DecentroHR
✦ Trust & security

Security built into the platform.

Salaries, identities, statutory records — protected by isolation, encryption and an audited ledger, enforced in code.

AES-256
Encryption at rest
TLS 1.2+
In transit
100%
Payroll traceable
RLS
Per-tenant isolation
Defense in depth

Security enforced in code, not in a policy PDF.

Every layer — identity, tenancy, data, money — is protected by a control that runs on every request, not a promise in a document.

Identity & access

  • httpOnly cookie sessions
  • TOTP 2FA for every role
  • Scoped, hashed API tokens
  • RBAC on every action

Tenant isolation

  • Postgres row-level security
  • FORCE RLS on tenant tables
  • Cross-tenant access impossible
  • Per-org service tokens

Data protection

  • AES-256 at rest
  • TLS 1.2+ in transit
  • Field-level encryption for secrets
  • In-region data residency (IN)

Audited ledger

  • Append-only & hash-chained
  • Every rupee traceable
  • Immutable once locked
  • Third-party verifiable

Compliance & privacy

  • GDPR export & erasure
  • SOC 2 / ISO 27001 aligned
  • DPA on request
  • Audit-ready evidence

Monitoring & response

  • Full audit trail per action
  • Anomaly detection by the AI
  • security.txt disclosure path
  • Incident runbook & SLA

DecentroHR handles your most sensitive data — salaries, identities, statutory records. Security isn't a feature bolted on; it's how the platform is built. Every design decision below is enforced in code, not policy.

Tenant isolation (RLS)

Every tenant's data is separated by Postgres row-level security under a non-superuser role — isolation is enforced by the database, not the application, and verified on boot.

Encryption

Data is encrypted in transit (TLS) and at rest. Sensitive fields (bank, tax IDs, secrets) are additionally encrypted at the application layer.

Audited, hash-chained ledger

Money-critical state posts once through a single choke point into an append-only, hash-chained ledger. A changed row breaks the chain — tamper-evident by construction.

Role-based access + 2FA

Admin, approver and employee each get their own scoped credentials. TOTP two-factor is available for every privileged role; no shared secrets.

Scoped API tokens

API tokens are scoped, hashed and bounded — a client-org token can only ever touch its own tenant. Partner keys can only target tenants they own.

Full audit logs

Every mutation — by a human, the SDK or the AI — is attributed and audited. Money trails (earnings, deductions, reversals) are fully reconstructable.

GDPR & data rights

Built-in personal-data export and erasure flows. You control retention; we never sell data.

SOC 2 & ISO 27001

Our controls are mapped to SOC 2 and ISO 27001; formal attestation is in progress. Evidence available under NDA on Enterprise.

Responsible disclosure

Found a vulnerability? Email [email protected]. We investigate every report and will work with you on a coordinated fix. Please don't disclose publicly until we've resolved it.

Sub-processors & residency

We use a small, vetted set of infrastructure sub-processors. Indian customer data can be kept in-region; contact us for a current sub-processor list and a DPA.

SOC 2 (aligned)ISO 27001 (aligned)GDPRPostgres RLSTOTP 2FAHash-chained ledger
Request security docs

Payroll you can actually trust.

Every figure traceable, every action audited, every tenant isolated — by design.