Skip to Content

Security & Privacy Surfacing


We know you’re trusting BambooHR with your data, and we take that responsibility very seriously. That’s why we practice Defense in Depth, a principle for securing content at all steps instead of simply at the application edge points. We keep your data locked down at every level, and we take multiple measures to ensure it stays that way. Here are just some of the measures we take to prevent data leaks and unauthorized data access:

We understand that security is more than just creating a secure application—it involves monitoring, improving, and remaining vigilant against risks both internal and external.

We can provide additional information, including compliance reports and attestation letters, upon request.

Our customers’ data is hosted in the United States, Canada, or Ireland, depending on the location and needs of individual customers and applicable laws. All information is encrypted in transfer, and certain sensitive fields are encrypted at rest. In addition, the data center located in Ireland meets all of the data requirements of the European Union, European Economic Area, Switzerland, and the United Kingdom.

United States

European Union



BambooHR does not sell, share, or trade any customer data—period. Your information and your company’s information is not for sale, and never will be. Access to customer data is restricted to individuals who require that information to fulfill their job duties. All employees are subject to background checks before hiring, and we only hire individuals of the highest integrity.

We are:

PCI DSS Compliant
SOC Service

EU Customers

We also maintain compliance with European Union data privacy and United Kingdom laws to ensure data privacy for our European customers.

Detailed look at our Terms of Service > Complete explanation of our Privacy Policy >

We use cookies to improve your browsing experience. By continuing to use this website, you agree to our use of cookies in accordance with our privacy policy.