WorkflowMax

0

WorkflowMax is cloud-based job, time and invoice management software. WorkflowMax is based in Wellington, New Zealand and has been operating since 2007. In 2012 WorkflowMax was acquired by Xero. You can contact real, live, support people 24/7 through their email support desk. WorkflowMax encrypts all data in transit between your computer and their servers, but they may not encrypt your data while it is on their servers. WorkflowMax’s service is hosted in a data centre operated by Rackspace. Rackspace adheres to stringent security measures and has been independently audited to ensure your data is stored securely while still being easily available to you. However, WorkflowMax does not list their expected availability (the % of the time their service is expected to be accessible online). WorkflowMax allows you to import data into its various services or export from them should you wish to backup your data or migrate to another service. WorkflowMax will delete all account data 7 days after service termination.

This disclosure was provided and researched by Arrowrock. Sources are cited where possible.

Please report any inaccuracies in this report by leaving a reply below or sending us a private message. Thank you!

Company Identity

Trading Name WorkflowMax
Company Website http://www.workflowmax.com/
Company Phone Number +64 9 280 6652
Company Email Address accounts@workflowmax.com
Physical Address Xero Ltd
3 Market Lane
PO Box 24537
Wellington 6142

What services does this disclosure apply to?
Workflow Max suite of software solutions designed for job, time and invoice management as well as accounting practice and tax management for New Zealand market.

http://www.workflowmax.com/home.aspx

What country holds legal jurisdiction over the service(s)?
New Zealand

How long has your company been operating?
7 years. Max Solutions was formed in 2007 by business partners Gavin George and Chris Spence. In February 2012 Max Solutions was acquired by Xero. Xero founded in July 2006 is listed on the New Zealand Stock Exchange

http://www.workflowmax.com/about.aspx

How long has your company been providing the service(s) covered in this disclosure?
WorkflowMax was brought to market in early 2008

http://www.workflowmax.com/about.aspx

Is your company currently profitable?
Workflow Max is owned by Xero, a publicly-traded company on the New Zealand Stock Exchange, which shows Xero capitalised at $1.1B NZD.

https://www.nzx.com/markets/NZSX/securities/XRO

return to the top

Customer Support and Service Level Agreement

What are your standard customer support hours?
We offer a free email support service, which as of mid-April will be 24/7 globally when we have our support desk set up in the UK.
We do not do incoming support phone calls, but we can and will do outgoing phone calls, as well as ‘GoToMeeting’ and ‘Skype’ calls
(Response from Workflow Max Support to email requesting information – response came within 2 hours of request.)

What channels are available for communication with clients?
Telephone, email, website and postal mail.

Which is your preferred channel for client communications?
No preference stated: Any notice required to be given by us to you shall be sent to the e-mail address provided by you in your registration details or as updated by you from time to time in accordance with proper use of our Website.
Any such notice shall be deemed (a) to be notice in writing and (b) to have been received 24 hours after being sent. Any notice required to be given by you to us under this Agreement shall be sent to the postal address provided under our contact details on our Website and as updated from time to time.
http://www.workflowmax.com/terms-of-use.aspx

Do you collect any information from client communications?
Privacy statement is very brief. It reads: We respect your privacy, the privacy of your data and the privacy of all users and visitors. All information and data entered by you into the system is treated as confidential. We will not sell, rent, lease, or give away your data, our user list, email addresses or any other personal information unless required by law to do so. We will not contact you unless you opt-in to a user email list or have requested to be notified of bug-fixes or new features.

We may, from time to time, gather specific data from user browsers as they enter and exit the site. This information is standard, and contains data such as referring URL, pages viewed, and amount of time spent on the site. This data is used for internal calculations of traffic, platform, and download counts.

Any information collected may be used to investigate any possible breach of these Terms of Use or illegality.

