Your data is safe with TimmyHR
We treat the security of your employees' data as a fundamental responsibility — not a checkbox. Here's exactly how we protect it.
SOC 2 Aligned
TimmyHR is built around SOC 2 principles — availability, confidentiality, processing integrity, security, and privacy. We operate with the controls of a trusted enterprise.
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Sensitive fields like payroll figures and tax IDs receive an additional layer of field-level encryption.
GDPR Ready
TimmyHR supports your GDPR obligations with data portability exports, right-to-deletion tools, consent management, and a Data Processing Agreement (DPA) on request.
SSO & Identity
Single Sign-On via Google OAuth 2.0. Email domain restriction ensures only authorised users can join your workspace. MFA support coming in 2025.
Infrastructure Security
Hosted on AWS with multi-region redundancy. Automated backups every 6 hours. Neon PostgreSQL with serverless scaling and connection pooling for maximum reliability.
Audit Trails
Every sensitive action — payroll changes, permission updates, data exports — is logged with a timestamp, user ID, and IP address. Immutable. Always available to admins.
Security checklist
Questions about our security practices?
Our security team is happy to provide a DPA, answer compliance questions, or walk through our controls with your IT team.