The boring details, written honestly.

All customer data is encrypted at rest with AES-256, and all connections use TLS 1.3 (1.2 minimum). Database backups are encrypted with separate keys, rotated quarterly. Secrets live in AWS KMS or GCP KMS depending on the customer’s region.

All customer data is hosted in Mumbai (AWS ap-south-1). Data does not leave the region unless you explicitly enable a cross-region report export. We do not use US-region hosting for any customer.

Role-based permissions for HR admin, finance, manager, and employee, each with a baseline visibility scope. Single sign-on via Google and Microsoft on the Platform plan; SAML 2.0 and SCIM provisioning on Enterprise. Every administrative action lands in an immutable audit log exportable to your SIEM.

India’s DPDP Act 2023 — compliant since launch; the DPA documents every obligation. SOC 2 Type II audit is in progress — target close FY 2025-26. ISO 27001 is on the roadmap behind SOC 2. We won’t claim certifications we don’t hold.

Critical vulnerabilities get an emergency patch within 24 hours. We run continuous dependency scanning (Snyk + GitHub Advanced Security) and quarterly third-party penetration tests. Bug reports to sales@employeesight.com earn a real response, not a robot reply.

The Workforce product ships with screenshots off by default, keystrokes never captured, and a per-employee private-hours toggle that produces zero records. The full posture is on the Work product page.