Skip to main content
Waystation
Schedule Demo

Security

How Waystation protects your sourcing data.

Waystation is SOC 2 compliant. We protect customer data with encryption, access controls, AWS-hosted infrastructure, and continuous monitoring across systems and personnel — so procurement, quality, and R&D teams can trust the system with their most sensitive supplier relationships.

How we protect your data

Security, by design.

Three pillars govern how we design, run, and evolve the platform.

SOC 2

Compliance on continuous audit.

Waystation maintains SOC 2 compliance through independent third-party audits that assess our controls against the Trust Services Criteria — data security, availability, processing integrity, confidentiality, and privacy.

Governance

Four principles, defense in depth.

Access is granted by business necessity and least privilege. Controls are applied uniformly. Security is layered. Practices improve iteratively as the product grows.

Monitoring

Infrastructure designed to surface issues fast.

Automated security platforms continuously monitor production. Infrastructure is hosted on AWS and designed with multiple protection layers — encryption in transit and at rest, and least-privilege access protocols throughout.

Product security

Controls that travel with every customer.

These controls are enabled by default on every account — no configuration required.

  • Comprehensive access logging — every login attempt and system change is auditable.
  • Multi-factor authentication required for every internal system.
  • AWS hosting provides 99.9% object durability.
  • Users control when data is created, stored, and deleted.
  • Industry-standard encryption is applied to sensitive information at rest and in transit.

Privacy & data governance

Privacy through the data lifecycle.

All employees and contractors sign non-disclosure agreements. We maintain policies that cover collection, storage, and deletion of personal information.

Data lifecycle

  • Data is collected only for defined, disclosed purposes.
  • Access is restricted by business necessity and least privilege.
  • Retention follows the Master Subscription Agreement.
  • Deletion is honored on request or at the end of service.

AI governance

Customer data stays customer-controlled.

We review every AI feature before it ships. Customer data is never used to train third-party models.

  • Security reviews precede every new AI feature before rollout.
  • Customer data remains under user control at all times.
  • AI subprocessors are contractually prohibited from using customer data for model training.
  • AI usage and data handling are outlined in the Terms of Service.