1. Security Considerations
Workato is designed to meet enterprise security standards across industries, with certifications and safeguards that align with global compliance frameworks.
Certifications and Security Standards
Workato holds a range of certifications:
SOC 1 / SOC 2 Type II: Audited internal controls for security and availability
ISO 27001 & ISO 27701: Information security and privacy governance
PCI-DSS v4.0.1 Level 1: Secure cardholder data processing
HIPAA: Healthcare data protection (with Business Associate Agreements available)
IRAP: Alignment with Australian government cybersecurity requirements
Key Security Practices
Key Security Practices
Bug Bounty Program: Workato runs a bug bounty via HackerOne, inviting external security researchers to identify and report vulnerabilities — a proactive and transparent layer of protection.
RBAC and Access Control: Workato enforces Role-Based Access Control (RBAC), separating user permissions across development, testing, and production environments.
Audit Logs and Monitoring: User activity is logged, and Automation HQ provides visibility across workspaces.
Network Security: All platform access occurs over HTTPS with strong encryption algorithms (128-bit or greater).
Incident Monitoring: Security systems are monitored 24/7 with real-time alerting. Uptime and system health are visible at status.workato.com.
Jurisdiction & Data Privacy
Jurisdiction & Data Privacy
While Workato is a US-based platform, your legal protections are governed by the primary agreement between CYE and the Customer. The authoritative privacy protections are anchored in the Master Service Agreement between CYE and Workato, which ensures that regional jurisdictional requirements are met regardless of Workato’s global headquarters.
International Data Transfers: For EU/UK-based customers, data flows are protected by a Data Processing Addendum (DPA) incorporated into the CYE-Workato agreement. This DPA governs GDPR-related processor obligations, including international data transfers.
Contractual Security Obligations: Workato is contractually committed to CYE to maintain industry-standard technical and organizational security measures and to notify CYE in the event of a security breach.
Sub-processor Transparency: The agreement incorporates Workato’s published list of sub-processors, supporting full transparency regarding onward data transfers.
Compliance Verification: These protections are supported by Workato’s existing certifications mentioned above, including SOC 2 Type II, ISO 27701:2019, and HIPAA.
Contractual Privacy & Data Protection
Contractual Privacy & Data Protection
Data privacy and jurisdictional protections are established through the governing agreement between CYE and Workato. This framework explicitly incorporates Workato’s Services Privacy Policy and a Data Processing Addendum (DPA) to ensure global compliance with GDPR and other international data protection standards.
International Data Transfers: Legal safeguards for data stored or processed across different jurisdictions (including US/EU).
Sub-processor Transparency: Full visibility into third-party services used by Workato.
Security Commitments: Contractual obligations for industry-standard technical measures and formal security breach notifications.
By using these workflow automations, customers benefit from these enterprise-level protections which supersede the general summary terms found in the Help Center.
Credential & Encryption Practices
Credential & Encryption Practices
OAuth 2.0 is the default connection method whenever possible
Stored credentials are encrypted with 256-bit key encryption
A hierarchical key model limits exposure by isolating encryption levels — with a Customer Main Key (CMK) at the top
You can review more at:
2. Tasks Allocation in Workato
Currently, each company receives a customized task package (aka a plan in Workato) that can be updated or expanded based on business needs and actual usage patterns. These allocations are reviewed to maintain fair and balanced usage during the beta phase.
The following plans are currently supported:
A Company in POC will automatically be assigned with the trial plan in Workato.
A Company which is a customer will automatically be assigned with the bronze plan in Workato.
Important:
Plans may be changed automatically based on the customer's status.
Any pricing changes will be communicated in advance, with an option to review and approve before activation.
You will not be charged automatically for Workato usage.
Any transition from free to paid usage will occur only after official communication, including full pricing details.