Our Commitment
People data is some of the most sensitive information in any organization. We treat it with the care it deserves. Our security program is built on the principle that your employees' data should be protected at every layer — from network to application to process.
SOC 2 Type II
Independently audited annually. Our SOC 2 report is available to customers and prospects under NDA.
GDPR Compliant
Full GDPR compliance with DPA, data residency options, right to deletion, and data portability.
Penetration Tested
Quarterly third-party penetration tests. All findings remediated within defined SLAs.
Infrastructure
- Hosting: Multi-region deployment on ISO 27001 certified cloud infrastructure
- Tenant Isolation: Strict data separation at the database level — your data is never co-mingled
- Network: DDoS protection, WAF, and rate limiting on all endpoints
- Access Control: Zero-trust architecture with mandatory MFA and just-in-time access for all employees
- Monitoring: 24/7 infrastructure monitoring with automated anomaly detection
- Backup: Encrypted daily backups with point-in-time recovery and cross-region replication
Application Security
- Encryption: AES-256 at rest, TLS 1.3 in transit. All credentials and API keys are hashed
- Authentication: OAuth 2.0, SAML SSO, and SCIM provisioning. Session tokens are scoped and rotated
- Permissions: Role-based and field-level access control. Admins choose exactly who sees what data
- Audit Trail: Immutable logs for every data access, change, and export. Tamper-evident storage
- Secure SDLC: Mandatory code review, SAST scanning, and dependency auditing on every release
Responsible Disclosure
We welcome security researchers to report vulnerabilities responsibly.
- Report vulnerabilities to security@hrinfo.me
- We respond to all reports within 24 hours
- We do not pursue legal action against good-faith researchers
- Critical vulnerabilities are eligible for our bug bounty program
Questions?
For security inquiries or to request our SOC 2 report, contact security@hrinfo.me.