and upon significant change in infrastructure.

Monitoring   Data Integrity

At Whatfix we have implemented change controls, elaborate logging and round the clock monitoring of all actions and activities in the production environment to enable us to provide adequate assurance to our customers on the Integrity of their data at Whatfix.

  • Change control
  • Logging
  • Monitoring
  • SRI
  • Digitally sign all executables

Data Red Teaming and Third Party Penetration Tests

  • Whatfix partners with Bugcrowd, a leading Crowdsourced cybersecurity platform to play the role of Red Team.
  • At least once Annually a reputed third party is engaged for carrying out Infrastructure and Application Penetration tests.

If you are interested to learn more about how Whatfix achieves these lofty (ambitious) goals of Security, please Click here .



Whatfix complies with all applicable regulations and legislations of Geographies and business verticals it operates and provides services in.

Regulatory Compliance

As a leading Digital Adoption Platform provider and a partner to our clients to protect their data, it is imperative we remain cognizant of all regulatory requirements applicable to the type of data and the regulatory body. Whatfix compliance team is committed to ensuring that our Customers remain assured of our data handling and protection practices more than meet the respective regulatory requirements.

Our certifications/attestations include:


Whatfix believes in remaining transparent with its clients on data collection. As a service provider, we allow our Customers to choose the Personal data that our Platform captures. Clients can also choose not to send any Personally Identifiable Information of their Users and still continue to leverage Whatfix in their Application adoption journeys.

Download Whatfix Security Whitepaper




Data Localization

Data localization

Whatfix offers its services from 2 geographic locations viz. EU and the USA, customers can choose to subscribe to any of the 2 data centers depending on their data localization needs.

Data Retention

Data retention

Whatfix retains its Customer data on the platform for a period of 2 years post termination of the engagement, Customers can choose to have the data deleted anytime during and after the period of subscription.

Data Handling

Data handling

Whatfix safeguards the customer data by implementing industry best technical controls and processes such as role based access control, encryption, anonymization etc.

Whatfix can sign Data processing agreements that incorporate the “New” Standard Contractual Clauses as prescribed in EU GDPR with Customers .

Contact Us

Report a vulnerability

If you believe you have found a security issue that meets Whatfix’s definition of a vulnerability, please submit the report to our security team via one of the methods below:

  • If you are a customer: Submit a ticket to our support team
  • If you are a security researcher: Submit a report through our bug bounty program

Definition of a Vulnerability

Whatfix considers a security vulnerability to be a weakness in our Whatfix Digital Adoption Platform or the supporting infrastructure of the Platform that could allow an attacker to impact the confidentiality, integrity, or availability of the product or infrastructure.

Note: The corporate Website of Whatfix is not in scope.

Bug Bounty Program

Whatfix operates a public bug bounty program for its Digital Adoption Platform via our partner, Bugcrowd. Security researchers can receive cash payments in exchange for a qualifying vulnerability report submitted to Whatfix via our bounty programs.

Click here to participate in our bug bounty program

Responsible Disclosure:

In order to protect our customers, Whatfix requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability, and informed customers if needed.
Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time, and the timeline will depend upon the severity of the vulnerability and the affected systems.

Experience the Benefits of Whatfix Today