{"id":13023,"date":"2022-10-05T16:59:37","date_gmt":"2022-10-05T16:59:37","guid":{"rendered":"https:\/\/www.hqo.com\/?page_id=12556"},"modified":"2025-11-05T06:54:20","modified_gmt":"2025-11-05T11:54:20","slug":"trust-and-security","status":"publish","type":"page","link":"https:\/\/www.hqo.com\/trust-and-security\/","title":{"rendered":"Trust and Security"},"content":{"rendered":"Reading Time: <\/span> 5<\/span> minutes<\/span><\/span>\r\n

Trust & Security<\/h1>\r\n

We value security. For more information or if you have any questions, please contact us.<\/p>\r\n

Contact us <\/a><\/p>\r\n

Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently.<\/p>\r\n

Our security team has designed and implemented a comprehensive information security management system (ISMS) program following the best practices described in ISO 27001 and NIST frameworks. The team aims to continuously improve the ISMS program alongside the business growth, reach, and input from various stakeholders including customers and regulators.<\/p>\r\n

On this page, we describe the various security measures and compliance overviews at HqO. For more information about our security measures, please contact security@hqo.co<\/a>.<\/p>\r\n

Privacy & Data Regulations Physical Security Organizational Security Technological Security Privacy & Data Regulations<\/p>\r\n\r\n\r\n\r\n
\"ISO<\/td>\r\n\r\n

ISO 27001<\/strong>
HqO is ISO 27001:2022 certified. The certification covers the ISMS supporting the confidentiality, integrity, and availability of customer data, supplier information, and HqO’s internal data related to developing, operating, and planning a workplace experience platform environment.
Download Certification for HqO \u2192<\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\r\n\r\n\r\n
\"SOC<\/td>\r\n\r\n

SOC 2 <\/strong>
HqO has obtained the SOC 2 Type II report by an examination of an independent third party. The report helps understand the controls HqO has established to support operations and compliance. The report is available upon request.
Email to Request \u2192<\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n\r\n\r\n\r\n
\"HqO<\/td>\r\n\r\n

CSA Star Level 1<\/strong>
HqO has completed and regularly maintains the correctness of answers for security self-assessment (CAIQ v4.02) from Cloud Security Alliance (CSA). The completed questionnaire gives comprehensive information about the security practices that are in place at HqO.
Download Assessment \u2192<\/a><\/p>\r\n<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n

Physical Security<\/p>\r\n

HqO’s solution is compliant with various data protection laws and regulations where our customers are residing, such as GDPR, CCPA, and PIPEDA. View our Privacy Policy<\/a> for more details.<\/p>\r\n

HqO also leverages a number of third-party applications and services in support of the delivery of our solution to customers. We recognize that the company’s information assets and vendor dependencies are critical to our continuing operations and delivery of services. As such, we have established a vendor management program that sets forth the requirements to be established and agreed upon when HqO engages with third parties or external vendors. For a complete list of HqO’s sub-processors, please refer to our Data Processing Addendum document on our Legal Hub<\/a>.<\/p>\r\n

HqO is committed to safeguarding the privacy and data protection of our global customer base. Our dedication to these principles is evident in our adherence to the Data Privacy Framework (DPF), which encompasses the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. DPF serve as pillars ensuring that HqO adheres rigorously to data protection regulations, facilitating the seamless transfer of personal data from the European Union, the United Kingdom, and Switzerland to the United States, fully aligning with EU, UK, and Swiss laws, respectively. For a detailed overview of our data protection practices, please consult our Privacy Policy. At HqO, we prioritize the protection of your data above all else. Our commitment to continuous enhancement drives us to consistently improve our data protection measures, guaranteeing that our services not only meet but exceed the ever-evolving data privacy standards across all jurisdictions in which we operate.<\/p>\r\n

Organizational Security<\/p>\r\n

HqO maintains a comprehensive set of security policies and procedures which are communicated and accessible to all employees. We ask our employees during their onboarding and annually thereafter to read and understand these policies and procedures. We also plan, run, and continuously improve security awareness campaigns across the company to ensure all employees are aware of security best practices and how to best protect customers and other business information.\u00a0<\/p>\r\n

