Data Processing Addendum

The terms and conditions below (“DPA”) supplement and amend the Terms of Service (“ToS”), to the extent that WeSolve processes any personal data originating from the European Economic Area (EEA), the United Kingdom (UK), and Switzerland (“EU Data”) for You as a Customer.

Capitalized terms not defined in the DPA have the meaning set out in the ToS. Words and expressions used in this DPA but not defined in the DPA or in the ToS have the meanings given in the EU Directive 95/46/EC or, from 25 May 2018, the General Data Protection Regulation (2016/679) (“GDPR”), including any subordinate or implementing legislation, and for transfers of Data to WeSolve, the applicable data protection laws (“Applicable Data Protection Law”).

1. WeSolve as Data Processor

WeSolve shall be considered only as a Processor on behalf of its Customers and Authorized Users with respect to any Customer Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this DPA, WeSolve does not independently cause Customer Data containing Personal Data stored in connection with the Service to be transferred or made available to third parties, except to third-party Sub-Processors who may process such data on behalf of WeSolve in connection with providing the Service.

Such actions are performed or authorized only by the applicable Customer. The Customer is the Data Controller under the GDPR, meaning that the Customer determines the manner in which Personal Data is collected and used, as well as the purposes and means of its processing.

WeSolve is not responsible for the content of the Personal Data contained in Customer Data, nor for how Customers or Users collect, handle, disclose, distribute, or otherwise process such information.

While providing the Service to the Customer pursuant to the ToS, WeSolve may process Personal Data on behalf of the Customer and agrees to comply with the following provisions with respect to any Personal Data submitted by or for the Customer to the Service.

2. General

  • You confirm that You are accepting this DPA as a Personal Customer or Business Customer.
  • If You are accepting this DPA as a Business Customer, You confirm that You have the authority to bind the entity You represent to this DPA.
  • This DPA sets out the rights and obligations that apply to WeSolve’s handling of Personal Data on behalf of the Customer.
  • This Agreement is designed to ensure compliance with Article 28(3) of the GDPR, which sets out specific requirements for the content of Data Processing Agreements.
  • WeSolve’s processing of Personal Data shall be performed solely for the purpose of fulfilling the ToS, starting from the date on which the Customer electronically accepts or otherwise agrees to the ToS.
  • The duration of this Agreement corresponds to the duration of the ToS. This does not prejudice the right to terminate the Agreement for cause without notice in cases of intentional or grossly negligent violations of the GDPR.
  • This DPA shall take priority over any similar provisions contained in other agreements, including the ToS.
  • EU Standard Contractual Clauses (if applicable) must prevail over any conflicting provisions.
  • This DPA includes three appendices, which are an integral part of this Agreement:
    • Appendix A: Details of the processing, including purpose, type of Personal Data, categories of data subjects, and duration.
    • Appendix B: Terms and conditions related to Sub-Processors and a list of approved Sub-Processors.
    • Appendix C: Processing instructions, including minimum security measures and audit procedures.
  • This DPA does not exempt WeSolve from obligations under the GDPR or other applicable laws.

3. Customer Rights and Obligations as Data Controller

  • The Customer is responsible for ensuring that the processing of Personal Data complies with the GDPR and other applicable laws.
  • The Customer has the right and obligation to define the purposes and means of processing Personal Data.
  • The Customer is responsible for ensuring that any processing performed by WeSolve is lawfully authorized.

4. WeSolve Acts According to Instructions

  • WeSolve shall only process Personal Data in accordance with documented instructions from the Customer, unless otherwise required by EU or Member State law. In such cases, WeSolve shall inform the Customer unless the law prohibits such notification on the grounds of public interest (GDPR Article 28(3)(a)).
  • WeSolve shall immediately notify the Customer if any instructions appear to contravene the GDPR or other applicable Data Protection Laws.
  • WeSolve shall provide the Customer with all necessary information to demonstrate compliance with the DPA and Article 28 of the GDPR.
  • WeSolve shall allow and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, in accordance with Appendix B (Inspection and Audit Reports).

5. Confidentiality

WeSolve shall ensure that only those persons who are currently authorized to do so are able to access the Personal Data being processed on behalf of Customer. Access to the data shall therefore without delay be denied if such authorization is removed or expires.

Only persons who require access to the Personal Data in order to fulfill the obligations of WeSolve to Customer shall be provided with authorization. For the avoidance of doubt, the access shall be based on the “need to know” and “least privileged access” principles, and such persons shall have received appropriate training and instructions regarding the processing of Personal Data.

