You’re entrusting BambooHR with your data, and we take that responsibility very seriously. That’s why we practice both Defense in Depth, a security principle focusing on multiple layers of security controls, and Zero Trust, a security model developed by industry leaders to secure resources at the system level rather than focusing on perimeter defense. Here are just some of the measures we take to lock down your data, prevent leaks, and block unauthorized access:
- Active bug bounty program.
- Web application firewall.
- Input validation.
- 24/7 security management and monitoring.
- Native Multi-Factor Authentication.
- Frequent vulnerability scans.
- Annual third-party SOC I & II security audit.
- Third-party penetration test.
- Highest industry standard encryption.
Review Our Whistic Profile
Running a secure operation starts with creating a secure application, but it also requires constant monitoring, improvement, and vigilance against internal and external threats. Want to see the complete report of our ongoing security measures for yourself?
We make it easy to validate the safety of your data with us by bringing together all the security documentation you’re looking for in a single Whistic profile. Reports, certificates, audits, questionnaires—they’re all here. Follow the link above to access our current security profile.
Secure, International Hosting Sites
We host customer data in state-of-the-art data centers located in the United States, Canada, or Ireland, depending on the location and needs of the individual customer and applicable laws. We ensure encryption of all information while it’s in transfer and at rest. Additionally, the data center located in Ireland meets all of the data requirements of the European Union, European Economic Area, Switzerland, and the United Kingdom.
For more information, see our privacy and legal pages.
We also maintain compliance with European Union data privacy and United Kingdom laws to ensure data privacy for our European customers.