All policies and procedures that we have internally are bound to regular review at least annually. We also perform tests and compliance controls on all these areas to ensure that the measures are running effectively.<\/p>\r\n

Technological Security<\/p>\r\n

We host customer data on Amazon Web Services (AWS) infrastructure in the US East region data center located in Northern Virginia and the EU Central region data center located in Frankfurt, Germany. All primary instances of our infrastructure are replicated in real-time to secondary instances across multiple availability zones to ensure high availability service.<\/p>\r\n

All data is encrypted during transmission and at rest. Backup snapshots of the database are captured at 5-minute intervals and retained for 30 days.\u00a0<\/p>\r\n

For ensuring the continuous security of our production environment, security vulnerability scanning is performed every 2 weeks using a third-party solution. Every year an external party performs a penetration test on our applications (web and mobile) and infrastructure. All identified observations are tracked and resolved according to the policy and procedure previously defined.<\/p>\r\n

Frequently asked questions<\/h4>\r\n

Does HqO collect, store, and process personal information (PII data) from the customers?<\/p>\r\n

We collect, store, and process a very limited amount of personal data from customers to deliver our service, such as name, work email address, and main work location.<\/p>\r\n

Where does HqO store or host customer data?<\/p>\r\n

HqO utilizes Amazon Web Services (AWS) as the application and data hosting provider. We use the US East Region data center located in Northern Virginia and the EU Central Region data center located in Frankfurt, Germany.<\/p>\r\n

How does HqO ensure that the application is always available?<\/p>\r\n

The primary instance of our application and database are replicated to a secondary instance for redundancy across multiple availability zones. Our infrastructure, app deployment, and connected services are all provisioned with code that increases the recoverability in the event of disruptions.

We also have defined and maintained a Business Continuity and Disaster Recovery Plan which is tested at least annually.

Please refer to this page for our service availability objective (SLA): https:\/\/www.hqo.com\/sla\/<\/a> \u00a0<\/p>\r\n

Does HqO backup customer data regularly?<\/p>\r\n

Backup snapshots of the database are captured at 5-minute intervals and maintained for 30 days. The restoration of backup data is performed regularly.<\/p>\r\n

How does HqO manage employee access to customer data?<\/p>\r\n

We have implemented a comprehensive policy and procedure for Access Management, which incorporates least privilege and need-to-know principles. User’ access is reviewed regularly<\/p>\r\n

Does HqO encrypt customer data for transportation and storage?<\/p>\r\n

We always encrypt data-in-transit using TLS1.2+ and data-at-rest using AES 256.<\/p>\r\n

Does HqO perform regular security testing on the application?<\/p>\r\n

We perform penetration testing on our application and infrastructure at least annually. We also check our production environment for vulnerabilities using an automatic third-party security scanning tool every 2 weeks.<\/p>\r\n

Does HqO use third-party suppliers or vendors to deliver its product and service?<\/p>\r\n

We use third-party suppliers or vendors as part of application development and service production, such as Amazon Web Services (AWS) for hosting and Braze for notifications. As part of our risk management, we perform annual security risk assessments on these vendors.<\/p>\r\n

Which user authentication method does HqO support?<\/p>\r\n

At a minimum, we support username and password for user authentication. We also support Single-Sign-On (SSO) through SAML protocol.<\/p>\r\n

Does HqO have procedures to handle security incidents such as data breaches?<\/p>\r\n

We have defined comprehensive policies and procedures for handling security incidents, including the communication channel and methodology toward customers and regulators. We test our incident response procedure annually.<\/p>\r\n

How long does HqO store customer data in the database?<\/p>\r\n

We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.<\/p>\r\n","protected":false},"excerpt":{"rendered":"

Reading Time: <\/span> 5<\/span> minutes<\/span><\/span><\/p>\n

Reading Time: <\/span> 5<\/span> minutes<\/span><\/span>Trust & Security We value security. For more information or if you have any questions, please contact us. Contact us Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently. Our security team has designed …<\/p>\n

