Security

Security First

Your data is sacred to us

Enterprise-grade security, compliance certifications, and privacy-by-design — because HR data is among the most sensitive data your company holds.

AES-256 Encryption

All data is encrypted at rest using AES-256. Every byte of HR data is encrypted before touching disk.

Active
TLS 1.3 in Transit

All data in transit is protected by TLS 1.3. We do not support older, insecure protocols like TLS 1.0/1.1.

Actice
SOC 2 Type II

Independently audited and certified for Security, Availability and Confidentiality trust service criteria.

Certified

DPDP Act Compliant

Fully compliant with India's Digital Personal Data Protection Act 2023. Data residency in India by default.

Compliant
ISO 27001

Information Security Management System certified. Annual external audits by KPMG India.

Certified
Penetration Testing

Quarterly pen tests by independent security researchers. Bug bounty program with HackerOne.

Quarterly

Infrastructure Security

HRflix runs on AWS Mumbai (ap-south-1) with multi-AZ redundancy. We never store data outside India unless explicitly requested by the customer.

VPC network isolation with no public-facing databases

WAF (Web Application Firewall) protecting all endpoints

DDoS protection via AWS Shield Advanced

Automated vulnerability scanning on every code deploy

Access Controls

We follow the principle of least privilege. Internal engineers never have standing access to production data — all access is just-in-time and fully audited.

Responsible Disclosure

Found a vulnerability? We take security reports seriously. Email security@hrflix.in with details. We commit to a 48-hour initial response and responsible coordinated disclosure.