Security That
Never Sleeps
Enterprise-Grade Protection
Security-first architecture. UK-hosted on AWS. GDPR aligned. Your data is protected by encryption in transit and at rest, role-based access controls, and tenant isolation.
Security-First
Built with security by design
GDPR Aligned
UK/EU privacy standards
UK Hosted
AWS eu-west-2 (London)
Encrypted
TLS in transit, AES-256 at rest
Security & Compliance
Our security controls, compliance alignment, and the roadmap we are following to reach formal certification.
Security Assurance Roadmap
Kumo HR is building toward SOC 2 Type II and ISO 27001 certification. Our current security controls already align with core trust principles, and we are transparent about where we are on this journey.
GDPR Aligned
Kumo HR is aligned with UK GDPR and EU GDPR requirements, with documented transfer mechanisms, data subject rights workflows, and privacy-by-design principles built into the platform.
Security Measures
Our comprehensive security framework protects your data at every layer of our infrastructure.
Encryption
AES-256 encryption for data at rest and TLS 1.3 for data in transit. All sensitive data is encrypted before storage.
- AES-256 encryption
- TLS 1.3 protocol
- End-to-end encryption
- Zero-knowledge architecture
Access Control
Multi-factor authentication, role-based access control, and zero-trust architecture ensure only authorized access.
- Multi-factor authentication
- Role-based access control
- Zero-trust security
- Session management
Infrastructure
Enterprise-grade cloud infrastructure with automated backups, redundancy, and continuous monitoring.
- AWS eu-west-2 (London)
- Automated backups
- Redundant systems
- Operational monitoring
Monitoring
Continuous security monitoring, threat detection, and automated incident response systems.
- Real-time monitoring
- Threat detection
- Automated alerts
- Incident response
Data Protection
Comprehensive data protection with regular backups, disaster recovery, and secure data deletion.
- Regular backups
- Disaster recovery
- Secure deletion
- Data retention policies
Compliance
Regular security audits, penetration testing, and compliance monitoring ensure ongoing security.
- Security audits
- Penetration testing
- Vulnerability scans
- Compliance monitoring
How We Process Data
Transparency in data processing is fundamental to our security approach. Here's how we handle your information.
Data Collection & Purpose
Personal Information
Employee names, contact details, and identification documents collected for HR management and compliance.
Employment Data
Salary information, performance records, and organizational data used for payroll and reporting.
System Logs
Access logs and usage data collected for security monitoring and system optimization.
Communication Data
Email and messaging content stored securely for business communication and compliance.
Data Retention & Deletion
Active Employees
Data retained for the duration of employment plus 7 years for legal compliance.
Former Employees
Personal data retained for 7 years after termination for tax and legal purposes.
System Logs
Security and access logs retained for 3 years for audit and compliance.
Backup Data
Encrypted backups retained for 30 days, then securely deleted.
Security Is Our Foundation
Join companies that trust Kumo with their most sensitive HR data. Security-first architecture, UK-hosted, and transparent about our compliance journey.