Home › Guides › Security and Data Protection — WorkerRecord

Security and data protection

How we protect your documents and your workers' data

You're uploading sensitive compliance documents — insurance certificates, DBS disclosures, medical records, professional registrations. Here is a plain English summary of how that data is protected.

Your documents are private

Documents uploaded to WorkerRecord are stored on private, encrypted storage. There are no public URLs for any document. Every download is authenticated — a document can only be accessed by a signed-in member of your team. If you were to share a URL with someone outside your account, it would not work.

Access is limited to your account

WorkerRecord is used by many companies, but data is completely isolated between them. Your documents, workers, and compliance records are accessible only to your team. Every action that accesses your data — downloads, approvals, exports — checks that the person making the request belongs to your account.

Payments are handled by Stripe

Card details never pass through our servers. Payment information is captured directly by Stripe — a PCI DSS Level 1 certified payment processor — and only a subscription reference is stored on our side. We never see or store card numbers or CVVs.

UK GDPR compliance

WorkerRecord processes personal data on behalf of its customers. We are a data processor under UK GDPR; you are the data controller. This relationship is governed by our Data Processing Agreement, which covers your rights, our obligations, sub-processor details, and breach notification procedures.

Data is stored on servers in the UK and European Economic Area. No personal data is transferred outside the UK/EEA without appropriate safeguards.

Connections are encrypted

All connections to WorkerRecord use HTTPS. The application enforces this with HTTP Strict Transport Security — browsers will refuse to connect over an unencrypted connection.