Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-128—the industry-standard for commercial applications. Encryption keys are stored separately from the data, and it’s all hosted in our off-site, secure cloud infrastructure.

Our server hosting locations are physically secured, staffed 24 hours a day, 7 days a week, 365 days a year by trained security guards who’ve undergone a thorough auditing process.

Access to sensitive data requires two-factor authentication and is restricted only to authorized personnel performing specific tasks for the client (e.g. customer service).

Every day, our in-house security team reviews every security aspect of Zenefits.

Our site and API are subjected to independent, ongoing penetration testing, security scans, threat detection and greybox assessment by well-respected cyber security firms including Synack, IncludeSecurity, and Qualys.

We also keep a real-time audit log of all data access and changes made by administrators, customers, employees and our automated system.

Our system spans numerous physical locations, with N+1 or greater redundancy to establish resilience for all components.

We store backups in multiple secure locations and update them throughout the day, every day.

Our technology ensures high availability of your information: 99.9% uptime (with security in mind).