At RallyHR we take security very seriously, the security and performance of our platform is our number one priority. Customers using our platform do so with the confidence that the highest standards and best practices are maintained.
Credit card information is encrypted on the client using our payment gateway, Stripe. RallyHR does not store credit card data. All credit card information is stored on Stripe which is a validated Level 1 PCI DSS Compliant Service Provider.
Your data is encrypted and transmitted over SSL. When stored, your details are encrypted at rest within our platform ensuring data security.
We are committed to maintaining compliance with the EU data privacy laws, if you are on our EU instances your data is physically separate and running on a separate application from that of our US customers.
All traffic between our clients and RallyHR servers is encrypted. SSL certificates are created with RSA SHA-2 ciphers. We support symmetric 256-bit encryption with clients.
RallyHR takes daily backups of all production data, these backups are stored for 45 days.
RallyHR distributes load over multiple availability zones in physically distinct data centers. In the case of production availability at primary data centers is rendered unavailable, RallyHR will failover to geographically remote failover facilities.
Authorised RallyHR employees are given access only to the resources that are required for their role, following the principle of least privilege. Access to all resources is controlled through password or SSH-based access with an audit trail of actions taken.
We guarantee 99.8% uptime.
We are continuously updating RallyHR to provide improved features, performance and levels of service. Generally these updates occur without downtime, however in some instances we do need to schedule downtime for maintenance purposes. In these cases maintenance windows are rarely longer than 30 minutes, and are advised at least 24 hours in advance. You can find further information and sign up for such announcements on our status page.