Protecting your data is fundamental to everything we do. As an Employer of Record platform handling sensitive employment and payroll data across multiple countries, we take
security seriously at every layer of our infrastructure and operations.
Infrastructure
NEO is hosted on Amazon Web Services (AWS) in the EU (Ireland) region. Our infrastructure is managed entirely through infrastructure-as-code and deployed across multiple
Availability Zones for high availability.
- Serverless compute with no direct server access
- Three-tier network architecture with isolated database subnets
- All traffic encrypted in transit with TLS 1.2+
- All data encrypted at rest with AES-256
- Web Application Firewall with OWASP protection and rate limiting
Data isolation
Each customer’s data is fully isolated using a dedicated database schema. Row-Level Security policies enforce strict boundaries at the database level, ensuring no customer can access another’s data.
- Schema-per-tenant isolation
- Row-Level Security enforcement
- Production data never used in non-production environments
- Separate AWS accounts for production, staging, and development
Authentication & Access Control
- Single sign-on via Auth0 with Multi-Factor Authentication support
- Role-Based Access Control with granular permissions
- JWT-based token authentication
- No shared accounts or default credentials
Encryption
- AES-256 encryption at rest for all databases, caches, file storage, and logs
- TLS 1.2+ encryption in transit for all communications
- Secrets managed via AWS Secrets Manager and Parameter Store
- KMS Customer Managed Keys with automatic rotation
Monitoring & Incident Response
- 24/7 automated monitoring and alerting
- Threat detection across multiple regions
- Comprehensive audit trail with 365-day log retention
- Documented incident response plan with defined severity levels and escalation procedures
Secure Development
- All code changes require peer review and approval before deployment
- Automated testing and security scanning on every change
- Sequential deployment through development, staging, and production
- Dependency vulnerability scanning with automated alerts
Compliance
NEO is currently pursuing SOC 2 Type II certification covering Security, Availability, Confidentiality, Processing Integrity, and Privacy.
Data Residency
All customer data is stored in the AWS eu-west-1 (Ireland) region, supporting GDPR compliance requirements for EU data residency.
Reporting Security Concerns
If you discover a potential security issue, please contact us at support@neohr.io. We take all reports seriously and will respond promptly.
