Trust Center

Security is foundational at Tempo. We protect your workforce data with enterprise-grade controls.

Certifications & Compliance

In Progress

SOC 2 Type II

Independent audit of security, availability, and confidentiality controls. Expected completion Q2 2026.

Security controlsAvailability monitoringConfidentiality safeguardsProcessing integrity
Planned

ISO 27001

Information security management system certification. Planned for H2 2026.

Risk assessmentSecurity policiesAsset managementAccess control
Active

GDPR Compliant

Full compliance with EU General Data Protection Regulation including DPA availability.

Data subject rightsLawful processingData minimizationBreach notification
Active

CCPA Compliant

California Consumer Privacy Act compliance for US data subjects.

Right to knowRight to deleteOpt-out rightsNon-discrimination

Security Architecture

Encryption

TLS 1.3 in transit, AES-256 at rest. All data encrypted by default.

Authentication

PBKDF2 password hashing, MFA/TOTP support, JWT sessions with 7-day expiry.

Access Control

Role-based access (Owner, Admin, HRBP, Manager, Employee) with row-level security.

Audit Logging

Every create, update, delete, login, and logout is recorded with user and IP context.

Data Isolation

Tenant isolation via org-scoped queries. Cross-org data access is architecturally prevented.

Infrastructure

Hosted on Vercel (edge) with Neon PostgreSQL (serverless). SOC 2 certified providers.

Vulnerability Management

Dependency scanning, OWASP top 10 protection, rate limiting on sensitive endpoints.

Incident Response

72-hour breach notification per GDPR. Documented incident response procedures.

Need More Details?

Enterprise customers can request our full security documentation, penetration test reports, and Data Processing Agreement.