We will endeavour to keep your information safe and secure. Unfortunately, due to the very nature and environment of the internet, we cannot ensure that all communications and personally identifiable information will never be disclosed.
http://www.workflowmax.com/terms-of-use.aspx

No one can access your data unless you provide access to them.
http://www.workflowmax.com/contact.aspx

What is your standard response time for customer support inquires?
Not available

Do you proactively communicate information about future planned outages and maintenance to clients?
Yes. Posts to blog are fed to subscribers via syndication with Feedburner. No specified time for prior notice. Expected resolution times found on blog posts.

http://blog.workflowmax.com/
http://feeds.feedburner.com/workflowmax

Do you proactively communicate information about current unscheduled outages and incidents to clients?
Yes. Posts to blog are fed to subscribers via syndication with Feedburner. Expected resolution times found on blog posts.

http://blog.workflowmax.com/
http://feeds.feedburner.com/workflowmax

Do you make incident reports available to clients after major incidents?
Formal reports not found. Updates on blogs appear thorough. Sample report can be found at http://blog.workflowmax.com/post/Unexpected-WorkflowMax-Outage.aspx

What is the expected uptime of the service?
Not available

Has the service experienced any outages in the last 12 months?
Yes. Three notices found on blog. Duration appears to have been brief in two. Most serious outage can be found at http://blog.workflowmax.com/post/Unexpected-WorkflowMax-Outage.aspx

Comments post to this outage states: This is the first and only failure I’ve seen in 2 years of using this service.
Posted by Scott on 15 August 2012 12:28

Does the SLA guarantee service uptime?
No Workflow Max SLA found. May be specified in contract. Hosting partner, Rackspace, has SLA (See Below)
http://www.workflowmax.com/pricing.aspx

The Rackspace Managed Hosting SLA
Network
Rackspace Guarantees: Network will be available 100% of the time in a given month, excluding scheduled maintenance.
Customer Advantages: A credit of 5% of the monthly fee for each 30 minutes of downtime. A credit of up to 100% of the monthly fee for the affected server.

Infrastructure
Rackspace Guarantees: Critical infrastructure systems, including power and HVAC, will be available 100% of the time in a given month, excluding scheduled maintenance.
Customer Advantages: A credit of 5% of the monthly fee for each 30 minutes of downtime, up to 100% of the monthly fee for the affected server.

Hardware
Rackspace Guarantees: Functioning of all hardware components and replacement of any failed component at no cost to the customer.
Customer Advantages: A credit of 5% of the monthly fee per additional hour of downtime, up to 100% of the monthly fee for the affected server.
http://www.rackspace.com/whyrackspace/network/

return to the top

Security

Are logs kept of client logins and locations?
Inferred, but information not directly provided.

Does your service support password/account recovery?
Not available

Does the service monitor for any suspicious account activity?
WorkflowMax is hosted at tier-one facility Rackspace who are based in Texas, USA. Their support and performance is exemplary. They monitor our servers and firewalls 24/7 365 days of the year in a guarded location.
http://www.workflowmax.com/contact.aspx

Rackspace Statement: Cisco and Arbor Networks continually work with us, creating ever-improving ways of monitoring and securing our network.http://www.rackspace.com/whyrackspace/network/

Does your service offer two-step or multi-factor authentication?
Not available

Does your service offer login via other services?
No

Does your service secure all client data in transit?
We use 128 bit SSL encryption. All passwords are encrypted. No one can access your data unless you provide access to them. Our entire database is backed up every four hours onto a redundant platform and you can export your data into CSV format at any time.
http://www.workflowmax.com/contact.aspx

Does your service secure client data at rest?
Security for data at rest maintained by Rackspace. WorkflowMax is hosted at tier-one facility Rackspace who are based in Texas, USA. Their support and performance is exemplary. They monitor our servers and firewalls 24/7 365 days of the year in a guarded location.
http://www.workflowmax.com/contact.aspx
http://www.rackspace.com/whyrackspace/network/

Does your service allow clients to collaborate with 3rd parties?
No.

