Keeping our customers' data safe is one of the most important things that we care about at HrFlow.ai and we make sure that all the data we processed is handled securely.
We're proud to have in our team people who've played major roles in designing, building and operating highly secure Internet facing systems and know all the ins and outs of the data security environment.
World class infrastructure
We host our services and data in Amazon Web Services and Google facilities in Europe. Further details about the measures Amazon and Google take in securing their facilities can be found here: https://aws.amazon.com/compliance/ and https://cloud.google.com/security/gdpr/
At HrFlow.ai we follow and implement the best market practices to improve our security situation.
User rights and access
- Our employees are required to commit to written information security, confidentiality and privacy responsibilities, while our developers are provided with a specific information security awareness training.
- We clearly defined rules regarding user access rights, while a system logs, periodically reviewed, captures all granted accesses and the usage made with them.
- The access to HrFlow.ai's premises is strictly controlled. All third-party person must be accompanied by an HrFlow.ai employee with the sufficient level of responsibility and security training to monitor its presence.
- We perform information security risk assessment at a planned interval and we document all the results.
- We have developed an information security classification scheme. All incidents, whether it is reported by a person, detected upon periodic check of logs, or proactively notified by the logs analysis, will follow a strict urgency/threat/scope level classification with the corresponding handling procedures that are systematically triggered.
- Our data systems are completely separated from other systems, including network systems and webservers.
- Our network segment is secured by different assets: in addition to the server provider security ones, we are using multiple security applications as proactive protection layers.
- All data storage, data traffic, web traffic via our tools and servers or incoming or outgoing from our tools or servers obey cryptographic key management procedures.
- We've implemented annual penetration testing for systems and applications, vulnerability procedures and periodical screening tools to detect and present malware, malicious code, or unauthorised execution of code.
- All application changes undergo testing and include relevant security controls. They are required to meet validation criteria in the development, testing and production environments.
Third-Party providers (including hosting services) undergo a security risk assessment prior to their purchase and a periodic security risk assessment to validate compliance.
Our business is not about processing and storing payments. We work with Stripe, our partner through which all payments made to HrFlow.ai go through. Check their security page for more details.