Security and Privacy at ZenHR
At ZenHR, security and privacy are core principles that guide everything we do. To assist our customers in enhancing their security and compliance practices, we must first ensure the utmost security for our systems and processes.
Our Security Policy
ZenHR's Security and Privacy teams formulate policies and implement controls. They continuously assess compliance with these controls and provide evidence of our robust security and compliance practices to third-party auditors. This proactive approach showcases our dedication to safeguarding data and maintaining the trust of our valued clients.
The basis of our policies stems from the following foundational principles:
All customer data, including S3 buckets, is encrypted at rest. For enhanced security, sensitive collections and tables utilize row-level encryption. This ensures that data is encrypted even before it reaches the database, rendering physical access or logical database access insufficient to read the most sensitive information.
ZenHR ensures data security in transit by employing TLS 1.2 or higher whenever data is transmitted across potentially insecure networks. Additionally, we implement advanced features like HSTS (HTTP Strict Transport Security) to further enhance data security while it is in transit. AWS manages server TLS keys and certificates deployed through Application Load Balancers for robust protection.
Product Security Protocols
At ZenHR, we prioritize the security of our products and cloud infrastructure through rigorous penetration testing on an annual basis. Our commitment to security includes conducting annual penetration tests and leveraging the expertise of top professionals in the field. Our approach to penetration testing involves comprehensive assessments across all aspects of the ZenHR product and cloud infrastructure. To ensure thorough evaluation and coverage, we provide full access to our source code to the testing team. We maintain a strong focus on security without relying on external vendor names. This approach allows us to continually enhance the protection of our systems and data, providing our clients with the highest level of security and trust. Please rest assured that our dedication to security remains unwavering as we continually strive to safeguard our systems and customer information at ZenHR.
Need to report a security issue?
Please email: security@zenhr.com