Information on security at Employes
Employes offers a complete platform for managing all personnel data. Read below what measures we take in terms of securing this data.
Data storage & backup policy
Our platform is built on Amazon Web Services (AWS). By leveraging AWS's cloud-native technologies—designed with high security in mind—we deliver a fast and secure experience for all users of our platform. All data is stored exclusively in data centers within Europe (Frankfurt and Ireland). We use automated backup policies to ensure your data is always protected. Data is backed up daily and retained for a period of 30 days. These backups are stored across multiple locations to avoid dependency on a single site.
Identity & access management
To ensure a high level of access security, Employes offers two-factor authentication (2FA). This allows every user to add an extra layer of protection to their account. We also enforce a strong password policy, including brute-force protection to prevent automated password attacks. Users are actively encouraged to enable 2FA within the platform. Additionally, we support Google Single Sign-On (SSO) for secure and easy login.
GDPR compliance
Employes complies with the rules for processing personal data under the General Data Protection Regulation (GDPR). We also adhere to the tax retention periods required by the Dutch Tax Authority. You can find more information on how we process data in our data processing agreement. We regularly assess the security standards of all third-party providers we work with.
Third-party testing
Our platform is regularly tested by third parties. We conduct frequent penetration tests in collaboration with a professional cybersecurity firm to ensure ongoing protection and resilience.
Encryption & data transmission
We use data encryption within our databases. Passwords, for example, are hashed using SHA256. This means stored passwords are irreversibly hashed, providing an extra layer of security by ensuring original passwords cannot be retrieved or reverse-engineered.
We also encrypt all data in transit using standard HTTPS encryption with at least TLS 1.2. This ensures that all information exchanged between users and our servers is secure and cannot be intercepted or read by unauthorized parties.
Built for security
Our developers follow the highest security standards and practices when working on the platform. An automated CI/CD workflow ensures that every code change is reviewed by multiple team members before going live.
More information
If you’d like to know more about how we handle your data, you can review our [data processing agreement]. You can also view our [privacy policy]. Have specific questions about our security standards? Feel free to email us at support@employes.nl.