WeSolve shall provide Customer, upon request, with proof of execution of the confidentiality agreements with personnel who may have access to Customer Personal Data, as well as proof of periodic training in the field of Personal Data protection.

WeSolve shall ensure that persons authorized to process Personal Data on behalf of Customer have undertaken to observe confidentiality or are subject to a suitable statutory obligation of confidentiality.

6. Security of Processing

WeSolve shall take all measures required pursuant to Article 32 of the General Data Protection Regulation (GDPR), which stipulates that, considering the current level of technology, implementation costs, the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of natural persons, both Customer and Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Depending on their relevance, the measures may include the following:

  • Pseudonymization and encryption of Personal Data
  • The ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

WeSolve shall ensure that, in implementing these security measures, it at a minimum implements the level of security and measures specified in Appendix C of this Data Processing Agreement.

7. Assistance to Customer

WeSolve, taking into account the nature of the processing, shall reasonably assist Customer with appropriate technical and organizational measures in fulfilling Customer obligations to respond to data subjects’ rights as per Chapter 3 of the GDPR.

This means that WeSolve shall reasonably assist Customer in compliance with:

  • Notification obligations when collecting Personal Data from the data subject
  • Notification obligations if Personal Data was not obtained from the data subject
  • The right of access by the data subject
  • The right to rectification
  • The right to erasure (‘the right to be forgotten’)
  • The right to restrict processing
  • Notification obligations regarding rectification or erasure of Personal Data or restriction of processing
  • The right to data portability
  • The right to object
  • The right to object to the result of automated individual decision-making, including profiling

For the avoidance of doubt, WeSolve shall promptly notify Customer and provide all pertinent information in case of:

  1. Any third party (including organizations or associations) submitting requests or complaints regarding the processing of Personal Data by WeSolve on behalf of Customer.
  2. Any supervisory authority or government agency requesting access to, information about, or conducting an audit concerning the processing of Personal Data carried out by WeSolve under the Service Agreement.

If WeSolve directly receives such a request or complaint, it shall immediately notify Customer and shall not respond directly, unless with Customer’s prior written instruction.

WeSolve shall assist Customer in ensuring compliance with GDPR Articles 32-36, considering the nature of the processing and the data made available to WeSolve, as per Article 28(3)(f) GDPR.

This means that WeSolve shall reasonably assist Customer in compliance with:

  • The obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing.
  • The obligation to report Personal Data breaches to the supervisory authority without undue delay and, if possible, within 72 hours of Customer discovering such a breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
  • The obligation to communicate the Personal Data breach to the data subject without undue delay, when such breach is likely to result in a high risk to the rights and freedoms of natural persons.
  • The obligation to carry out a Data Protection Impact Assessment (DPIA) if a type of processing is likely to result in a high risk to the rights and freedoms of natural persons.
  • The obligation to consult with the supervisory authority prior to processing, if the Data Protection Impact Assessment shows that the processing will lead to a high risk due to the lack of appropriate risk-mitigation measures.

8. Notification of Personal Data Breach

On discovery of a Personal Data breach at WeSolve’s facilities or a sub-processor’s facilities, WeSolve shall, without undue delay, notify Customer. WeSolve’s notification to Customer shall, if possible, take place within 48 hours after WeSolve has discovered the breach to enable Customer to comply with their obligation, if applicable, to report the breach to the supervisory authority within 72 hours, as required by law.

This may mean that WeSolve is required to assist in obtaining the following information, which, pursuant to Article 33(3) of the General Data Protection Regulation (GDPR), must be included in the Customer’s report to the supervisory authority:

  • The nature of the Personal Data breach, including, if possible, the categories and approximate number of affected data subjects and the categories and approximate number of affected Personal Data records.
  • Probable consequences of the Personal Data breach.
  • Measures taken or proposed to manage the Personal Data breach, including, if applicable, measures to mitigate its potential damage.

9. Erasure and Return of Data

Upon termination of the processing services, WeSolve shall be obligated, at Customer’s discretion, to erase or return all Personal Data to Customer and to delete existing copies, unless EU law or Member State law requires the continued storage of Personal Data.

10. Commencement and Termination

This Data Processing Agreement (DPA) shall become effective on the date on which Customer electronically accepts or otherwise agrees to the WeSolve Terms of Service (ToS).

This Data Processing Agreement may be terminated in accordance with the termination terms and conditions, including the notice of termination, specified in the ToS, subject to Section 2.6 (as outlined above).

