Security Practices

Learn more about HR Partner's high standard for security

Security Practices

As a company committed to transparency, we have summarized our security practices for you to stay informed about our procedures. If you have any additional questions, we would be happy to answer them — feel free to contact us at support@hrpartner.io.

At HR Partner, we are dedicated to protecting your data. We adhere to industry best practices in security, and our servers are hosted with a leading HIPAA-compliant cloud provider.

Secure Data Centers

Our servers are hosted by one of the world's leading cloud hosting providers, trusted by leading Fortune 500 companies. As a leader in the industry, our hosting provider is trusted by over a million active customers and is a model in security best practices.

HR Partner's data center host is compliant with:

  • ISO 27001
  • DoD SRG
  • GDPR
  • IRAP
  • SOC 1, SOC 2 & SOC 3
  • PCI DSS Level 1

Data Encryption

All data is secure with server-side encryption (AES-256) behind a firewall. Data is encrypted at rest and in transit.

Payment information

Your payment and billing information is stored by a secure, PCI-compliant provider. We never store your payment information on our servers.

Regular Data Backups

We backup your data daily, and therefore it is possible for data to be restored quickly and efficiently.

Password Salting & Hashing

All user passwords are salted, hashed, and encrypted in transit.


To monitor various app libraries used in HR Partner, we have systems that continuously monitor and look out for potential vulnerabilities.

DDoS Monitoring & Protection

HR Partner undergoes real-time monitoring to protect the application against DDoS attacks (SYN floods, UDP floods, ACK floods, reflection attacks).

Server Uptime & Processor Load Monitoring

We use a third party security vendor to monitor server uptime and processor loads to identify any unusual activity.

Deletion of Customer Data

We honor customer requests regarding deletion of his/her account data, and handle these requests promptly.

Return of Customer Data

In honor of GDPR, customers can request data exports by contacting customer support. We are happy to provide you with an export in a timely manner.

Internal Policies

Only a select number of our staff have access to user accounts, and those that we hire with this level of access will always undergo background checks. Account access is only granted when you (the customer) consents to granting access (IE: If there is a customer support issue and you ask us to go in and help, we require your consent to do so).

Emergency Response

In the case of a breach, we will notify you immediately of the full nature and scope, along with a timeline of planned solutions.

Security Vulnerability Reporting Policy

HR Partner values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.

If you are a security researcher and would like to report a security vulnerability, please send an email to: support@hrpartner.io. Please provide your name, contact information, and company name (if applicable) with each report. Past work history and customer references would also be highly recommended, in order to help us ascertain the legitimacy of the report.

We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we commit that we will not take legal action against you or ask law enforcement to investigate you if you comply with the following Responsible Disclosure Guidelines:

  • Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC)
  • Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
  • Do not modify or access data that does not belong to you
  • Give us a reasonable time to correct the issue before making any information public

We will attempt to respond to your report within 1-2 business days.

Whilst we do not have a formal bug bounty programme in place, we are open to negotiating a small reward for legitimate researchers who do identify vulnerabilities that pose a real risk to our operations.

Questions? Contact Us

If you have questions about our security practices, we would be happy to discuss them with you. Please contact our team at support@hrpartner.io.