Security & data protection

Payroll and HR data is sensitive. Here is, in plain language, how SalaryProof keeps it safe.

  • Private storage by default

    Payslips, contracts and documents are kept in private storage buckets. There are no public document URLs — files are never exposed by guessing a link.

  • Signed, short-lived download links

    When you open a document, SalaryProof generates a temporary signed URL that only works for you and expires automatically.

  • Role-based access

    Employees, managers, HR, accountants and owners see only what their role allows. Data access is enforced at the database level on every request.

  • Company isolation

    Each company's payroll, contracts, leave, expenses, CRM and chat live in their own scope. One company can never read another company's data.

  • Audit logs

    Sensitive actions — payslip access, role changes, document downloads — are recorded so administrators can review who did what and when.

  • Queued email worker

    Notifications and invitations go through a controlled email queue, not ad-hoc scripts. Failures are retried and logged.

  • GDPR-oriented design

    You can export your data and request account deletion. We collect only what we need to run payroll and HR, and we do not sell personal data.

  • Defence in depth

    Multiple layers protect your data: authentication, per-row access rules, scoped storage, audit logging, and isolated background workers.

What we do not claim

SalaryProof is in active development. We do not currently hold third-party certifications such as ISO 27001 or SOC 2, and we do not use marketing phrases like "bank-level encryption". We prefer to describe exactly what the platform does — and to keep improving it.

Questions about security or data processing? Read our privacy policy.