This Data Processing Agreement shall remain in effect as long as processing continues. Regardless of the termination of the ToS and/or this Data Processing Agreement, the Data Processing Agreement shall remain in force until the processing ceases and all data is erased by WeSolve and any sub-processors.

Breaches of this Data Processing Agreement shall be treated as breaches of the Services Agreement. Each party shall be liable for its own breaches of applicable data protection laws and shall indemnify the other party accordingly if the other party suffers damages due to such a breach.

Data Processing Details

Data Controller and Data Processor Contact

Customers may contact WeSolve at support@wesolve.app.
WeSolve may contact Customers using the contact information stored on their Account Profile.

Appendix A – Details of Data Processing

This Appendix provides details regarding the processing of personal data, including the purpose, nature, and duration of the processing, as well as the types of personal data and categories of data subjects involved.

1. Data Controller

The Data Controller is the Customer utilizing WeSolve’s collaboration, innovation, and productivity platform, including its associated services, tools, and infrastructure.

2. Data Processor

The Data Processor is WeSolve ApS, which provides the collaboration and innovation platform, services, systems, and technologies on behalf of the Customer.

3. Data Subjects

The personal data processed as part of the Services Agreement applies to the following categories of data subjects:

  • Users of the WeSolve platform (including invited members, workspace contributors, and administrators).

4. Categories of Personal Data

For End Users

WeSolve may collect the following personal data for End Users of a Customer’s Workspace:

  • User Profile Information
    • Full Name
    • Email Address
    • Profile Photo (if uploaded)
  • User Activity & Service Data
    • IP Address
    • Browser Information
    • Device Information
    • URL Referrer
    • Events (actions performed within the platform)
    • Settings & Preferences
  • User-Generated Content
    • Ideas, Comments, Ratings, Votes, and any other data submitted by Users
    • Files, Attachments, and Links uploaded to WeSolve Workspaces

For Customers

WeSolve may collect the following personal data from Customers:

  • Customer Contact Information
    • Contact Name
    • Contact Email Address
  • Billing & Payment Information
    • Credit Card Details (processed through third-party payment processors)
    • Billing Address
    • IP Address for authentication and security

5. Special Categories of Data

WeSolve does not require or request the processing of special categories of data (e.g., sensitive personal data).

However, if the Customer chooses to store such data within the WeSolve platform, it is their responsibility to ensure compliance with all applicable data protection laws.

The following special categories of personal data may be processed at the Customer’s discretion:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data
  • Health-related data
  • Sexual orientation or preferences

6. Processing Operations

The personal data transferred will be subject to the following processing operations:

  • Data storage, backup, and security measures
  • Processing of user authentication and workspace participation
  • Facilitating collaboration, innovation, and engagement activities within the platform
  • Customer support and troubleshooting assistance
  • Usage analytics to improve service performance

7. Nature and Purpose of Processing

WeSolve provides its platform to facilitate team collaboration, innovation management, and idea-sharing.

To achieve this, WeSolve processes personal data to:

  • Authenticate and verify User identities.
  • Enable Users to share and interact with content in Workspaces.
  • Deliver email notifications and invitations based on Customer preferences.
  • Allow Customers to customize Workspace permissions and settings.
  • Provide technical support and service improvements.

The Customer maintains full control over the data shared within their Workspaces, including modification, deletion, or disclosure of such data.

8. Data Processing Duration

  • Personal Data will be processed as long as the Customer maintains an active subscription to the WeSolve platform.
  • Upon account termination, WeSolve will retain data only as required by legal and regulatory obligations.
  • The Customer may request full data deletion in accordance with WeSolve’s data retention policy.

9. Aggregated Insights & Analytics

You consent that WeSolve may use anonymized, aggregated insights derived from platform activity to improve service performance and optimize user experience.

For example, WeSolve may analyze:

  • How often Users engage with ideas, comments, and voting mechanisms.
  • Overall participation trends within different Workspaces.

These insights will never include identifiable personal data and will be used solely to enhance the platform.

Additionally:

  • WeSolve support staff may access Customer account data only upon explicit invitation for troubleshooting purposes.
  • Any customer feedback or analytical insights provided knowingly or unknowingly may be used to improve WeSolve’s technology without resulting in ownership rights for the Customer.

Appendix B

1. Terms of WeSolve’s Use of Sub-Processors

WeSolve has Customer’s general consent for the engagement of already engaged Sub-Processors, as of the date of this Addendum, as listed in this Appendix B.

