Security
Treated like the financial data it is.
Payroll is the most sensitive PII a company holds. Our defaults reflect that — encryption everywhere, masking by default, tenant isolation, and a DPDP-shaped breach process.
DPDP
India's Digital Personal Data Protection Act, 2023
SOC 2
Type II audit in progress
ISO 27001
Information security management roadmap
AES-256
Encryption at rest for all PII
TLS 1.3
Encryption in transit on every endpoint
RLS
Row-level security across tenants
Pillars
What we mean by 'secure by default'.
Encryption everywhere
PAN, Aadhaar, bank account numbers, UAN, ESIC and salary fields encrypted column-by-column at rest with envelope keys.
Field-level masking
PII surfaces are masked by default in tables, audit logs, and CSV exports. Reveal requires explicit role grant.
Tenant isolation
Every query carries a tenant scope. Defence-in-depth via Postgres row-level security policies (post role swap).
MFA + SSO
TOTP MFA available for every role. Google Workspace SSO for Pro and Enterprise. IP allowlists configurable per company.
Audit trail
Forensic-grade event log. Every payroll entry change, every PII reveal, every login — captured and exportable.
Breach notification
DPDP-compliant 72-hour breach notification process. Incident runbook + designated DPO contact.
Data residency
Customer data hosted in India (ap-south-1). Backups encrypted and replicated within the region. No cross-border egress.
Right to erasure
Self-service data export and erasure flows for every employee under DPDP. Audited and signed.