Skip to Content

Security & Privacy Surfacing


We know you’re trusting BambooHR with your data, and we take that responsibility very seriously. That’s why we practice Defense in Depth, a security principle focused on keeping content secure at all steps in the application rather than simply at edge points. In other words, instead of just securing the borders, we keep your data locked down at every level. We don’t believe in only one solution for data security, and we aim for constant improvement in our methods, because we know the bad guys are constantly improving theirs. Without revealing too many details about our security protocol, here are some of the measures we take to prevent data leaks and unauthorized data access:

  • Defense in Depth multi-level data security
  • Bi-weekly vulnerability scans
  • Web application firewall
  • Annual third-party SOC II security audit
  • Input validation
  • Annual penetration test by Security Metrics
  • We understand that security is more than just creating a secure application—it involves monitoring, improving, and remaining constantly vigilant against risks both internal and external.

    We can provide compliance reports and letters of attestation to current and prospective customers upon request.

    EU Customers

    If you have your data secured in our EU data center, that is an independent instance of our application, and no EU customer data is ever stored or hosted on US servers.

    US Customers

    We are hosted in two geographically separate Rackspace® data centers in the US, and all data is encrypted in transfer; more information is available upon request.


    BambooHR does not sell, share, or trade any customer data, period. Your information and your company’s information is not for sale, and never will be. Access to customer data is restricted to individuals who require that information to fulfill their job duties. All employees are subject to background checks before hiring, and we only hire individuals of the highest integrity.

    We are:

    EU Customers

    We are committed to maintaining compliance both with EU data privacy law and UK laws to ensure there are no additional legal concerns for our European customers.

    We use cookies to improve your browsing experience. By continuing to use this website, you agree to our use of cookies in accordance with our privacy policy.