As a privately held company, WhenToWork, Inc. does not give out specific information on our internal structures, policies and procedures (including things like our internal audits, internal structures, or security specifics) nor do we allow external audits or inspections of our system. So we have provided below what information we can give, and hopefully this will be sufficient for your organization’s determination of whether our system will be a good match for your needs:

Online System

WhenToWork is an online worker scheduling system that allows organizations to create and communicate schedule information for their workers. It is only available online, hosted on our servers as a SaaS subscription. There is no software that is downloaded and no direct integration with your system or network.

Server Security

Our multiple servers are fully owned by WhenToWork and housed in the continental US hosted by who is well-regarded in the industry. Superb has security measures and multiple redundancies in place but we do not share the specifics of the physical security. Data from multiple customers is stored within the same databases on our servers, though access to any particular customer’s account can only be gained through account-specific passwords. For more on’s SSAE-16 SOC-2 Type II compliance please see this page:

System Security

Access to our SSL secure system is through password protected logins, created through our system (there is no way to connect to your system to run authorization requests through your software). While the strength of chosen passwords is displayed as a guide when a user is choosing a new password, our system does not force compliance with password complexity or policies other than a minimum length requirement. Entered passwords are stored as salted hash method.

Company-Wide Security Policies

WhenToWork employees are committed to a very strict privacy policy. All information is protected and strict guidelines are adhered to by our staff. If there is a concern beyond this, please note that no sensitive data is required by our system, so if there is any concern then simply do not enter any such information into your account. Note we are a US based corporation and abide by all US laws.

For our privacy policy you can review it here:

System Updates & Backups

Our system software is updated routinely and all new updates are immediately available to customers. All development is done “in house” and all our staff are in the USA. We back up our entire system nightly and the backup information is stored in two physically different locations within the US. The backup files assist in both minimal data restoration (if a scheduling manager accidentally deletes some data) as well as for disaster recovery should there be a system failure. Backup archives are stored for the previous week, then monthly up to 6 months maximum. Individuals can also create their own backup files by exporting their schedule data to text files and saving to their own device, or by using our export to Google Calendar functionality.

Terms of Service & Institutional Terms of Service

While do we not have a Service Level Agreement, all use of our system is covered under our “Terms of Service” agreement which can be found here: Many larger institutions prefer to be covered under our alternative “Institutional Terms of Service” agreement instead (which can be found at:, so if your organization prefers the Institutional TOS instead just email with your account number and let us know. Note we do not allow any modifications or addendums to our terms agreement, nor do we enter into any other agreements with our customers.

System Up-Time & Scheduled Maintenance

We strive for 99.9% uptime and have achieved that goal for each year since we began in 2001. We have monitoring systems in place to alert us to any issues in service speed or connection, and we have a separate status site at that provides information on the status of our WhenToWork system and any known issues. Any planned outages for maintenance or upgrades are posted in advance on that status site as well as on the account home pages.

Browser Access & Compatibility

Our system can be used with a variety of browsers: IE, Chrome, Firefox, Safari, etc and works on Windows and on Macs, and we also have a free mobile version that can be used on any smartphone: iPhone, Android, Windows, Blackberry, etc. Nothing more than a browser that allows Javascript and a connection to the internet is required.


We provide an optional screen reader version of our full version for worker interface. You can download our VPAT and try out our screen reader version in a sample worker account by going to our page here:

The best way to know if our system will be a good fit for all your organization’s users is through direct use, so should someone at your organization have any trouble with any of our displays during actual use, just have them send more details on which particular pages are causing trouble and we will have our developers work to help resolve any issues.

Use With Third Party Software

Our system does not interface or directly connect to any customer software or networks. We do offer the ability for scheduling managers to export schedule data to text files in a variety of prescribed third party software formats.

Reports & Tracking – API Access

Our system does have a variety of reporting, file exporting and tracking functionality for the scheduling managers within their account displays to know when the workers have logged in or if received emails, etc, but we do not offer API or other bi-directional queries for logging or tracking information from our system.

System Monitoring

We have our own internal systems in place for security monitoring and audits, but we do not share specifics on our internal systems and policies.

No Sensitive Data Required

Note that our system is for scheduling workers to shift times, so there is no sensitive data required by our system and there should be no storing or transmitting of restricted data as scheduling managers should not be entering that type of information into our system. If there are any concerns about data security we recommend that your organization simply not enter any sensitive data into the account. Note no identifiable information is required, you do not have to enter addresses, phone, email or even full names; you can enter just initials or worker codes if preferred.

If you have any other specific questions or concerns please contact us at

Start Your Free 30 Day Trial Today

No Credit Card or Phone Number Required