Does your primary system reside in a data center with a security certification?
Yes. WorkflowMax is hosted at tier-one facility Rackspace who are based in Texas, USA. Their support and performance is exemplary. They monitor our servers and firewalls 24/7 365 days of the year in a guarded location.
http://www.workflowmax.com/contact.aspx

Does your backup/disaster recovery system reside in a data center with a security certification?
WorkflowMax is hosted at tier-one facility Rackspace who are based in Texas, USA. Their support and performance is exemplary. They monitor our servers and firewalls 24/7 365 days of the year in a guarded location.
http://www.workflowmax.com/contact.aspx

return to the top

Data Ownership

Do you claim ownership of any client data or information uploaded to your service?
Not specifically stated on website. Contract may specify.
http://www.workflowmax.com/contact.aspx

Does the client retain full ownership of any data of information transmitted or stored via upstream providers?
Not specifically stated on website. Contract may specify. http://www.workflowmax.com/contact.aspx

Does client use of your service generate any metadata or other statistical information?
Only related statement found states : No one can access your data unless you provide access to them.
http://www.workflowmax.com/contact.aspx

return to the top

Data Location

Where are the primary systems that host client data located?
WorkflowMax is hosted at tier-one facility Rackspace who are based in Texas, USA. Their support and performance is exemplary. They monitor our servers and firewalls 24/7 365 days of the year in a guarded location.
http://www.workflowmax.com/contact.aspx
http://www.rackspace.com/managed_hosting/

Where are the backup/disaster recovery systems that host client data located?
Rackspace – based in San Antonio, TX – Nine (9) Data Centers: Grapevine, TX; Richardson, TX; Chicago, IL; Herndon, VA; Ashburn, VA; London, UK; Slough, UK; Hong Kong; Sydney, AUS

http://www.rackspace.com/information/aboutus/

Are there any other systems that host client data on behalf of your service?
Not available

return to the top

Data Access and Use

Does the client have full access to their data during the service contract period?
Yes

Can the client freely download their data from the service during the contract period?
You can export your data into CSV format at any time.
http://www.workflowmax.com/contact.aspx

Can the client easily import/upload their data from a competing service provider into your service?
Not available

Does your services include an API to access client data?
The WorkflowMax API is organised around RESTful principles.

http://www.workflowmax.com/api-overview.aspx

WorkflowMax integrates with a number of other services.

http://www.workflowmax.com/integration.aspx

Following termination of the service, will the client be able to access their data?
No. We will delete your account data 7 days after cancellation.http://www.workflowmax.com/terms-of-use.aspx

Following termination of the service, is all client data deleted?
We will delete your account data 7 days after cancellation.
http://www.workflowmax.com/terms-of-use.aspx

Does anyone in your organization (including contractors and upstream providers) have the ability to directly access client data?
Not available

Does your company use client data or information for any business function (other than the provision of the service)?
We may, from time to time, gather specific data from user browsers as they enter and exit the site. This information is standard, and contains data such as referring URL, pages viewed, and amount of time spent on the site. This data is used for internal calculations of traffic, platform, and download counts.

Any information collected may be used to investigate any possible breach of these Terms of Use or illegality.
http://www.workflowmax.com/terms-of-use.aspx

Does your company use client data or information to generate revenue (other than the provision of the service)?
No

Do you access client data in any additional circumstance not yet specified in this disclosure?
No

return to the top

Data Breach Notification

Do you have a policy in place for dealing with data loss or breach?
Not available

Do you notify clients if their data has been lost or compromised?
Not available

return to the top

Backup and Maintenance

Does your service support data versioning?
Not available

How often are service/client data backups performed?
Our entire database is backed up every four hours onto a redundant platform.
http://www.workflowmax.com/contact.aspx

What method is used to perform service/client data backups?
Not available

How long is backup data retained for?
Not available

return to the top

Disclaimer

The information in this report is provided “AS IS” without warranty of any kind, express or implied. Please use good judgement and verify the information you consider important before basing any decisions on it.