2. Sub-Processors

As Data Processor, WeSolve ensures that Sub-Processors are subject to data protection obligations that are no less protective than those specified in this Data Processing Agreement (DPA), through a contract or other legal document under EU law or the national law of the Member States. This includes ensuring that Sub-Processors provide the necessary guarantees that they will implement appropriate technical and organizational measures so that the processing meets the requirements of the General Data Protection Regulation (GDPR).

Customer acknowledges and agrees that:

  • (i) WeSolve’s Affiliates may be retained as Sub-Processors.
  • (ii) WeSolve and its Affiliates may engage third-party Sub-Processors in connection with the provision of the Services.

WeSolve or a WeSolve Affiliate shall enter into a written agreement with each Sub-Processor containing data protection obligations that are no less protective than those in this Agreement and applicable law, with respect to the protection of Customer Data.

If, in the performance of this DPA, WeSolve transfers any Personal Data to a Sub-Processor located outside of the European Economic Area (EEA), WeSolve shall, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.

3. List of Sub-Processors

WeSolve shall make available to Customer the current list of Sub-Processors for the Services. This list shall include the legal entity names of Sub-Processors and the location where Customer Data is processed.

4. Changes in Sub-Processors

WeSolve shall inform Customer in writing of any intended changes regarding the addition or replacement of Sub-Processors at least 30 days in advance.

5. Right to Object

WeSolve will give Customer the opportunity to object to the engagement of a new Sub-Processor within 30 days after being notified. The objection must be based on reasonable grounds.

If WeSolve and Customer are unable to resolve the objection, either party may terminate the Agreement by providing written notice to the other party. Customer shall receive a refund for any prepaid but unused fees for the period following the effective date of termination.

Where WeSolve engages a Sub-Processor for carrying out specific processing activities on behalf of Customer, WeSolve shall ensure that the same data protection obligations as set out in this Addendum are imposed on the Sub-Processor, including:

  • Providing sufficient guarantees to implement appropriate technical and organizational measures to ensure that processing meets the requirements of this Addendum and Applicable Data Protection Law.

Upon request, a copy of the Sub-Processor agreement and any subsequent amendments shall be made available to Customer, except for clauses on business-related issues that do not affect the legal data protection content of the Sub-Processor agreement.

WeSolve shall at all times keep an up-to-date list of all Sub-Processors used, including in each case the details required under this Appendix B, and shall make this list available to Customer upon request.

WeSolve shall be liable for the acts and omissions of any Sub-Processor to the same extent as if the acts or omissions were performed by WeSolve. This does not affect the rights of data subjects under Applicable Data Protection Law.

6. International Transfers

WeSolve may transfer and process Customer Data anywhere in the world where WeSolve, its Affiliates, or its Sub-Processors maintain data processing operations, after having previously informed and obtained Customer’s consent.

WeSolve shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws. Specifically, WeSolve shall ensure a valid legal basis for any such transfer, as outlined in Chapter 5 of the GDPR and Articles 45-49 thereof.

Without prejudice to the aforementioned notification and approval process, WeSolve may transfer data to third countries located outside the European Economic Area (EEA) if:

  • WeSolve has implemented a transfer solution compliant with Applicable Data Protection Law.

Where such a transfer solution is based on the EU Commission Model Clauses, WeSolve shall provide Customer with a Transfer Impact Assessment (TIA), including details of:

  • Processing locations.
  • Processing activities to be carried out.
  • Types of Personal Data affected.
  • Additional safeguards and measures (technical, organizational, and contractual) to be implemented.
  • WeSolve’s risk assessment regarding the intended Sub-Processor and/or data transfer.

This notification shall be performed prior to the implementation of the transfer, and Customer shall be given at least 90 days to review it. Customer may reject the transfer, partially or entirely, in which case WeSolve shall not proceed with the envisaged transfer.

If the contracted services cannot be performed without the said transfer, Customer shall have the option to terminate the Services Agreement and the Addendum, entirely or partially, as required, without any penalty.

Appendix C

1. Instructions for Processing & Security Measures

Appendix C of this Data Processing Agreement (DPA) outlines the processing activities that WeSolve is to perform on behalf of the Customer, the technical and organizational security measures implemented by the Data Importer (WeSolve) in accordance with Clauses 4(d) and 5(c) of the Standard Contractual Clauses (SCCs), and how inspections with WeSolve and any Sub-Processors are to be conducted.

