We know you’re trusting BambooHR with your data, and we take that responsibility very seriously. That’s why we practice Defense in Depth, a security principle focused on keeping content secure at all steps in the application rather than simply at edge points. In other words, instead of just securing the borders, we keep your data locked down at every level. We don’t believe in only one solution for data security, and we aim for constant improvement in our methods, because we know the bad guys are constantly improving theirs. Without revealing too many details about our security protocol, here are some of the measures we take to prevent data leaks and unauthorized data access:
We understand that security is more than just creating a secure application—it involves monitoring, improving, and remaining constantly vigilant against risks both internal and external.
We can provide compliance reports and letters of attestation to current and prospective customers upon request.
If you have your data secured in our EU data center, that is an independent instance of our application, and no EU customer data is ever stored or hosted on US servers.
We are hosted in two geographically separate Rackspace® data centers in the US, and all data is encrypted in transfer; more information is available upon request.
BambooHR does not sell, share, or trade any customer data, period. Your information and your company’s information is not for sale, and never will be. Access to customer data is restricted to individuals who require that information to fulfill their job duties. All employees are subject to background checks before hiring, and we only hire individuals of the highest integrity.