Security

Platform security overview

SiklabHR is built with security as a foundation. Every layer — from authentication to data access — is designed to protect your organization's people data.

Identity & Access

JWT-based sessions with OTP verification for new devices and sensitive flows. Role-scoped access per tenant ensures users only see what they need.

Data Protection

256-bit TLS encryption in transit. Tenant-scoped data access checks across all employee, payroll, and leave APIs prevent cross-tenant leakage.

Audit Trails

Critical events are logged with full audit trails. Soft-delete patterns preserve records for compliance review and incident response.

API Security

Server-side validation and standardized error handling on every endpoint. Input sanitization and schema validation guard against injection and malformed data.

Compliance

SiklabHR is designed in alignment with the Philippine Data Privacy Act (RA 10173). Tenants retain control over their data and can request deletion or export in accordance with applicable law.