Security Practices

Learn more about HR Partner's high standard for security.

Security Practices

As a company committed to transparency, we have summarized our security practices for you to stay informed about our procedures. If you have any additional questions, we would be happy to answer them — feel free to contact us at

At HR Partner, we are dedicated to protecting your data. We adhere to industry best practices in security, and our servers are hosted with a leading HIPAA-compliant cloud provider.

Secure Data Centers

Our servers are hosted by one of the world's leading cloud hosting providers, trusted by leading Fortune 500 companies. As a leader in the industry, our hosting provider is trusted by over a million active customers and is a model in security best practices.

HR Partner's data center host is compliant with:

  • ISO 27001
  • DoD SRG
  • GDPR
  • IRAP
  • SOC 1, SOC 2 & SOC 3
  • PCI DSS Level 1

Data Encryption

All data is secure with server-side encryption (AES-256) behind a firewall. Data is encrypted at rest and in transit.

Payment information

Your payment and billing information is stored by a secure, PCI-compliant provider. We never store your payment information on our servers.

Regular Data Backups

We backup your data daily, and therefore it is possible for data to be restored quickly and efficiently.

Password Salting & Hashing

All user passwords are salted, hashed, and encrypted in transit.


To monitor various app libraries used in HR Partner, we have systems that continuously monitor and look out for potential vulnerabilities.

DDoS Monitoring & Protection

HR Partner undergoes real-time monitoring to protect the application against DDoS attacks (SYN floods, UDP floods, ACK floods, reflection attacks).

Server Uptime & Processor Load Monitoring

We use a third party security vendor to monitor server uptime and processor loads to identify any unusual activity.

Deletion of Customer Data

We honor customer requests regarding deletion of his/her account data, and handle these requests promptly.

Return of Customer Data

In honor of GDPR, customers can request data exports by contacting customer support. We are happy to provide you with an export in a timely manner.

Internal Policies

Only a select number of our staff have access to user accounts, and those that we hire with this level of access will always undergo background checks. Account access is only granted when you (the customer) consents to granting access (IE: If there is a customer support issue and you ask us to go in and help, we require your consent to do so).

Emergency Response

In the case of a breach, we will notify you immediately of the full nature and scope, along with a timeline of planned solutions.

Questions? Contact Us

If you have questions about our security practices, we would be happy to discuss them with you. Please contact our team at