WeSolve has implemented an internal Information Security Program that covers:

  • Data and Network Security
  • Access and Site Controls
  • Personnel and Sub-Processor Security

2. WeSolve’s Security Controls

Physical Security

WeSolve uses physically secure data centers that comply with or exceed the security requirements of SOC2. These data centers are equipped with CCTV monitoring, 24/7 on-site security personnel, and key card access control systems. Geographically distributed data centers are used for backups.

Redundancy & Business Continuity

The WeSolve infrastructure is designed to allow for maintenance and improvements with minimal downtime. Data is replicated and backed up across multiple systems to prevent data loss or destruction. Backup restoration procedures and business continuity plans are tested annually.

Power Supply

WeSolve’s data centers are equipped with backup power and uninterrupted power supplies (UPS), ensuring that services remain operational for extended periods in the event of power failure.

Patches & System Updates

A policy is in place to ensure that all systems are kept up to date with necessary security patches and updates.

Data in Transit & Encryption

WeSolve encrypts data transmissions between data centers using industry-standard encryption protocols. Data is encrypted both in transit and at rest.

Intrusion Detection & Incident Response

An intrusion detection system (IDS) is in place to monitor for potential attack activities, providing insights to help remediate threats faster. Additionally, WeSolve has established incident response protocols to handle security incidents and breaches, with a commitment to promptly notify affected parties.

Access Control & Authentication

All WeSolve personnel are required to authenticate via a central authentication system or a single sign-on (SSO) system to access administrative functions.

Password Security & Multi-Factor Authentication (MFA)

Strong password policies are enforced, requiring:

  • Unique IDs
  • Strong password requirements
  • Mandatory two-factor authentication (2FA/MFA)

Access Review & Audit Trail

Access is controlled using the principle of least privilege, with regular access reviews conducted. An immutable audit trail logs all system access events.

Data Separation & Disk Erasure

Customer data is stored in a multi-tenant environment, secured through separate encryption keys. Decommissioned disks are securely erased or destroyed after their intended use.

Personnel & Background Checks

All WeSolve personnel are subject to:

  • Company policies on privacy, security, ethics, and professional conduct
  • Mandatory background checks before hiring

Data Access & Sub-Processor Security

WeSolve personnel do not access or process Customer Data without explicit authorization from the Customer, except where required by law.

Before onboarding any Sub-Processors, WeSolve conducts:

  • Security and privacy risk assessments
  • Contractual agreements enforcing privacy, confidentiality, and security obligations

3. Storage Limits & Data Erasure

Processing is not time-limited and will continue until this Data Processing Agreement is terminated or canceled by one of the Parties.

  • Personal Data is stored with WeSolve until:
    • Customer or a Member requests data deletion
    • WeSolve deletes data in accordance with its internal retention policies
  • Customers can export their raw data at any time in industry-standard JSON format.
  • Upon termination, Customer Data will be deleted upon request or automatically erased per WeSolve’s internal retention policies.

4. Inspection & Audit Reports

WeSolve shall provide written responses (on a confidential basis) to Customer requests for information security and audit questionnaires to confirm compliance with this DPA.

  • The Customer may request this information once per year, unless a security incident occurs, in which case the Customer is entitled to an immediate audit.
  • Upon Customer’s request, WeSolve shall provide information regarding its compliance with this DPA to the Customer or its third-party auditor, provided that the auditor is not a competitor of WeSolve.

Customers are entitled to request a remote or on-site audit of:

  • WeSolve’s infrastructure, facilities, and security architecture
  • Data processing records, systems, and procedures

The Customer shall cover costs associated with the audit, unless the audit reveals that WeSolve is in breach of this DPA or Applicable Data Protection Laws, in which case WeSolve will bear all costs.

Audit Process

  • Prior to any on-site audit, both parties shall agree upon:
    • Scope, timing, and duration of the audit
  • Customer must provide at least 30 days’ notice before conducting an on-site audit, unless a security breach occurs, in which case the Customer may perform an audit immediately.
  • If non-compliance is discovered, the Customer must notify WeSolve promptly with details.

4. Encryption of Customer Content

In the database, WeSolve encrypts non-searchable content, such as passwords, but does not encrypt searchable content to allow Users to efficiently search across members, discussions, and uploaded content within the WeSolve platform.

When a User interacts with the WeSolve Service, the details of their interactions are securely transmitted through API calls over HTTPS. All WeSolve APIs and websites exclusively use HTTPS. Every interaction between Customer, User, and WeSolve is fully encrypted using Transport Layer Security (TLS) with RSA-2048 encryption, ensuring private and secure communication.

