Weflow is continuously third-party audited to comply with industry and regulatory standards.

• SOC 2 Type II
• GDPR & CCPA
• HIPAA
• CASA Tier 2

Your data is hosted on AWS with region flexibility (EU, US, or APAC) and governed by industry-leading frameworks:

• EU SCCs (Standard Contractual Clauses)
• AWS and Google Cloud Data Processing Agreements (DPAs)
• EU–US Data Privacy Framework

Give your team the power to access Weflow without compromising on security.

• Use Salesforce SSO to securely log into Weflow
• Supports Okta, Entra ID, Azure AD, Google Identity, and more
• Centralized administration and provisioning

Weflow’s AI capabilities are built with data protection at the core. AI workloads follow strict security and privacy protocols.

• No customer data is used to train models
• No sensitive data is stored or processed outside Salesforce
• Powered by AWS Bedrock and internally trained LLMs

Weflow is regularly audited and re-certified by independent auditors and security firms.

• Audited by Microsoft and PwC
• Annual third-party penetration tests
• Annual third-party re-certification (SOC 2 Type II, etc.)