Security Policy

Whagons designs its platform with a layered security approach intended to protect the confidentiality, integrity, and availability of operational information processed through the service.

Our controls are reviewed continuously and evolve alongside product requirements, infrastructure changes, and the risk profile of organizations using Whagons.

We apply authentication and authorization controls to limit access to systems, environments, and data to authorized people and processes only.

• Permission assignment based on role, operational need, and level of responsibility.
• Separation between environments and administrative accounts where appropriate.
• Review and removal of access when roles change, risk is identified, or an employment or contractor relationship ends.
• Support for enterprise authentication and integration models when included in the customer implementation.

Whagons seeks to protect information in transit and at rest through reasonable technical controls, infrastructure hardening practices, and responsible management of configurations and credentials.

Customers remain responsible for deciding what information they upload to the platform and for configuring internal permissions and workflows appropriately.

We incorporate development practices intended to reduce common vulnerabilities, validate inputs, restrict improper access, and protect integrations, automations, and application features.

Product updates may include security fixes, hardening improvements, and preventive adjustments when we identify risks or dependencies that require them.

We maintain logs and monitoring mechanisms to investigate relevant security, abuse, stability, and service-operation events.

When we identify an incident that may affect the security or availability of the service, we activate internal analysis, containment, mitigation, and recovery processes based on the nature of the event.

Whagons aims to operate on infrastructure and practices that support reasonable availability, backup, and recovery in the event of technical failures, operational mistakes, or security incidents.

Specific continuity, backup, or recovery targets may vary based on the contracted environment, implemented architecture, and applicable commercial commitments.

We may rely on infrastructure, authentication, email, monitoring, automation, and other providers needed to operate the platform and website.

We perform reasonable evaluation of relevant providers, but the use of integrations or third-party services may also depend on customer decisions, configurations, and contracts.

Security also depends on sound customer-side practices. We recommend that customers:

• Assign least-privilege permissions to users, supervisors, and administrators.
• Review active accounts, roles, approvals, and automated workflows on a regular basis.
• Train internal users on credential handling, phishing, files, and sensitive processes.
• Validate integrations, automations, and operational rules before applying them in critical environments.
• Report suspicious activity or security incidents to Whagons without delay.

If you are a customer and need more information about security practices relevant to your account or implementation, you may request it through your commercial or support channel.

If you want to report a possible vulnerability or incident, contact us at info@whagons.com with as much context as possible so we can investigate responsibly.

Whagons may update this Security Policy to reflect changes in the product, infrastructure, operational practices, or applicable requirements. The current version will be posted on this page together with its effective date.