Security & Privacy


 

Best-in-class security infrastructure and privacy controls.

HR data should always be kept confidential. That’s why we focus deeply on ensuring our customers’ data is protected to the highest industry standards. To that end, we have built and implemented many of the same security and privacy controls used by top-tier financial institutions. On top of that, we regularly re-evaluate and test our security measures to assure we align with industry standards & best practices.

Security and Privacy

Encryption

  • Data transmitted between your browser and our application is encrypted using bank­-grade 256­-bit SSL certificates.
  • Sensitive data stored in our database is encrypted using bank-­grade 256­-bit AES encryption and a unique master key per customer.
  • Account passwords are stored using one­-way encryption so they can never be accessed in plain text (even by us).
  • Each customers’ data is sandboxed in a unique, protected database environment.

Security and Privacy

Application & Systems Security

  • We stay 100% up-to-date on security patches and fixes from our vendors.
  • We follow industry best practices against man-in-the-middle attacks, injection attacks, and cross-­site request forgery.
  • Only individually-­authorized computers (such as those from our Engineering Team) can access our production servers.
  • We implement strict firewall and authentication rules on all of our production machines.

Security and Privacy

Data Center

Security and Privacy

Audit Logs and Monitoring

  • We maintain comprehensive audit logs covering all customer and user transactions, systems access, and network operations.
  • Passwords, social security numbers, and other sensitive information are automatically stripped out from log files and audit records.
  • We monitor our infrastructure 24×7 using a combination of third­-party monitoring services, including New Relic, Sentry, and Uptime Robot.

Security and Privacy

Backup

  • Production data is automatically and continuously backed up to multiple, separate locations.
  • We maintain hourly backup records for the last 7 days, and daily backup records for the last 2 weeks of time.
  • Backup data is protected using the same safeguards we employ for our regular production environment.

Security and Privacy

Operational Security

  • Our application is built and maintained entirely in­-house by our core Engineering Team. Outside vendors never have access to any part of our code, databases, or application infrastructure.
  • Database and server access is restricted to Engineering Team members on a strict need­-to-know basis.
  • We eat our own dog food. We trust our own sensitive HR information to our application, making sure our security and privacy priorities never become misaligned with our customers’.

Questions and Concerns

To report a security concern, or if you have other questions or issues, please reach out to us.