Enterprise-grade security
by design.

Security isn't a feature we added later. It's the architecture employeeX was built on from day one.

SOC 2 Type II

employeeX undergoes annual third-party audits by an accredited CPA firm. Our SOC 2 Type II report covers Security, Availability, and Confidentiality trust service criteria. Enterprise customers receive a copy under NDA on request.

Data Encryption

All data is encrypted at rest using AES-256 with per-tenant key management. Data in transit is protected by TLS 1.3. Encryption keys are rotated automatically and stored in a hardware security module (HSM), never in application code.

Microsoft MSAL / SSO

Integrate with your existing identity provider using Microsoft MSAL, Okta, or any SAML 2.0-compatible IdP. MFA is enforced by default on all plans. Just-in-time user provisioning means accounts are created automatically on first login.

Role-Based Access Control

Fine-grained RBAC with hierarchical permission inheritance means every action is explicitly authorised. Roles propagate down your organisational hierarchy, and every API call is verified against the caller's permissions before execution.

PII Detection & Redaction

Automatic detection of personal data — names, emails, phone numbers, national IDs, financial details — in both user inputs and agent outputs. Configurable redaction policies let you mask, replace, or block PII before it reaches the LLM or is stored.

Audit Trails

Every agent action, tool call, knowledge base query, and administrative change is written to an immutable, append-only audit log with the acting user's identity, timestamp, and IP address. Logs are exportable in JSON and CEF formats for SIEM ingestion.

Compliance certifications

SOC 2

SOC 2

Type II

Expected Q1 2027

GDPR

GDPR

Compliant

Article 28

ISO 27001

ISO 27001

In Progress

Expected Q1 2027

HIPAA

HIPAA

Enterprise

Expected Q1 2027

Data residency

Choose where your data lives. Enterprise customers can pin all data — messages, documents, embeddings, and logs — to a specific region. Data never crosses regional boundaries without explicit configuration.

European Union

Frankfurt, Ireland

eu-west-2

United States

Virginia, Oregon

us-east-1

Asia-Pacific

Singapore, Sydney

ap-southeast-1

Penetration testing

employeeX undergoes annual penetration tests conducted by independent certified security firms. Our most recent test was completed in January 2025 with all critical and high findings remediated within 14 days.

Last test: January 2025

By NCC Group (CREST accredited)

We maintain a responsible disclosure programme. If you discover a security issue, please email security@employeex.ai.

Contact our security team

For vulnerability reports, compliance questions, or to request our security whitepaper.

security@employeex.ai

Next step

See what agents can do for your specific workflows.

Bring your use cases, governance requirements, and tech stack. We'll map the right agent operating model, show you the platform live, and scope a deployment plan your stakeholders can approve.

Book an architecture sessionExplore solution patterns