Security policy

Security is a core priority at WeSolve. As a provider of cloud-based civic-tech solutions, ensuring the privacy, integrity, and security of our clients’ data is fundamental to our mission. We continuously review, update, and enhance our security policies to maintain robust protection against emerging threats.

WeSolve has implemented a comprehensive security program with technical and organizational safeguards to protect our customers’ data from unauthorized access, modification, or deletion.

Data Isolation and Security for Customers

WeSolve ensures that customer data is securely isolated to maintain privacy and prevent unauthorized access.

  • Enterprise Customers Have Isolated Databases
    Each enterprise customer has a dedicated database with unique, randomly generated credentials, secured and encrypted using modern cloud security standards.
  • Multi-Tenant Security in SaaS
    Customers in a shared environment are logically isolated through role-based access controls (RBAC), network policies, and security configurations to prevent unauthorized data access.

Secure Authentication and Access Control

To enhance platform security, WeSolve provides secure authentication options:

  • Single Sign-On (SSO) – We offer SAML, OpenID, Azure B2B, and third-party SSO integrations to enable secure access management.
  • Role-Based Access Control (RBAC) – Administrators can define user permissions to restrict access based on role and necessity.

Proactive System Monitoring and Threat Detection

We continuously monitor our platform to detect and respond to potential security incidents.

  • Real-Time Service Monitoring – Our automated monitoring system alerts our team if suspicious activity is detected.
  • Anomaly Detection – We leverage intrusion detection systems (IDS/IPS) to identify potential threats.
  • Incident Response – In the event of an attack, WeSolve follows predefined security response protocols to contain and mitigate risks.

Timely Software Patching and Updates

We maintain an aggressive update schedule to ensure software security:

  • Critical and high-risk vulnerabilities are patched immediately.
  • Routine software updates are applied every two weeks to keep the system secure and stable.

Built-In Security Controls

WeSolve has implemented strong encryption and access control measures to safeguard customer data:

  • Transport Layer Security (TLS 1.3) – Encrypted communication ensures data integrity and prevents interception.
  • End-to-End Encryption – Customer data is encrypted in transit and at rest.
  • Least Privilege Access – System components are configured with minimal permissions, preventing unauthorized system modifications.

Responsible Vulnerability Management

WeSolve recognizes that security is an ongoing process. We have a transparent vulnerability disclosure policy and perform:

  • Internal and third-party security audits
  • Penetration testing of key system components
  • Continuous security assessments

GDPR and Compliance

WeSolve operates in full compliance with GDPR and international data protection regulations. Our Data Processing Agreement (DPA) ensures that our customers’ personal data is handled with the highest privacy standards.

User Responsibility and Account Protection

Security is a shared responsibility. To help users protect their accounts, we recommend:

  • Never share your login credentials
  • Use strong passwords and enable two-factor authentication (2FA)
  • Ensure your account information is up-to-date
  • Report suspicious activity immediately

If you suspect unauthorized access to your account or wish to request data deletion, please contact our support team.

Transparent Privacy Policy

WeSolve is committed to privacy transparency. Our Privacy Policy is written in clear, plain language, outlining:

  • What data we collect
  • How we use it
  • Your rights regarding data privacy

Cloud Infrastructure Security

WeSolve operates on a secure, modern cloud infrastructure using Microsoft Azure. Our cloud platform provides:

  • SOC2 & ISO 27001 certifications for security compliance
  • Data encryption at rest and in transit
  • Private Virtual Private Cloud (VPC) environments
  • Secure, geographically redundant storage

Enterprise customers can request to host their database in specific regions for compliance or regulatory needs.

System Integrity and Security Best Practices

To maintain high system reliability and security, WeSolve:

  • Uses automated backup and disaster recovery procedures
  • Monitors and logs access to all systems
  • Performs security audits throughout the development lifecycle

Commitment to Continuous Improvement

WeSolve continuously evolves its security policies and adapts to emerging threats to ensure that our customers’ data remains secure, private, and protected.

For more information about our security policies and best practices, please reach out to our security team.

