SiteStack PresenceStack AI Hybrid AI Environment Pricing About Get Started
Security

Your data. Your server. Your rules.

VirtualWorks is built on a simple principle: you should own your data and your systems, not rent access to them. Here's exactly how we protect your business and your customers.

Contact Us With Security Questions โ†’

SSL on every site  ยท  Encrypted data storage  ยท  Daily backups  ยท  No data selling, ever

Core Principles

Three things we never compromise on.

๐Ÿ”

You own your code

Every website we build is standard HTML, CSS, and JavaScript that lives on your server. No proprietary platform. No lock-in. If you ever want to leave, you take your site with you. No export fees, no restrictions.

๐Ÿ”’

Encryption everywhere

Every site we host runs on HTTPS with TLS encryption, enforced from the first request. SSL certificates are issued automatically and renewed before they expire. Plain HTTP is never allowed.

๐Ÿšซ

We don't sell your data

Your customer data and your business data are never shared with or sold to third parties for marketing or any other purpose. The data you give us is used to run your services and nothing else.

Infrastructure

How we secure the systems that run your business.

Web server security

All VirtualWorks-hosted websites run on dedicated virtual private servers with automated security patching, firewall rules restricting unnecessary ports, and fail2ban-style intrusion detection to block brute-force attempts. We don't run customer sites on shared hosting where one compromised account can affect others.

  • TLS 1.2+ enforced, older protocols disabled
  • Security headers on every response (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
  • HTTP Strict Transport Security (HSTS)
  • Automated certificate renewal via Certbot
  • Admin panels rate-limited and access-restricted

Data storage & backups

All customer and operational data is stored in encrypted PostgreSQL databases. Application secrets and API keys are managed as environment variables, never hardcoded into application code or committed to version control.

  • Daily automated database backups with 7-day retention
  • Website files backed up daily alongside database snapshots
  • Backup scripts run at 2 AM server time, off-peak
  • Database credentials never exposed in application code
  • Separate credentials per service and per environment
AI & SMS Data

How we handle AI conversation data.

When customers text your business through the VirtualWorks AI Agent, here's exactly what happens to those conversations.

What we store

Incoming and outgoing SMS messages are logged to your business account so you can review conversations, respond personally when appropriate, and audit AI behavior. Conversation logs are scoped to your business account and not accessible to other VirtualWorks clients.

  • Messages tied to your business ID, not a shared pool
  • Accessible only through your authenticated admin panel
  • Used to improve your AI Agent's responses, not to train shared models

What we don't do

We do not sell, license, or share SMS conversation data with third parties. We do not use your customer conversations to train publicly available AI models. Conversations are retained for operational purposes and deleted upon account termination.

  • No selling of conversation data to advertisers or data brokers
  • No sharing with other VirtualWorks clients
  • No use of your data to train models available to competitors
  • Opt-out honored immediately upon STOP keyword. No further messages sent
Ownership Philosophy

Why ownership is a security feature.

Most website platforms create a single point of failure: if the platform gets breached, all customers' data is at risk. If the platform shuts down, all customers lose their sites. If the platform raises prices, customers are locked in with no leverage.

VirtualWorks is structured differently. Each client's website lives on isolated infrastructure. Your site's data doesn't share a database with thousands of other businesses. Your code isn't stored in a proprietary format controlled by a third party. A compromise of one client's environment doesn't cascade to others.

This also means if you ever want to stop using VirtualWorks, you take everything with you. Your site files, your domain, your customer data. All of it belongs to you. The same code-ownership philosophy that protects you from platform risk also protects you from vendor lock-in.

Privacy & Compliance

Built with privacy in mind from the start.

What we collect and why

We collect only what's needed to deliver your services: business information from your intake form, SMS conversations with your customers, analytics events to understand site performance, and payment information processed through our payment provider (never stored on our servers).

We use this information to build your site, train your AI Agent, and improve your service. Nothing else.

Compliance readiness

VirtualWorks follows data minimization principles aligned with GDPR and CCPA. We do not track or profile end users across sites for advertising purposes. Our SMS program is TCR-registered and follows CTIA guidelines for opt-in, opt-out, and HELP responses.

  • Privacy Policy available at /privacy/
  • SMS Terms available at /sms-terms/
  • Data deletion available upon request
  • No cross-site tracking of your customers
Security Contact

Questions or concerns?

If you have a security question, want to report a vulnerability, or need information for compliance purposes, reach out directly.

Email: david@virtualworks.ai

Response time: We respond to security inquiries within 24 hours on business days.

Vulnerability disclosure: If you discover a security issue with our systems, please email us privately before disclosing publicly. We take all reports seriously and respond promptly.