Trust and Security<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":"","inline_featured_image":false,"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"full-width-container","site-content-style":"unboxed","site-sidebar-style":"unboxed","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-13023","page","type-page","status-publish","hentry"],"yoast_head":"\nTrust and Security | HqO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hqo.com\/trust-and-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trust and Security | HqO\" \/>\n<meta property=\"og:description\" content=\"Reading Time: 5 minutesTrust & Security We value security. For more information or if you have any questions, please contact us. Contact us Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently. Our security team has designed … Trust and Security Read More \u00bb\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hqo.com\/trust-and-security\/\" \/>\n<meta property=\"og:site_name\" content=\"HqO\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-05T11:54:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830-236x300.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/\",\"url\":\"https:\/\/www.hqo.com\/trust-and-security\/\",\"name\":\"Trust and Security | HqO\",\"isPartOf\":{\"@id\":\"https:\/\/www.hqo.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830-236x300.png\",\"datePublished\":\"2022-10-05T16:59:37+00:00\",\"dateModified\":\"2025-11-05T11:54:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hqo.com\/trust-and-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage\",\"url\":\"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830.png\",\"contentUrl\":\"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830.png\",\"width\":963,\"height\":1224,\"caption\":\"ISO 27001 badge\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hqo.com\/trust-and-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hqo.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trust and Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hqo.com\/#website\",\"url\":\"https:\/\/www.hqo.com\/\",\"name\":\"HqO\",\"description\":\"Make the workplace a human place.\",\"publisher\":{\"@id\":\"https:\/\/www.hqo.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hqo.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.hqo.com\/#organization\",\"name\":\"HqO\",\"url\":\"https:\/\/www.hqo.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hqo.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.hqo.com\/wp-content\/uploads\/2021\/11\/Header-Logo.svg\",\"contentUrl\":\"https:\/\/www.hqo.com\/wp-content\/uploads\/2021\/11\/Header-Logo.svg\",\"width\":84,\"height\":40,\"caption\":\"HqO\"},\"image\":{\"@id\":\"https:\/\/www.hqo.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trust and Security | HqO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hqo.com\/trust-and-security\/","og_locale":"en_US","og_type":"article","og_title":"Trust and Security | HqO","og_description":"Reading Time: 5 minutesTrust & Security We value security. For more information or if you have any questions, please contact us. Contact us Security is an integral component of our business. HqO’s customers and users entrust us with their work-life information, and we aim to process and store that information thoughtfully and intelligently. Our security team has designed … Trust and Security Read More \u00bb","og_url":"https:\/\/www.hqo.com\/trust-and-security\/","og_site_name":"HqO","article_modified_time":"2025-11-05T11:54:20+00:00","og_image":[{"url":"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830-236x300.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.hqo.com\/trust-and-security\/","url":"https:\/\/www.hqo.com\/trust-and-security\/","name":"Trust and Security | HqO","isPartOf":{"@id":"https:\/\/www.hqo.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage"},"image":{"@id":"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830-236x300.png","datePublished":"2022-10-05T16:59:37+00:00","dateModified":"2025-11-05T11:54:20+00:00","breadcrumb":{"@id":"https:\/\/www.hqo.com\/trust-and-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hqo.com\/trust-and-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hqo.com\/trust-and-security\/#primaryimage","url":"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830.png","contentUrl":"https:\/\/www.hqo.com\/wp-content\/uploads\/2025\/06\/A_LIGN_badge_ISO_27001-e1748981856830.png","width":963,"height":1224,"caption":"ISO 27001 badge"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hqo.com\/trust-and-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hqo.com\/"},{"@type":"ListItem","position":2,"name":"Trust and Security"}]},{"@type":"WebSite","@id":"https:\/\/www.hqo.com\/#website","url":"https:\/\/www.hqo.com\/","name":"HqO","description":"Make the workplace a human place.","publisher":{"@id":"https:\/\/www.hqo.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hqo.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hqo.com\/#organization","name":"HqO","url":"https:\/\/www.hqo.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hqo.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.hqo.com\/wp-content\/uploads\/2021\/11\/Header-Logo.svg","contentUrl":"https:\/\/www.hqo.com\/wp-content\/uploads\/2021\/11\/Header-Logo.svg","width":84,"height":40,"caption":"HqO"},"image":{"@id":"https:\/\/www.hqo.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/pages\/13023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/comments?post=13023"}],"version-history":[{"count":0,"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/pages\/13023\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.hqo.com\/wp-json\/wp\/v2\/media?parent=13023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}