Physical Access Control

WeSolve leverages Microsoft Azure’s highly secure data centers, which feature multiple layers of protection to prevent unauthorized access. These security measures include:

  • Custom-designed electronic access cards
  • Alarm systems and vehicle access barriers
  • Perimeter fencing and restricted entry points
  • Metal detectors and biometric authentication
  • Laser beam intrusion detection systems
  • 24/7 surveillance with high-resolution security cameras
  • Professional security guards who undergo rigorous background checks and training

According to the Microsoft Security Whitepaper, Azure data centers maintain detailed access logs, activity records, and video surveillance, which are routinely reviewed to ensure security and compliance.

Importantly, WeSolve employees do not have physical access to Microsoft Azure data centers, servers, network equipment, or storage.

Network Access Control

WeSolve strictly regulates access to our cloud infrastructure:

  • Role-Based Access Control (RBAC) – Only designated, authorized WeSolve operations team members can configure the infrastructure.
  • Two-Factor Authentication (2FA) – Access is protected by two-factor authentication within a secure Virtual Private Network (VPN).
  • Secure Key Management – Specific private keys are required for access to individual servers, and keys are stored in an encrypted, secured vault.

Penetration Testing and Vulnerability Assessments

To proactively identify and mitigate potential security threats, WeSolve undergoes:

  • Annual vulnerability assessments and penetration testing conducted by internal security experts.
  • Continuous internal security reviews to detect and address vulnerabilities.
  • Customized penetration testing reports for enterprise customers upon request, including details on identified risks and mitigation strategies.

Third-Party Security Audits and Compliance

Microsoft Azure undergoes regular third-party independent audits to validate compliance controls for its data centers, infrastructure, and operations. These audits include:

  • SOC 2 (SSAE 16-compliant) certification
  • ISO 27001 security certification
  • GDPR and data protection compliance

WeSolve’s security model is aligned with Microsoft’s industry-leading standards, ensuring that our customers’ data remains protected under the highest security measures.

By combining physical security, advanced network access controls, proactive penetration testing, and third-party audits, WeSolve continuously enhances its security framework to safeguard sensitive data.

Business Continuity and Disaster Recovery

At WeSolve, business continuity and disaster recovery are critical to maintaining high availability, data integrity, and rapid recovery in the event of unforeseen incidents. Our infrastructure is designed for resilience, ensuring that our services remain operational even under extreme conditions.

High Availability

Every component of the WeSolve platform is hosted on redundant servers with failover mechanisms, including:

  • Multiple load balancers to distribute traffic efficiently.
  • Redundant web servers to ensure seamless application performance.
  • Replica databases for continuous data synchronization and failover protection.
  • Routine server maintenance without impacting service availability.

Business Continuity

WeSolve maintains continuous, encrypted backups of all customer data within Microsoft Azure Cloud infrastructure. In the unlikely event of a primary data loss, WeSolve will restore customer data from these backups to minimize disruption.

Disaster Recovery

In the event of a region-wide outage, WeSolve will initiate disaster recovery protocols, including:

  • Activating a duplicate environment in an alternative Microsoft Azure Cloud region.
  • Ensuring compliance with customer data location agreements to maintain data sovereignty and regulatory adherence.
  • Minimizing downtime through automated failover to backup infrastructure.

Recovery Objectives

  • Recovery Point Objective (RPO): The maximum acceptable age of the data that can be restored.
    • WeSolve RPO: 24 hours – ensuring minimal data loss in the event of an outage.
  • Recovery Time Objective (RTO): The maximum time required to restore operations after an incident.
    • WeSolve RTO: 72 hours – ensuring full restoration of services within three days.

Data Security During Transit

Inbound Data (Entering Our Servers)

  • All incoming connections to WeSolve servers are encrypted using industry-standard SSL encryption.
  • Customers can verify security standards through the latest SSL Labs security report (available upon request).

Internal Data Transfers (Between Servers)

  • Communications between WeSolve servers, including web applications and databases, are encrypted with TLS v1.3 using AES-256 bit encryption.
  • Sensitive credentials such as database passwords and API keys are encrypted using the same AES-256 bit encryption method.

Outbound Data (Leaving Our Servers)

  • Responses sent back to customers are securely transmitted over encrypted HTTPS (SSL/TLS) connections.
  • This ensures that all data exchanges remain confidential and protected from interception.

