Security built into every layer
Payroll and HR data is among the most sensitive information a business holds. Every layer of Peymatrix is designed with security as the baseline — not an afterthought.
Security features
Every layer of the platform is designed with security as the baseline, not an afterthought.
Encryption at Rest
All stored data — employee records, payroll figures, documents — is encrypted using AES-256. Encryption keys are managed separately from the data they protect.
Encryption in Transit
Every connection between your browser and Peymatrix servers uses TLS 1.2 or 1.3. Unencrypted HTTP connections are not accepted.
Multi-Factor Authentication
TOTP-based MFA is available for all accounts. Administrators can enforce MFA as a requirement across their entire organisation.
Tenant Isolation
Each organisation's data is stored with strict isolation at the database level. One tenant's data cannot be accessed or queried from another tenant's context under any circumstances.
Role-Based Access Control
Granular permissions across four roles: Employee, Manager, HR Admin, and Owner. Each role sees only the data and actions appropriate to their responsibilities.
Audit Logs
Every action is logged with timestamp, user, IP address, and before/after state. Logs are immutable — SHA-256 hash-chained for tamper detection. 7-year retention with SIEM export in JSON, CEF, and Splunk HEC formats.
Infrastructure
Peymatrix is hosted on hardened cloud infrastructure with database-level tenant isolation, encrypted backups, and a pooled connection layer that keeps the database off the public network. Hosting region and data-residency options are part of our enterprise conversation.
- ✓Automated daily encrypted backups — 30-day retention
- ✓PgBouncer connection pooling — database not directly exposed
- ✓Database-level tenant isolation enforced at the database layer
- ✓Region and data-residency options available on Enterprise plans
Compliance status
SOC 2 Type I
In progress — target Q4 2026India DPDP Act + Rules 2025
Implemented (dual 72h breach SLA)GDPR
Compliant (Art 17/20/33)Golden Statutory Test Suite
30 boundary cases gate every releaseEncryption at rest
AES-256 on PAN, Aadhaar, IBAN, UANAudit trail
Append-only, incl. partner actionsSecurity disclosures
If you discover a potential security issue or vulnerability, please report it responsibly. We take all reports seriously and will respond promptly.
info@peymatrix.com