Skip to main content
All CollectionsCompliance
HrFlow.ai commitment to security
HrFlow.ai commitment to security

Understand HrFlow.ai security protocols and policy.

Benqa avatar
Written by Benqa
Updated over 3 years ago

Keeping our customers' data safe is one of the most important things that we care about at HrFlow.ai and we make sure that all the data we processed is handled securely.

Here, we'll share some of the details on how we keep things secure. Don't hesitate to check out or Privacy Policy for any other related concern.

Experienced team

We're proud to have in our team people who've played major roles in designing, building and operating highly secure Internet facing systems and know all the ins and outs of the data security environment.

World class infrastructure

We host our services and data in Amazon Web Services and Google facilities in Europe. Further details about the measures Amazon and Google take in securing their facilities can be found here: https://aws.amazon.com/compliance/ and https://cloud.google.com/security/gdpr/

Best practices

At HrFlow.ai we follow and implement the best market practices to improve our security situation.

User rights and access

  • Our employees are required to commit to written information security, confidentiality and privacy responsibilities, while our developers are provided with a specific information security awareness training.

  • We clearly defined rules regarding user access rights, while a system logs, periodically reviewed, captures all granted accesses and the usage made with them.

  • The access to HrFlow.ai's premises is strictly controlled. All third-party person must be accompanied by an HrFlow.ai employee with the sufficient level of responsibility and security training to monitor its presence.

Incidents

  • We perform information security risk assessment at a planned interval and we document all the results.

  • We have developed an information security classification scheme. All incidents, whether it is reported by a person, detected upon periodic check of logs, or proactively notified by the logs analysis, will follow a strict urgency/threat/scope level classification with the corresponding handling procedures that are systematically triggered.

Network systems

  • Our data systems are completely separated from other systems, including network systems and webservers.

  • Our network segment is secured by different assets: in addition to the server provider security ones, we are using multiple security applications as proactive protection layers.

  • All data storage, data traffic, web traffic via our tools and servers or incoming or outgoing from our tools or servers obey cryptographic key management procedures.

Risk management

  • We've implemented annual penetration testing for systems and applications, vulnerability procedures and periodical screening tools to detect and present malware, malicious code, or unauthorised execution of code.

  • All application changes undergo testing and include relevant security controls. They are required to meet validation criteria in the development, testing and production environments.

Third parties

Third-Party providers (including hosting services) undergo a security risk assessment prior to their purchase and a periodic security risk assessment to validate compliance.

Payment details

Our business is not about processing and storing payments. We work with Stripe, our partner through which all payments made to HrFlow.ai go through. Check their security page for more details.

Did this answer your question?