Security and data protection

How Get WorkGear protects your data

As a company that takes data security and privacy very seriously, we recognise that Get WorkGear information security practices are important to you. Below we have provided some general information to give you confidence in how we secure the data entrusted to us.

Secure hosting and infrastructure

• We use data centres located in New Zealand, with physical access protected by smart cards, CCTV cameras and other security measures.
• Firewalls are used to detect and prevent internet-based attacks.
• Our servers are protected with anti-malware software.
• The entire Get WorkGear application is encrypted with TLS.
• All login pages pass data via TLS.

Backups, monitoring and testing

• Backups are taken daily and stored in a separate location.
• Security logs and alerts are reviewed on a regular basis by our internal team.
• We perform regular external security penetration tests throughout the year using an independent third party.
• These tests include high-level server penetration testing and in-depth testing for vulnerabilities within the application.
• We perform monthly external vulnerability scans.

Account and login protection

• Get WorkGear account passwords are hashed. Our own staff cannot view them.
• If you lose your password, it cannot be retrieved — it must be reset.
• Login pages have brute force protection.

Internal access controls

• Admin access to the Get WorkGear servers is secured using multi-factor authentication.
• Our team uses multi-factor authentication when remotely accessing our internal cloud-based systems.