PEAXIS
Security & Compliance

Workforce data deserves enterprise-grade protection

Security is not a feature we added. It's a design principle we built from. Every architectural decision considers data confidentiality, integrity, and availability.

Security & Privacy

Enterprise-grade security you can trust

Security is not a feature request at PEAXIS — it's a design principle. Built to pass enterprise security reviews out of the box.

Icon
SOC 2 Type II

Enterprise Security Audited

Annual independent audits covering security, availability, and confidentiality. Full audit reports available under NDA for enterprise customers.

Icon
GDPR Compliant

Built for European Privacy

Full GDPR compliance with right-to-erasure workflows, data processing agreements, and sub-processor transparency for candidate and employee data.

Icon
AES-256 Encryption

Data Encrypted Everywhere

AES-256 encryption at rest and TLS 1.3 in transit for all candidate, employee, and organizational data. Keys managed via HSM.

Icon
99.9% SLA

Production-Grade Uptime

Enterprise SLA with 99.9% guaranteed uptime, real-time status monitoring, and automated incident response with defined RTO/RPO targets.

ISO 27001 (in progress)CCPA CompliantAnnual penetration testingEU data residency available

Security in depth

Data Protection

  • AES-256 encryption at rest, TLS 1.3 in transit
  • Hardware Security Module (HSM) for key management
  • Zero-knowledge architecture for candidate PII
  • Data minimization by design — we only collect what's needed

Access Control

  • Role-based access control (RBAC) with custom roles
  • SSO / SAML 2.0 support on Scale plans
  • Multi-factor authentication enforced
  • IP allowlisting for API access

Compliance

  • GDPR compliant — full DPA available on request
  • CCPA compliant for California residents
  • Right-to-erasure workflows built in
  • EU data residency option available

Infrastructure

  • 99.9% uptime SLA with defined RTO/RPO
  • Real-time status monitoring at status.peaxis.com
  • Multi-region redundancy
  • Daily automated backups with point-in-time recovery

Testing & Audits

  • Annual SOC 2 Type II audit by independent third party
  • Annual penetration testing
  • Quarterly vulnerability assessments
  • Bug bounty program (private, invite only)

Incident Response

  • Documented incident response plan
  • Customer notification within 72 hours of breach
  • Dedicated security contact for enterprise customers
  • Post-incident reports shared with affected customers

Need a security review?

Enterprise customers can request audit reports, DPAs, and a dedicated security review call.

Contact Security Team