SOC 2 Type 2 compliance
Windmill is SOC 2 Type 2 Compliant. This certification demonstrates our commitment to maintaining high standards for security, availability, and confidentiality. The full SOC 2 report is available upon request—reach out to support@gowindmill.com to receive a copy.SOC 2 Type 2 certification means an independent auditor has verified our security controls over an extended period, not just at a single point in time.
Security measures
Encryption at rest All data stored in Windmill is encrypted at rest. This helps protect sensitive data, including employee records, feedback, and activity data from your connected systems. Encryption in transit All data transmitted between Windmill and your browser, as well as between Windmill and integrated services, is encrypted using industry-standard TLS protocols. Strict permissions enforcement Windmill only shows you information you already have permission to access in the source application. This means we mirror the access controls from your connected systems—if you can’t see it in Slack or Google Drive, you can’t see it in Windmill. Cookie policy Windmill has a cookie policy in place to manage how our site tracks and stores data. You can review our full cookie policy on our website.Admin access and permissions
Connection management Only Admins are allowed to create or manage Connections in Windmill. This ensures centralized control over which systems are connected and what data is accessible. Required permissions by integration To connect systems to Windmill, you’ll need specific permissions for each integration: HRIS- BambooHR - Bamboo Administrator role
- ADP - HR Admin or Super User
- Paylocity - Company administrator
- Gusto - Full Access administrator role
- Justworks - Admin role
- Rippling - Admin access
- Front - Company administrator
- Zendesk - Administrator or Account Owner role
- Salesforce - Administrator role and your Salesforce Instance URL
- HubSpot - Admin role and your HubSpot Instance URL
- Jira - No explicit permission required, just a Jira account
- Linear - Administrator role
- Asana - Administrator role
- GitHub - Owner or Manager role
- Notion - Notion admin
- Google Workspace - Must be a Google Workspace Admin
- Zoom - Zoom account owner
- Slack - Ability to connect Slack to third-party applications and install Slack apps
- Roam - Administrator role
If you’re unsure whether you have the right permissions, contact your IT team or system administrator before attempting to connect an integration.
Access tiers
Windmill provides different access levels to ensure the right people can see the right information: Admin - Full access to all settings, connections, and team data Manager - Access to their direct reports’ data and team insights Individual contributor - Access to only their own data and feedback These tiers ensure that sensitive information is only visible to authorized personnel based on your org chart structure.Additional resources
For more information about security and compliance:- Visit our Trust Center
- Review our Privacy Policy
- Request our SOC 2 report at support@gowindmill.com