Security & data protection
Payroll and HR data is sensitive. Here is, in plain language, how SalaryProof keeps it safe.
Private storage by default
Payslips, contracts and documents are kept in private storage buckets. There are no public document URLs — files are never exposed by guessing a link.
Signed, short-lived download links
When you open a document, SalaryProof generates a temporary signed URL that only works for you and expires automatically.
Role-based access
Employees, managers, HR, accountants and owners see only what their role allows. Data access is enforced at the database level on every request.
Company isolation
Each company's payroll, contracts, leave, expenses, CRM and chat live in their own scope. One company can never read another company's data.
Audit logs
Sensitive actions — payslip access, role changes, document downloads — are recorded so administrators can review who did what and when.
Queued email worker
Notifications and invitations go through a controlled email queue, not ad-hoc scripts. Failures are retried and logged.
GDPR-oriented design
You can export your data and request account deletion. We collect only what we need to run payroll and HR, and we do not sell personal data.
Defence in depth
Multiple layers protect your data: authentication, per-row access rules, scoped storage, audit logging, and isolated background workers.
What we do not claim
SalaryProof is in active development. We do not currently hold third-party certifications such as ISO 27001 or SOC 2, and we do not use marketing phrases like "bank-level encryption". We prefer to describe exactly what the platform does — and to keep improving it.