Enterprise-grade security, compliance certifications, and privacy-by-design — because HR data is among the most sensitive data your company holds.
All data is encrypted at rest using AES-256. Every byte of HR data is encrypted before touching disk.
All data in transit is protected by TLS 1.3. We do not support older, insecure protocols like TLS 1.0/1.1.
Independently audited and certified for Security, Availability and Confidentiality trust service criteria.
Fully compliant with India's Digital Personal Data Protection Act 2023. Data residency in India by default.
Information Security Management System certified. Annual external audits by KPMG India.
Quarterly pen tests by independent security researchers. Bug bounty program with HackerOne.
HRflix runs on AWS Mumbai (ap-south-1) with multi-AZ redundancy. We never store data outside India unless explicitly requested by the customer.
We follow the principle of least privilege. Internal engineers never have standing access to production data — all access is just-in-time and fully audited.
Found a vulnerability? We take security reports seriously. Email security@hrflix.in with details. We commit to a 48-hour initial response and responsible coordinated disclosure.