We implement industry-standard security practices to keep your organization's data safe.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your passwords are hashed using bcrypt with salting.
Hosted on Vercel with automatic DDoS protection. Database hosted on Supabase with daily automated backups and point-in-time recovery.
Secure session management with JWT tokens. Support for magic link passwordless authentication. Sessions expire after 7 days of inactivity.
Granular permissions with Owner, Admin, Manager, and Employee roles. Users only see data they're authorized to access.
Your data is stored in secure data centers in the United States (AWS US-East). We use Supabase for our database, which provides enterprise-grade PostgreSQL hosting.
We retain your data for as long as your account is active. When you delete your account, all personal data is removed within 30 days. PTO records may be retained for compliance purposes as required by law.
We use trusted third-party services that maintain their own security standards:
You can export your data at any time from the Settings page. You have the right to access, correct, or delete your personal information. For data-related requests, please contact us.
If you have security concerns or want to report a vulnerability, please contact us.
Contact Us