Security and Privacy at ZenHR

At ZenHR, security and privacy are core principles that guide everything we do. To assist our customers in enhancing their security and compliance practices, we must first ensure the utmost security for our systems and processes.

Our Security Policy

ZenHR's Security and Privacy teams formulate policies and implement controls. They continuously assess compliance with these controls and provide evidence of our robust security and compliance practices to third-party auditors. This proactive approach showcases our dedication to safeguarding data and maintaining the trust of our valued clients.



The basis of our policies stems from the following foundational principles:

01.
Our access control approach entails restricting access solely to individuals with a verifiable business necessity, adhering to the principle of least privilege when granting permissions.
02.
Security controls must be applied and layered following the defense-in-depth principle.
03.
Consistent application of security controls is essential across all areas of the enterprise.
04.
Controls should undergo an iterative implementation process to achieve better effectiveness and reduce friction across the organization.
Security and compliance are non-negotiables at ZenHR
We adhere to SOC 2 compliance standards, a widely recognized data security and privacy standard, to demonstrate our dedication to safeguarding our clients' assets and data. This is a testament to our ongoing efforts to maintain the highest protection and trust for our valued customers.
Secure Data Management
Data Privacy

All customer data, including S3 buckets, is encrypted at rest. For enhanced security, sensitive collections and tables utilize row-level encryption. This ensures that data is encrypted even before it reaches the database, rendering physical access or logical database access insufficient to read the most sensitive information.

Data on the Move

ZenHR ensures data security in transit by employing TLS 1.2 or higher whenever data is transmitted across potentially insecure networks. Additionally, we implement advanced features like HSTS (HTTP Strict Transport Security) to further enhance data security while it is in transit. AWS manages server TLS keys and certificates deployed through Application Load Balancers for robust protection.

Product Security Protocols

At ZenHR, we prioritize the security of our products and cloud infrastructure through rigorous penetration testing on an annual basis. Our commitment to security includes conducting annual penetration tests and leveraging the expertise of top professionals in the field. Our approach to penetration testing involves comprehensive assessments across all aspects of the ZenHR product and cloud infrastructure. To ensure thorough evaluation and coverage, we provide full access to our source code to the testing team. We maintain a strong focus on security without relying on external vendor names. This approach allows us to continually enhance the protection of our systems and data, providing our clients with the highest level of security and trust. Please rest assured that our dedication to security remains unwavering as we continually strive to safeguard our systems and customer information at ZenHR.

Need to report a security issue?

Please email: [email protected]