🛡 Enterprise HR Data Security
Enterprise-Grade Security
Your employee data is your most sensitive business asset. We protect it with bank-grade encryption, continuous monitoring, and international security standards.
Certified & Independently Audited
ISO 27001:2022
Information Security Management
SOC 2 Type II
Security, availability & confidentiality
GDPR Compliant
EU data protection regulation
PDPA Compliant
India Personal Data Protection
Multiple Layers of Protection
Security is built into every layer of our platform — from the infrastructure to the application to your login screen.
AES-256 Encryption
All data encrypted at rest using AES-256-GCM and in transit using TLS 1.3. Employee PAN numbers, bank details, and salary data are field-level encrypted.
Multi-Factor Authentication
Mandatory MFA for all admin accounts using TOTP authenticator apps. Optional for employee logins. SSO integration with Google Workspace and Microsoft 365.
Role-Based Access Control
Granular permission system — HR admin, manager, employee, payroll operator. Each role sees only the data they need. Full audit trail of every access and change.
Real-Time Monitoring
24/7 security monitoring with anomaly detection. Unusual login patterns, bulk data exports, and off-hours admin access trigger immediate alerts.
Data Residency in India
All data stored in AWS Mumbai (ap-south-1) data centres. Data never leaves Indian jurisdiction. Important for DPDP Act compliance.
Penetration Testing
Annual third-party penetration testing by CERT-IN empanelled security firms. Vulnerability disclosures handled within 72 hours via responsible disclosure programme.
Automated Backups
Continuous database backups with 30-day retention. Point-in-time recovery capability. Daily backup restoration tests ensure data recoverability.
Session Management
Configurable session timeouts. Concurrent session limits. Forced logout on suspicious activity. IP whitelisting available for enterprise customers.
Incident Response
Defined incident response plan with 2-hour notification SLA for critical security events. Post-incident root cause analysis shared with affected customers.
99.9% Uptime. Built on AWS.
Multi-AZ deployment on AWS Mumbai. Auto-scaling under load spikes on payroll run days.
CDN-accelerated with CloudFront. Static assets served from edge nodes closest to Hyderabad.
Daily automated backups. Point-in-time recovery. RTO: 4 hours. RPO: 1 hour.
Security & Data Protection FAQs
All data is encrypted with AES-256 encryption at rest and TLS 1.3 in transit. The platform uses SOC 2 Type II certified infrastructure with role-based access controls. Regular penetration testing and third-party security audits ensure continuous protection. Data is stored in geographically redundant data centres with 99.99% uptime SLA.
Yes. The platform complies with the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act 2023 (DPDP Act). This includes data minimisation, purpose limitation, consent management, right to erasure, data portability, and mandatory breach notification within 72 hours.
The platform holds ISO 27001 certification for information security management, SOC 2 Type II attestation for security controls, and follows OWASP Top 10 secure coding practices. Annual third-party audits verify compliance with all security standards.