WiBizTrust Center

Security at WiBiz

WiBiz is the conversation layer for SMBs and regulated verticals. Our security programme protects three things: customer personal data, client business configurations, and the continuity of the conversations we operate on their behalf.

Infrastructure

  • Cloud-first architecture — no self-managed physical hardware.
  • Compute and data stores hosted on reputable enterprise cloud providers.
  • Regional data residency available for regulated deployments.
  • Production environment segregated from staging and development.

Data protection

  • AES-256 encryption for data at rest across our primary data stores.
  • TLS 1.2 or higher for all data in transit.
  • Key management through managed cloud KMS with documented rotation.
  • Customer PII and payment data classified as Restricted — highest tier.

Access control

  • Role-based access aligned to the principle of least privilege.
  • Multi-factor authentication required for all production access.
  • Quarterly access reviews signed off by team leads.
  • Immediate revocation on offboarding, documented in HR process.

Incident response

  • Four-tier classification: P1 (critical) through P4 (low).
  • Documented containment, eradication, and recovery playbook.
  • PDPC notification within 72 hours for qualifying data breaches.
  • Customer notification for incidents affecting their data.

Business continuity

  • Business impact analysis maintained with documented RTO and RPO.
  • Automated backups for customer-facing data stores.
  • Disaster-recovery scenarios tested on a documented cadence.
  • Vendor continuity factored into risk register for Tier 1 dependencies.

Vendor risk

  • Tiered vendor classification based on data and service criticality.
  • Data Processing Agreements signed with vendors handling personal data.
  • Security due diligence before onboarding Tier 1 and Tier 2 vendors.
  • Annual review of critical vendor security posture.

Compliance alignment

Our security programme is aligned to the Singapore Personal Data Protection Act (PDPA), the EU General Data Protection Regulation (GDPR), and additional regional frameworks applicable to our markets — including the US Health Insurance Portability and Accountability Act (HIPAA), Indonesia PDP Law, and Vietnam Decree 147/2024. Formal certifications are tracked on our certifications page.

For the full control set, see the security policies. To request under-NDA documentation, contact the security team.