WeSolve’s hosting provider encrypts customer data at rest by default. Data is segmented into secure storage blocks, with each block encrypted using a unique Data Encryption Key (DEK). These DEKs are further encrypted using a Key Encryption Key (KEK) for added security. For more details, see our hosting provider’s encryption policy.

5. Customer Data Separation

Access to Customer Data is strictly controlled through authentication tokens, which define a User’s access permissions across Spaces, Discussions, and other Content within the WeSolve platform.

Logical data separation ensures that each Customer’s data is isolated even when stored on shared infrastructure. WeSolve is the sole tenant on its infrastructure, and logical access controls (including tokens, encryption keys, and secret authentication methods) guarantee strict User Data isolation between different Customers.

6. Single Sign-On and Multi-Factor Authentication

WeSolve supports SAML-based Single Sign-On (SSO) for enhanced security. Depending on Customer’s authentication provider, multi-factor authentication (MFA) can also be enabled via their SSO provider settings.

Instructions on how to enable SSO for your organization can be found in the WeSolve Access Settings.

7. Location and Storage of Customer Data

Under GDPR, Personal Data is not required to stay within the EU, provided there is a legal framework in place that validates the transfer. The GDPR recognizes several mechanisms, including Standard Contractual Clauses (SCCs), for ensuring lawful international transfers.

WeSolve’s application and database servers are hosted within the European Union, specifically in Germany, ensuring that Customer Content remains within the EU at rest.

The Service may involve additional processing infrastructure within the EU or the United States. In such cases, WeSolve’s US-based Sub-Processors operate under Standard Contractual Clauses (SCCs), guaranteeing an adequate level of protection as required by Article 46 of GDPR.

Hosting Provider Security Measures

WeSolve’s hosting provider enforces Full Disk Encryption (FDE) and secure drive-locking mechanisms to safeguard data at rest.

When storage hardware is retired, it undergoes a multi-step destruction process:

  1. Erasure verification – writing zeros to the entire disk and confirming data removal.
  2. Physical destruction – if a disk cannot be erased, it is stored securely until it is physically destroyed using industrial-grade disk crushers and shredders at secure recycling facilities.

Each data center follows a strict data disposal policy, with any violations immediately addressed.

8. Security Checks & Code Scans

WeSolve performs regular security audits using third-party vulnerability assessment tools. Additionally:

  • The source code undergoes automated security checks with every commit.
  • Before updating external code dependencies, a full security audit is conducted to prevent vulnerabilities from entering the WeSolve codebase.
  • WeSolve subscribes to security advisory lists to ensure that any discovered software vulnerabilities are promptly addressed.

9. Handling of Customer Data by Personnel

Access to the WeSolve datastore is strictly limited to a select group of personnel. WeSolve does not allow its administrators to “impersonate” Users or view Customer Content via an admin switcher interface.

If troubleshooting is required, WeSolve will:

  • Conduct tests in a development environment.
  • Obtain explicit permission from the Customer to access an account.
  • Require Customers to invite our support account manually, which can be revoked at any time.
  • Alternatively, use screen-sharing for issue resolution.

All access requests, infrastructure logins, and code modifications are logged for security tracking.

By default, support personnel have access to contact details and activity logs necessary for assisting Customers. Access is secured with MFA, and Personal Data is never sold to third parties.

10. Replication & Backups of Customer Data

WeSolve performs full backups of Customer Data three times daily. These backups are retained for up to one month to support:

  • Disaster recovery procedures
  • Rollbacks in case of a security, technical, or data-loss event

In the event of a security incident, hardware failure, or data corruption, WeSolve can initiate full Customer Data rollbacks in a timely manner to restore normal operations.

  • Product

      Ideas

      Easily gather insights and ideas from your community to shape better decisions together.

      News and Events

      Promote participation and share information to form opinions and foster engagement

      Feedback

      Turn your community feedback into positive change. Make it easy for everyone to voice their experiences

      Projects and Workshops

      Organize activities efficiently to promote and achieve key organizational goals.

      Surveys and Polls

      Promote informed decision-making and active engagement with insightful community feedback

      Gamification

      Motivate your community in a playful and stimulating way to stay engaged

  • Use Cases

      Citizen Engagement

      Empowering community voices for impactful local change through increased participation

      Open Innovation

      Fostering a collaborative environment for creative solutions and community-driven innovation

      Employee Engagement

      Creating a vibrant and innovative work culture by fostering collaboration among employees

      Housing and Resident Engagement

      Enhancing the living experience in social housing through community engagement and support

  • About Us
  • Plans
  • Resources
Start for Free