Security

1. Our approach

HR Cluster handles sensitive workforce data — personal details, schedules, attendance records, incident reports, and credentials. We treat security as a core product feature, not a bolt-on. The measures described below are the ones we actually run in production.

2. Hosting and infrastructure

Our primary application infrastructure runs on Hetzner dedicated servers in Helsinki, Finland, inside the European Union. Application servers, the database, backups, and uploaded files all live in this EU environment. The database server has no public IP address and is reachable only from our own application tier, over a private network.

Some ancillary services — in particular transactional email and privacy-friendly analytics — are provided by subprocessors that may process limited personal data outside the EEA under appropriate safeguards. See our Subprocessors page for the current list.

3. Encryption

• In transit: TLS (HTTPS) on every request, terminated at our managed load balancer with an auto-renewing certificate.
• At rest: sensitive identifiers such as national ID numbers and bank details are encrypted with AES-256-GCM before they reach the database, using a key that is stored outside the database.
• Passwords and PINs: passwords are hashed with bcrypt; clock-in PINs are hashed separately. Neither is ever stored in plain text or written to any log.
• Backups: off-site copies are transferred over SSH to encrypted storage inside the EU.

4. Authentication and access control

• Password login + database-backed session tokens, bound to the browser and re-validated against the database on every request.
• Rate limiting on authentication endpoints.
• Role-based access control (account admin, manager, worker) with per-permission overrides.
• Per-account data isolation enforced at the query layer — every tenant-owned query includes an account scope in the WHERE clause.
• CSRF protection on every state-changing request.
• Platform admin access uses a separate login, cookie, and auth table from customer accounts.

5. Data isolation

HR Cluster is multi-tenant. Every database query on customer-owned data includes an account_id filter in its WHERE clause, audited across the workspace.

File uploads are stored outside the webroot, organised per account, and served only through an authenticated handler that re-verifies both account scope and file type before streaming the file.

6. Backups and disaster recovery

HR Cluster AS maintains layered backup and disaster recovery measures designed to support service continuity and data resilience. Backup copies may be stored on physically separate infrastructure located in Norway.

7. Monitoring and audit logging

We log administrative actions, data exports, and permission changes per account. Server-level logs include errors, slow queries, and authentication events. Logs are retained for security and accountability purposes.

8. Vulnerability management

We keep our operating systems and runtime dependencies patched, review third-party libraries before adoption, and address reported issues on a priority-based schedule. Urgent issues are handled out of band.

9. Subprocessors and data residency

Our primary infrastructure is in the European Union. A limited number of subprocessors may process personal data outside the EEA under Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. See the full list on our Subprocessors page, and read how this fits into our Privacy Policy.

10. Responsible disclosure

If you believe you have found a security vulnerability in HR Cluster, please email security@hrcluster.com with details and, where possible, steps to reproduce. We aim to acknowledge reports within two business days. We do not pursue legal action against researchers who act in good faith, stick to their own test accounts, and avoid disruption to other customers.

11. Contact

HR Cluster AS
Org. no.: 937 565 690
Security: security@hrcluster.com
Privacy: privacy@hrcluster.com

Last updated: April 2026