Employee management has never been easier. We are ready to show how easily you can digitize your admin needs, and get all your employee management processes in order!
Last updated 23rd October 2020
We enable permission levels within the Service to be set for your users either by adjusting permissions on the default roles or by creating your own roles for more granular control. Permissions can be set for access to personal data, both which fields and which users, as well as for the various aspects of organization management.
Huma services and data are hosted in Amazon Web Services (AWS), Neo4j Aura and MongoDB Atlas facilities, all in the EU.
On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes.
Access to customer data is limited to authorized employees who require it for their job. Huma is served 100% over https. Huma runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Huma’s network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on all cloud services used to deliver Huma, to ensure access is protected.
All communication with our API and application endpoints are TLS/SSL encrypted in transit. We also encrypt data at rest.
Huma uses third party security tools to regularly scan for vulnerabilities. Our dedicated security team responds to issues raised. We engage third-party security experts to perform penetration tests on the Huma application and infrastructure, with multiple tests for specific functionality and one detailed full-service test annually.
Huma implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
All employees complete Security and Awareness training annually.
Huma has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
All employee contracts include a confidentiality agreement.
All payments made to Huma go through our partner, Recurly. Details about their security setup and PCI compliance can be found at Recurly’s security page.
If you think you may have found a security vulnerability, please get in touch with our security team at security@hu.ma.
Learn more about Huma by reading our Terms of Service and Privacy Policy.
