Workroom SystemsBook a demo

Security & confidentiality

Security and client confidentiality are critical. We design and operate the platform with data integrity and discretion in mind.

Security and client confidentiality are critical to us. We have industry expertise in keeping systems secure, and we design and operate the platform with that in mind. Our clients include tailors who work with celebrities and people in high places — discretion and data integrity are non-negotiable. This page summarises the steps we take to protect your data and systems, and how you can report issues.

Client confidentiality

We treat every client’s data as confidential. We do not share, sell or expose client data to third parties. Access to production data is strictly limited and logged. Our team is used to handling sensitive information and high-profile clients; we have clear processes for who can see what, and we do not log sensitive personal data in application logs. When you host with us, your customer list, orders and business data stay yours and are protected.

Integrity of systems

We take steps to ensure the integrity and reliability of the platform: secure development practices, dependency updates, and controlled access to infrastructure. Changes to production are reviewed and auditable. We use industry-standard approaches to reduce the risk of unauthorised access, data corruption or service disruption.

Access control & audit

Role-based access ensures staff only see what they need. Within your workroom, you control who has access to which parts of the system. Every significant action is recorded in audit logs — who did what, and when — so you have full traceability for quality and compliance. We use the same discipline for our own operations: access to your data is limited to those who need it to operate or support the service.

Data in transit and at rest

All traffic between you and the platform is encrypted over HTTPS. Data at rest is stored on secure infrastructure in the UK, with appropriate safeguards. We do not store sensitive data in logs or in places that could be exposed. Backups and retention follow secure practices so that your data remains protected and recoverable.

Security headers & hardening

We set security headers (e.g. Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) to reduce the risk of certain attacks. Forms and API endpoints are protected with rate limiting, honeypot checks and input validation. We do not expose stack traces or sensitive debugging information to users. Dependencies are kept updated and we follow secure development practices.

Reporting a security issue

If you think you’ve found a security problem, we’d like to hear from you. Email security@workroomsystems.com with a brief description and we’ll get back to you, work through it with you, and fix it. We ask that you give us a chance to address it before sharing details elsewhere — we’ll keep you updated.