Security Built In, Not Bolted On
TimeClock 365 is ISO 27001 certified. Employee attendance data is encrypted, access-controlled, and hosted in your preferred region.
Security Architecture
Data Encryption
- All data encrypted in transit with TLS 1.2+
- All data encrypted at rest with AES-256
- Biometric templates stored locally on device only — never uploaded
- Database encryption with key management via Azure Key Vault
Access Controls
- Role-based access: employee, manager, admin, super-admin
- Two-factor authentication (2FA) available for all users
- SSO via SAML 2.0 (Azure AD, Okta, Google, JumpCloud)
- Session timeout and IP restriction configurable
Infrastructure
- Hosted on Microsoft Azure — EU and US regions
- 99.9% uptime SLA
- Automated daily backups with point-in-time recovery
- DDoS protection via Azure Front Door
Audit & Monitoring
- Every login, edit, and approval is logged immutably
- 24/7 anomaly detection and alerting
- Annual penetration testing by independent security firm
- Security incident response within 4 hours
Compliance
ISO 27001
Our information security management system is independently audited annually. Certification covers the entire TimeClock 365 platform and development process.
Request certificate →GDPR
Full Data Processing Agreement (DPA) available. EU data residency option. Data subject access request process established. 72-hour breach notification commitment.
View DPA details →Labor Law
TimeClock 365 provides the audit-ready attendance logs required by labor law in Israel, EU, and US jurisdictions. Records cannot be deleted without an audit trail.
Biometric Data
Fingerprint and face data stays on the physical device. Only employee ID and timestamp reach the cloud. Biometric processing follows GDPR Article 9 requirements.
Questions About Our Security Posture?
Our security team answers technical questions for enterprise evaluations. Request a security briefing.