Security

We take data security and privacy extremely seriously at Zenefits. Our ‘security and privacy by design’ approach to product development keeps your data safe and you in control.

Built For Data Security

Your data is too important to be breached. That’s why we provide state-of-the-art security measures like two-factor authentication, proactive notifications when data is changed, and end-to-end encryption for data in transit (TLS) and data at rest (AES-256). Our platform is built on the Amazon Web Services (AWS) platform in the US. By leveraging AWS’s cloud-native technologies—designed for high-security and low-latency at massive transaction volumes—we deliver a quick, consistent, and safe experience for your employees regardless of where they are located.

Our security and privacy policies are aligned with industry standard practices and leading compliance frameworks. As a result, our internal teams are able to design, build, launch, operate, and support our platform in a secure and consistent fashion.

Built to Empower Your Privacy Rights

We’re compliant with the regulations set by the EU GDPR, US State & Federal Privacy Acts, and HIPAA. Beyond compliance, we’re constantly evaluating and introducing new capabilities to help our customers (and their employees) manage access to their accounts and control their data.

We also know that your employees’ needs change over time. That’s why we’ve developed a robust set of consumer-facing privacy tools that your employees can leverage to manage the data they’ve provided within Zenefits.

For more information on the data we collect, how that data is used, and how you can provide us with instructions for handling your data, review our Privacy Policy.

Built for Reliability

Rest assured knowing that your data is backed up multiple times per day, with built-in redundancies across several data centers. We have a robust in-house monitoring & response system to immediately identify potential issues and threats; our high-availability systems provide greater than 99.9% uptime. You can review our current uptime & incident history at status.zenefits.com.

By leveraging standard technology from AWS to run Zenefits, we keep complexity to a minimum. Our users benefit from a faster, scalable, and secure platform to keep their business running.

Third Party Tested

Our platform, development processes, firewalls, intrusion detection systems, and security procedures are regularly stress-tested by third-party security penetration experts. We’re SOC II certified and our internal controls align with the NIST Cybersecurity Framework. We conduct regular, automated vulnerability assessments to keep our systems safe and secure.

We also have a rigorous validation and acceptance process for the third-party technology partners integrated on our platform. When you request services from one of our partners, we will securely transfer only the data they need to fulfill your request. Visit our Privacy Policy to learn more.

Support You Can Trust

We require all Zenefits employees to undergo regular data security & privacy training.

We have supplemental training for all staff that interact with customer data and intensive lab-based security training for our software engineers.

And, at the support level, access to your account data is carefully controlled and restricted to enable the answers you need without any exposure to your personal data.

With Zenefits, you can be sure your information is secure and will stay that way.