Security

Information security is more than just a concern for us; it’s an absolute priority deeply ingrained in our corporate culture. We recognize that our customers’ trust relies on the rigorous protection of their data, and we take this commitment very seriously.
To email us with a vulnerability or other security concern, send an email to privacy@folkshr.com.

End-to-End Security 

Folks is hosted on Amazon Web Services (AWS) and render, providing end-to-end security and privacy features built in. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security.

Please refer to Amazon Security and for render please refer to Trust Render.

Certification standards

SOC 2

Security and trust are integral at Folks. We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually. 
Please contact privacy@folkshr.com for Folks latest report.

PCI-DSS

We work with our payment partner, Chargebee, to ensure we meet the global security standard for handling cardholder data. You can find all the information about their security here.

LAW 25 (Québec)

Folks is committed to complying with the legal requirements outlined in Law 25, which aims to strengthen the privacy protection of residents of Quebec. We implement measures to provide a secure platform for our customers. However, it is essential to note that Folks is a service intended for human resources management under a contract with your company, not your employees. Therefore, it is the responsibility of our customers to establish their own privacy policy regarding their personnel, and Folks is not responsible for its clients’ overall compliance with Law 25. See our Privacy Policy Privacy Policy.

Previous Next

Data protection

Data at rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Data in transit

Folks uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. 
We also use features such as HSTS 
(HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS 
and deployed via Application Load Balancers.

Sensitive Data

All datastores with customer data, in addition to S3 buckets, are encrypted at rest.This means that customer data stored in various datastores and S3 buckets are protected through encryption, ensuring that the information remains secure and inaccessible to unauthorized users. Additionally, sensitive data is further safeguarded using the robust aes-256 encryption algorithm, enhancing the overall security measures and ensuring the confidentiality and integrity of the stored information.

Data Center Security

Folks customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third-party assessments to ensure complete and ongoing state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers worldwide, and the data centers themselves are secured with various physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here. Folks Customers Data Residency through our Amazon Web Services-operated data centers in Canada.

Penetration testing

Folks engages with one of the best penetration testing consulting firms in the industry at least annually. We make summary penetration test reports available by sending us an email to privacy@folkshr.com.

Questions about security or compliance?

Keeping our clients’ data secure is an absolute top priority at Folks. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience. To email us with a vulnerability or other security concern, send an email to privacy@folkshr.com.