At HRConnect, we take the security of your data seriously. This Security Policy outlines the measures we take to protect your information and ensure the integrity, confidentiality, and availability of our services.
Our Security Commitment
We are committed to implementing and maintaining a comprehensive security program that protects your data from unauthorized access, disclosure, alteration, and destruction. Our security practices are designed to meet or exceed industry standards and regulatory requirements.
We employ multiple layers of security to protect your data at rest and in transit, including encryption, access controls, and regular security assessments.
We implement strict access controls, including role-based permissions, multi-factor authentication, and regular access reviews.
Our infrastructure is hosted in secure, SOC 2 compliant data centers with physical security measures and environmental controls.
Encryption
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Database backups are also encrypted.
Data Segregation
Customer data is logically segregated to ensure that one customer's data cannot be accessed by another customer.
Secure Development
Our development process follows secure coding practices, including regular code reviews, static code analysis, and vulnerability scanning.
Regular Backups
We perform regular backups of all customer data and test restoration procedures to ensure data can be recovered in case of an incident.
Security FAQs
Reporting Security Concerns
We take security concerns seriously and encourage responsible disclosure of potential security issues. If you believe you've found a security vulnerability in our service, please report it to us at security@hrconnect.com or through our contact form.
We request that you:
- Provide us with enough information to reproduce the issue
- Give us reasonable time to address the issue before disclosing it publicly
- Do not access or modify data belonging to other customers
- Act in good faith and do not conduct denial of service attacks or other disruptive activities
Updates to this Security Policy
We may update this Security Policy from time to time to reflect changes in our security practices or for other operational, legal, or regulatory reasons. We will notify customers of any material changes to this policy.
Security is a Shared Responsibility
While we take extensive measures to protect our platform and your data, security is a shared responsibility. We encourage you to implement strong security practices within your organization, such as using strong passwords, enabling multi-factor authentication, and regularly reviewing user access.