Technical Safety
Trust by Architecture
Security is not a feature—it's the core engineering discipline that defines twistyHR.
Zero Trust Architecture
Every request is authenticated, authorized, and continuously validated before being processed by our internal microservices.
Infrastructure as Code
Our environment is defined and audited in code. No manual changes of configuration are allowed in production.
Obsessive Monitoring
24/7 endpoint detection, response, and behavioral analysis to identify anomalies before they become incidents.
The Security Stack
| Parameter | Standard / Specification | Capability |
|---|---|---|
| Data Encryption (At Rest) | AES-256-GCM | Industry standard hardware-accelerated encryption. |
| Data Encryption (In Transit) | TLS 1.3 / mTLS | Perfect forward secrecy with modern cipher suites. |
| Authentication | SAML 2.0 / OIDC | Seamless integration with Okta, Azure AD, and Google. |
| Uptime Infrastructure | 99.99% SLA | Multi-region active-active deployments across AWS & GCP. |
| Database Isolation | Single-Tenancy Option | Dedicated instances available for enterprise tier. |
SOC 2 TYPE IIGDPR COMPLIANTISO 27001HIPAA READYCCPA COMPLIANT
Responsible
Disclosure
Think you found a vulnerability? Our security researchers are our core partners. We run an active bug bounty program with competitive payouts.
Need a Security Review?
Download our complete trust package including SOC 2 reports, penetration test summaries, and architecture diagrams.
- SOC 2 Type II Report (Latest)
- Penetration Test 2026 Summary
- Compliance Readiness Matrix