Enterprise-Grade Security

Your Data is Protected

We take security seriously. Employee Envoy uses industry-leading encryption, access controls, and compliance standards to protect your employee data.

Security Practices

Multiple layers of security protect your data at every level

End-to-End Encryption

All data is encrypted at rest and in transit using AES-256 encryption. Credentials are encrypted with industry-standard algorithms.

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Encrypted credential storage

Strong Authentication

Multi-factor authentication and secure password hashing protect user accounts from unauthorized access.

  • PBKDF2-SHA512 password hashing
  • TOTP-based MFA (RFC 6238)
  • Session management with secure tokens

Role-Based Access

Granular permissions ensure users only access data and features they need for their role.

  • Persona-based access control
  • Multi-tenant data isolation
  • Customer-level permissions

Complete Audit Trail

Every action is logged with timestamps, user identification, and context for compliance and security.

  • Comprehensive activity logging
  • Immutable audit records
  • Exportable audit logs

Secure Infrastructure

Built on Cloudflare's global network with enterprise-grade security and reliability.

  • Cloudflare Workers & D1 Database
  • 99.9% uptime SLA
  • Automatic backups & disaster recovery

Data Privacy

We never sell your data. Your employee information is used solely to provide the service.

  • No data sharing with third parties
  • Data deletion on request
  • Right to access & export data

Compliance & Certifications

We meet or exceed industry standards for data protection and privacy

GDPR Compliant

Full compliance with the General Data Protection Regulation (GDPR) for European users.

  • Right to access, rectification, and erasure
  • Data portability
  • Privacy by design

CCPA/CPRA Compliant

Compliant with California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

  • Right to know what data is collected
  • Right to delete personal information
  • Right to opt-out of data sharing

SOC 2 Roadmap

We are building our security controls with SOC 2 Trust Service Criteria in mind. Our current infrastructure includes many controls required for SOC 2 compliance:

  • Access controls with MFA and role-based permissions
  • Encryption at rest and in transit
  • Comprehensive audit logging
  • Secure credential storage

We plan to pursue formal SOC 2 certification as we scale. Enterprise customers requiring SOC 2 attestation can contact us to discuss our security controls and roadmap.

Additional Security Features

Rate Limiting

API endpoints are protected with rate limiting to prevent abuse and brute force attacks.

Content Security Policy

CSP headers protect against XSS attacks and unauthorized script execution.

Regular Security Updates

We regularly update dependencies and patch security vulnerabilities.

Automated Backups

Daily automated backups ensure data recovery in case of incidents.

Health Monitoring

24/7 monitoring and alerting for security incidents and system health.

Secure Credential Storage

Integration credentials are encrypted and stored securely, never exposed in logs or UI.

Found a Security Issue?

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Email: [email protected]

Please include details about the vulnerability, steps to reproduce, and potential impact. We will respond within 48 hours and work with you to resolve the issue responsibly.

Secure Employee Lifecycle Management

Start your free 14-day trial with enterprise-grade security

Start Free Trial