Data Security and Encryption

Encryption at Rest

All data stored on WeSolve servers is automatically encrypted at rest. We utilize Microsoft Azure Cloud Infrastructure, which stores and manages cryptographic keys through a redundant and globally distributed Key Management Service (KMS). This means that even if an unauthorized party were to access physical storage devices, the data within would be impossible to decrypt without the proper keys, rendering it unreadable.

Encryption at rest also enables secure backup, infrastructure management, and business continuity without compromising security or privacy.

Encryption in Transit

WeSolve exclusively transmits data over HTTPS connections secured with Transport Layer Security (TLS) encryption, ensuring all data traveling between our services and users is protected from interception or tampering.

Data Retention & Removal

WeSolve stores customer data for up to 6 years, unless an account is deleted. If a user requests data deletion, we securely remove all associated data within 60 days, in accordance with our Terms of Service and Privacy Policy.
Information related to legal transactions between WeSolve and customers is retained for up to 5 years to comply with applicable regulations.

Security Training

All WeSolve employees receive comprehensive security training as part of their onboarding process. This includes:

  • Systems and permissions setup
  • Formal software development security training (if applicable)
  • Review of security policies and internal compliance requirements
  • Ethics, privacy, and corporate values training

Engineers regularly review security policies and are encouraged to contribute to ongoing updates via internal documentation. Any major policy changes impacting the product undergo a pull request review process before publication. Critical updates are communicated via email to all employees.

Incident Disclosure Policy

WeSolve follows the SANS-recommended incident handling and response process, which includes:

  1. Identifying the incident
  2. Containing the threat
  3. Eradicating the issue
  4. Recovering affected systems
  5. Communicating with impacted customers
  6. Documenting the event and implementing future safeguards

In the unlikely event of a data breach, WeSolve will notify affected customers within 2 business days via email or phone, followed by periodic updates on progress and resolution.

Live System Status Reporting

WeSolve maintains a public status page that provides real-time updates on operational uptime, outages, and system issues.

Incident Response Plan

WeSolve has a clearly defined Incident Response Plan to address security events in an organized and effective manner.

Incident Response Responsibilities

  • Level 1: First responders (technical support or automated alerts) identify, verify, and escalate potential incidents.
  • Level 2: A senior engineer or CTO assesses the severity of the security incident.
  • Level 3: The CTO or CEO handles external communication with affected parties regarding breach details and impact.

Incident Response Workflow

Triage Process

Before escalating an incident, the first responder must verify the issue and assess its initial impact.

Escalation Process

Once verified, escalation is immediate, moving from Level 1 to Level 2 and Level 3 through phone, email, or direct communication.

Classification Process

The severity of the incident is determined based on:

  • The scope of affected users (individual, company-wide, or all customers).
  • The type of data involved and whether it was encrypted.
  • The potential risks posed by the breach.

Investigation Process

An internal security team conducts a thorough analysis to identify the cause of the incident—whether due to software vulnerabilities, hardware failures, human error, or internal processes.

Remediation and Lessons Learned

  • Immediate actions are taken to mitigate the impact of the breach.
  • Defensive measures are strengthened to prevent similar future incidents.
  • Security processes are updated, and affected systems undergo rigorous audits.

Contacting WeSolve

If you have any questions regarding our Security Policy, please contact us:

Social Tech Projects ApS
Charlotte Muncks Vej 17 3 th, 2400, Copenhagen, Denmark
CVR-nr: 40533982
Email: legal@wesolve.app
Website: https://wesolve.app

This Security Policy is effective as of January 1, 2025.



  • Product

      Ideas

      Easily gather insights and ideas from your community to shape better decisions together.

      News and Events

      Promote participation and share information to form opinions and foster engagement

      Feedback

      Turn your community feedback into positive change. Make it easy for everyone to voice their experiences

      Projects and Workshops

      Organize activities efficiently to promote and achieve key organizational goals.

      Surveys and Polls

      Promote informed decision-making and active engagement with insightful community feedback

      Gamification

      Motivate your community in a playful and stimulating way to stay engaged

  • Use Cases

      Citizen Engagement

      Empowering community voices for impactful local change through increased participation

      Open Innovation

      Fostering a collaborative environment for creative solutions and community-driven innovation

      Employee Engagement

      Creating a vibrant and innovative work culture by fostering collaboration among employees

      Housing and Resident Engagement

      Enhancing the living experience in social housing through community engagement and support

  • About Us
  • Plans
  • Resources
Start for Free