Security
Security and privacy, engineered in.
HR data is among the most sensitive data a company holds. We treat it that way — every day, not just on audit day.
How we protect your data
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit. Keys rotated regularly and managed by AWS KMS.
Defense in depth
WAF, DDoS protection, rate limiting, and network isolation. Each layer designed to fail safely.
Fine-grained access
Role-based permissions, attribute-based rules, and SSO (SAML, OIDC) on Enterprise.
High availability
Active-active across two Indian regions. 99.99% measured uptime for the last 12 months.
Audit-ready logs
Every change is logged, attributed, and exportable. Tamper-evident audit trails on Enterprise.
Principle of least privilege
Production access gated by MFA, break-glass approvals, and time-boxed sessions.
Backups & recovery
Encrypted daily backups, point-in-time recovery, and quarterly restore drills.
Continuous monitoring
24/7 security monitoring, anomaly detection, and a documented incident response process.
Certifications & compliance
SOC 2 Type II
Annual audit by an independent firm.
ISO 27001
Information security management system.
DPDP Ready
India's Digital Personal Data Protection Act.
GDPR Aligned
For customers with EU employees.
Request our security pack, SOC 2 report, or sub-processor list at security@orgnest.com.
Your data stays where it should.
Primary data residency in Mumbai and Hyderabad. Optional EU and US regions for global customers. Sub-processors are fully documented, contractually bound, and audited — never a black box.
Talk to our security team.
We'll walk you through our architecture, controls, and audit reports — on your terms.