Security

Payroll data deserves finance-grade controls.

Run Payroll is designed around tenant isolation, role-based access, PII protection, audit history, and DPDP-aware operating practices.

Tenant-scoped access

Available

Company data is designed to stay scoped to the active tenant and role.

PII encryption and masking

Available

Sensitive payroll identifiers should remain protected at rest and masked in normal workflows.

Audit history

Available

Payroll-sensitive changes are captured for review and investigation.

MFA for sensitive access

Available

Step-up controls are used for high-risk authentication and account operations.

DPDP-aware processes

Practice

Data handling, breach response, export, and erasure workflows are shaped around Indian privacy expectations.

SOC 2 / ISO 27001

Roadmap

Formal external certifications are not claimed for launch; they remain a future roadmap item.

Controls

Security, explained in plain payroll language.

You should know exactly how employee data, salary data and statutory outputs are kept safe before you trust the system.

Tenant-scoped by design

Your payroll data is read and changed only inside your own company and role.

Sensitive data protected

PAN, Aadhaar, UAN, ESIC and bank details are treated as protected payroll data.

Masked by default

Sensitive values stay hidden in everyday work and reveal only for people who are allowed.

A clear history

Payroll-sensitive actions are traceable for reviews, disputes and audits.

Stronger sign-in

Sensitive account and admin actions can require an extra verification step.

Run with discipline

Backups, access review and incident response are part of how the service is operated.

We do not claim completed SOC 2 or ISO 27001 certification. Those stay marked as roadmap items until they are formally completed and verified.

Keeping your records in order

We promise only what we can explain and operate today. Stronger certifications are added when the evidence exists — never before.