You’re entrusting BambooHR with your data, and we take that responsibility very seriously. That’s why we practice both Defense in Depth, a security principle focusing on multiple layers of security controls, and Zero Trust, a security model developed by industry leaders to secure resources at the system level rather than focusing on perimeter defense. Here are just some of the measures we take to lock down your data, prevent leaks, and block unauthorized access:
- Active bug bounty program.
- Frequent vulnerability scans.
- Web application firewall.
- Annual third-party SOC I & II security audit.
- Input validation.
- Third-party penetration test.
- 24/7 security management and monitoring.
- Highest industry standard encryption.
- Native Multi-Factor Authentication.
Running a secure operation starts with creating a secure application, but it also requires constant monitoring, improvement, and vigilance against internal and external threats. Want to see the complete report of our ongoing security measures for yourself?
We make it easy to validate the safety of your data with us by bringing together all the security documentation you’re looking for in a single Whistic profile. Reports, certificates, audits, questionnaires—they’re all here. Follow the link above to access our current security profile.
We host customer data in state-of-the-art data centers located in the United States, Canada, or Ireland, depending on the location and needs of the individual customer and applicable laws. We ensure encryption of all information while it’s in transfer and at rest. Additionally, the data center located in Ireland meets all of the data requirements of the European Union, European Economic Area, Switzerland, and the United Kingdom.
For more information, see our privacy and legal pages.