Security

SOC 2 Ready

Protecting your organization's data is our top priority. Here's how we keep MapleHR secure.

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted and stored in geo-redundant Canadian data centers.

Access Control

Role-based access control (RBAC) ensures users only access data they're authorized to see. All actions are logged in immutable audit trails.

Authentication

Secure password hashing with bcrypt. SSO integration (SAML, OIDC) available on Enterprise plans. Session management with automatic expiry.

Infrastructure

Hosted on AWS Canada (ca-central-1). All infrastructure is managed with IaC, regularly patched, and monitored 24/7 for anomalies.

Monitoring

Real-time intrusion detection, automated vulnerability scanning, and 24/7 security operations center monitoring all production systems.

Compliance

PIPEDA compliant. SOC 2 Type II audit in progress. Annual penetration testing by third-party Canadian security firms.

Responsible Disclosure

If you discover a security vulnerability in MapleHR, please report it responsibly to security@maplehr.ca. We take all reports seriously and will respond within 24 hours.