Security Practices

Learn more about HR Partner's high standard for security

Security Practices

As a company committed to transparency, we have summarized our security practices for you to stay informed about our procedures. If you have any additional questions, we would be happy to answer them — feel free to contact us at support@hrpartner.io.

At HR Partner, we are dedicated to protecting your data. We adhere to industry best practices in security, and our servers are hosted with a leading HIPAA-compliant cloud provider.

Secure Data Centers

Our servers are hosted by one of the world's leading cloud hosting providers, trusted by leading Fortune 500 companies. As a leader in the industry, our hosting provider is trusted by over a million active customers and is a model in security best practices.

HR Partner's data center host is compliant with:

  • ISO 27001
  • DoD SRG
  • GDPR
  • IRAP
  • SOC 1, SOC 2 & SOC 3
  • PCI DSS Level 1

Data Encryption

All data is secure with server-side encryption (AES-256) behind a firewall. Data is encrypted at rest and in transit.

Payment information

Your payment and billing information is stored by a secure, PCI-compliant provider. We never store your payment information on our servers.

Regular Data Backups

We backup your data daily, and therefore it is possible for data to be restored quickly and efficiently.

Password Salting & Hashing

All user passwords are salted, hashed, and encrypted in transit.


To monitor various app libraries used in HR Partner, we have systems that continuously monitor and look out for potential vulnerabilities.

DDoS Monitoring & Protection

HR Partner undergoes real-time monitoring to protect the application against DDoS attacks (SYN floods, UDP floods, ACK floods, reflection attacks).

Server Uptime & Processor Load Monitoring

We use a third party security vendor to monitor server uptime and processor loads to identify any unusual activity.

Deletion of Customer Data

We honor customer requests regarding deletion of his/her account data, and handle these requests promptly.

Return of Customer Data

In honor of GDPR, customers can request data exports by contacting customer support. We are happy to provide you with an export in a timely manner.

Internal Policies

Only a select number of our staff have access to user accounts, and those that we hire with this level of access will always undergo background checks. Account access is only granted when you (the customer) consents to granting access (IE: If there is a customer support issue and you ask us to go in and help, we require your consent to do so).

Emergency Response

In the case of a breach, we will notify you immediately of the full nature and scope, along with a timeline of planned solutions.

Security Vulnerability Reporting Policy

HR Partner currently has security expertise through our in-house team and domain expert consultants. We do not accept unsolicited security reports. If this situation changes in the future, we will update this policy here.

NOTE: We currently DO NOT have a bug bounty programme in place


HR Partner Software Pty Ltd uses certain subprocessors to help provide its services, as outlined in the Terms of Use. Subprocessors are third party data processors which has or will possibly have access to service and customer data. HR Partner Software Pty Ltd requires its subprocessors to supply documentation agreeing that they are GDPR-compliant.

Infrastructure & Operations Subprocessors

Entity Name Corporate Location Subprocessing Activities
Amazon Web Services, Inc. United States Cloud Service Provider
Intercom, Inc. United States Customer Support & Communications
Stripe, Inc. United States Payments

Other Subprocessors

Entity Name Corporate Location Subprocessing Activities
Google LLC United States Cloud Service Provider
Roxr Software Ltd. United States Analytics
Hatchbuck, Inc. United States Marketing & Analytics

Engaging new subprocessors & customer's right to object

If a customer objects to a new sub-processor of HR Partner Software Pty Ltd, they may object within ten (10) business days after notice has been sent out of the new subprocessor.

If HR Partner Software Pty Ltd is unable to make a change to its new subprocessor within thirty (30) days, the customer may terminate its contract and/or account with HR Partner Software Pty Ltd and refund any prepaid fees for the remaining term of the membership.

Questions? Contact Us

If you have questions about our security practices, we would be happy to discuss them with you. Please contact our team here.