All Features

Security your IT team will actually approve

Every tool on WorkApps is private by default, encrypted in transit and at rest, and accessible only to authenticated team members.

Private by default

WorkApps was built for internal tools — not public websites. There's no "make public" button, no marketplace listing, no way for an outsider to stumble onto your team's tools.

Every tool requires authentication to access. Your team signs in with their credentials. Everyone else sees nothing.

Security on every app

You shouldn't have to pay extra for the basics. These protections are included with every app you publish on WorkApps.

Authenticated access

Every app

Every published tool is private by default. Only authenticated team members can access your tools — no public links, no accidental exposure.

No public marketplace

Every app

Your tools are never listed in a public directory. WorkApps is not a marketplace — it's a private publishing platform for your team.

Data encrypted in transit and at rest

Every app

Industry-standard TLS encryption for data in transit and AES-256 encryption at rest. Your tools and their data are protected at every layer.

Globally distributed infrastructure

Every app

Tools are served from edge locations closest to your team. Fast load times, high availability, no single point of failure.

Enterprise-grade controls

For organizations that need company sign-in (SSO), activity tracking, and compliance controls that satisfy security reviews.

Enterprise add-on · $399/mo →

Company sign-in (SSO) enforcement

Enterprise

Require login through Microsoft Entra ID or another SAML provider — and disable all other sign-in methods (magic link, Google, or Microsoft). One way in, zero side doors.

Custom domain

Enterprise Coming soon

Your tools will live at your own web address (e.g. tools.acme.com) instead of your-company.workapps.run. Builds internal credibility and makes the tool feel native. Coming soon.

Guest email restrictions

Enterprise

Control exactly which email domains can access your apps as guests. Restrict guest access to approved partners or disable it entirely.

Built-in usage analytics

Enterprise

Org-level dashboard shows DAU/WAU/MAU trends, app adoption rankings, member vs. guest split, and storage consumption. Per-app analytics show top users, total events, and last-active timestamps. No third-party tracking scripts.

Full activity log — 365-day retention

Enterprise

Every publish, role change, data structure update, and access event logged and retained for a full year (vs. 90 days on baseline). Export anytime as CSV.

Higher platform limits

Enterprise

75 MB uploads, 200 MB extracted, 1 GB structured data, 1M records, 5 GB attachments, 25 webhook connections per app (vs 3 baseline), and 100 version retention per app.

Organization-wide scale

Enterprise

Baseline apps support up to 2,500 monthly active users. Enterprise removes that ceiling so a tool built for one team can safely roll out company-wide.

Role-based access control

Enterprise

Assign Viewer, Editor, or Admin roles per app. Control who can run, edit, or manage each tool independently — without touching org-level permissions.

Compliance-grade infrastructure

For regulated industries that need dedicated infrastructure, tamper-proof audit trails, and multi-year retention. Everything in Enterprise, plus:

Compliance add-on · $799/mo →

Dedicated infrastructure

Compliance

Your organization gets its own database — full physical data isolation, not just logical separation. Your records never share infrastructure with another customer.

Dedicated file storage

Compliance

A separate storage system with restricted access. Attachments and file uploads are isolated from shared infrastructure.

7-year activity log retention

Compliance

Every event retained for 7 years (vs. 1 year on Enterprise, 90 days on baseline). Meets retention requirements for healthcare, finance, and government.

Tamper-proof activity logs

Compliance

Every log entry includes an integrity check and a link to the previous entry, forming a tamper-proof chain. The compliance dashboard shows chain integrity status in real time.

IP address & device logging

Compliance

IP address recorded on every logged event. Device info captured on every sign-in event. Full visibility when you need it.

Signed log exports

Compliance

Export your activity logs with a signed integrity file. Verifiable proof that the export hasn't been altered — ready for auditors and regulators.

Encrypted safety snapshots

Compliance

Before any data migration, WorkApps automatically creates an encrypted snapshot stored in isolated backup infrastructure. If anything goes wrong, your data is recoverable.

90-day webhook log retention

Compliance

Webhook delivery logs retained for 90 days (vs. 30 days on Enterprise, 7 days on baseline). Troubleshoot integration issues weeks after they happen.

Compliance dashboard

Compliance

A dedicated Settings page showing your infrastructure status, log integrity, and a summary of every compliance feature active on your account.

Infrastructure standards

The baseline controls your security team will ask about — included with every app.

Hosted on SOC 2 Type II certified infrastructure
Hosted on ISO 27001 certified infrastructure
TLS 1.3 for all connections
AES-256 encryption at rest
Data deletion within 30 days of request
No third-party data sharing

Your data. Your control.

Delete any tool at any time. Delete your entire account and all associated data. Deletion is permanent and completed within 30 days.

Read our privacy policy →

Explore more features

Publish & Deploy

Upload to live tool in under 60 seconds

Teams & Collaboration

One dashboard for every tool your team builds

Need enterprise security or dedicated infrastructure?

Talk to our team about company sign-in enforcement, tamper-proof activity logs, dedicated infrastructure, and compliance requirements.

Contact Sales See Pricing