Security
How we protect your HR data at Zenforce HRMS.
Encryption
AES-256 encryption at rest. TLS 1.3 for all data in transit. Passwords hashed with bcrypt.
Access Control
Role-based permissions (Super Admin, Manager, Employee). JWT with short-lived access tokens (15 min) and httpOnly refresh tokens.
Infrastructure
Hosted on hardened VPS with Nginx reverse proxy. Firewalled ports, SSH key-only access, fail2ban enabled.
Audit Logging
All critical actions (login, payroll runs, data exports) are logged with timestamps and IP addresses.
Backups
Automated daily database backups with 30-day retention. Backups are encrypted and stored separately.
Incident Response
Dedicated security team monitors for threats 24/7. Breaches reported within 72 hours per regulatory requirements.
Report a Vulnerability
Found a security issue? We have a responsible disclosure policy. Please email security@zenforce.in and we will respond within 48 hours. Do not publicly disclose vulnerabilities before we have had a chance to address them.