Technical overview

Security &
Compliance

This page is designed for IT, security, and procurement teams evaluating the Peopletree Group platform. It covers cloud architecture, encryption standards, access controls, compliance certifications, and integration capabilities.

SOC 2 Type 2 Certified

TLS 1.2 + AES-256

Annual Penetration Testing

SOC 2 Type 2 Certified

Security & Confidentiality

Audited by Laika Compliance LLC (AICPA)

No significant incidents recorded

Compliance posture

SOC 2 Type 2

Security & Confidentiality - independently audited

Annual penetration testing

Gray-box - all findings remediated

GDPR / POPIA

Data processing agreements available

Azure Security Centre

Continuous threat detection active

Cloud infrastructure

Platform architecture

The Peopletree platform runs entirely on Microsoft Azure in the Germany West Central region. All components are deployed within a private virtual network with no public-facing management ports.

Primary region

Azure Germany West Central

High availability

Multi-zone redundancy

Disaster recovery

Geo-redundant with point-in-time restore

Uptime SLA

99.9% (Azure-backed)

Azure App Service

Serverless compute - application hosting

Azure SQL Server

Relational data storage - AES-256 TDE encrypted

Azure MySQL Server

Assessment data storage - AES-256 encrypted

Azure Key Vault

Cryptographic key management

Azure Cache for Redis

Session and performance caching

Azure Virtual Network

Network isolation - private endpoints, no public IPs on databases

Network Security Groups

Inbound/outbound traffic control with defined port allowlists

Azure Application Gateway

Load balancer with WAF v2 - OWASP 3.2 ruleset

Azure OpenAI (EU-hosted)

AI narrative generation - enterprise-grade AI model, no PII in prompts

Azure CDN

Static asset delivery - global edge network

Azure Monitor / Log Analytics

Infrastructure monitoring - 90-day+ log retention

Microsoft Defender for Cloud

Threat detection and vulnerability management

Data protection

Encryption & access controls

Data in transit

TLS 1.2 on all connections

Data at rest

AES-256 / FIPS 140-2 compliant

Database encryption

Transparent Data Encryption (TDE) on all SQL and MySQL instances

Key management

Azure Key Vault - dedicated per environment

Certificate management

Azure-managed SSL certificates with automated renewal

Identity & access

Access management

Authentication

Auth0 - OIDC/JWT, SAML, ADFS, MFA enforced

SSO providers

Auth0, Microsoft Entra ID, ADFS/SAML - enterprise federation supported

Authorisation

Role-based access control (RBAC) at subscription and resource group level

API authentication

JWT bearer tokens with defined expiration and rotation controls

Admin access

VPN-gated management plane access - no public management ports exposed

Access provisioning

Manager-approved access requests; revocation within 24 hours of termination

Data governance

Data handling & residency

Hosting region

Microsoft Azure - EU-based data centre, GDPR-compliant region, with CDN edge nodes globally

Data classification

Formal data classification policy - confidential, internal, and public tiers

Data retention

Defined per customer contract; data purged on request within agreed SLA

Data isolation

Customer data logically isolated per tenant; no cross-tenant data access

Backup

Azure-managed geo-redundant backups with point-in-time restore

AI data handling

Azure OpenAI prompts contain only structured talent data - no personal or identifiable information included

GDPR / POPIA

Data processing agreements available; customer controls data classification and retention

Connectivity

Integrations & interoperability

The Peopletree platform integrates with any data source via REST API, SFTP, or direct database connection. Named integrations below are pre-built and tested; custom integrations are scoped during implementation.

HRIS / Payroll

Payspace

Sage VIP

Oracle Fusion

SAP SuccessFactors

Workday

Any HRIS via API

Identity & SSO

Auth0

Microsoft Entra ID

ADFS / SAML 2.0

OIDC-compatible providers

Data transfer

Secure SFTP (TLS 1.2, key-pair auth)

REST API (HTTPS/TLS 1.2)

Azure ETL pipeline

Direct database integration on request

Analytics

Tableau (embedded analytics)

DataWiz custom dashboards

Export to Excel / CSV

Communication

SendGrid (transactional email - dedicated IP)

Tawk.to (live chat / ticketing)

Monitoring & logging

Sentry.io (exception tracing)

Azure Monitor

Log Analytics Workspace (90-day+ retention)

Compliance

Certifications & audits

Peopletree Group undergoes independent third-party audits on an annual basis. Full reports are available to prospective customers and IT teams under NDA.

SOC 2 Type 2

Laika Compliance LLC / AICPA

Scope

Security & Confidentiality

Outcome

No significant incidents

Independent audit confirming controls for security and confidentiality were suitably designed and operated effectively throughout the audit period. Full report available under NDA.

Annual Penetration Testing

Third-party assessment

Coverage

Web applications & APIs

Findings

All remediated

Annual gray-box penetration test conducted by an independent security firm. All identified findings are remediated and validated before the report is closed. Executive summary available under NDA.

SOC 2 Type 2 - Security & Confidentiality

Audited by Laika Compliance LLC under AICPA Trust Services Criteria. The audit confirmed that Peopletree Group's controls for security and confidentiality were suitably designed and operated effectively throughout the audit period. The full report is available to prospective customers and business partners under NDA.

Operational controls

Security procedures

Change & vulnerability management

All changes reviewed, tested, and approved before deployment

Continuous vulnerability scanning - critical patches within 24 hours

Microsoft Defender for Cloud - real-time threat detection

Incident response

Documented plan: identification, containment, remediation, and communication

Notification to affected parties within agreed windows

90-day+ log retention via Azure Monitor and Log Analytics

Business continuity

Documented BC/DR plan with defined resumption steps

Geo-redundant storage with point-in-time restore

Redundant infrastructure with load balancing on Azure

Personnel & vendor security

Security awareness training and background checks for all employees

Role-based access provisioning - revoked within 24 hours of termination

All vendors assessed for security compliance before onboarding

Full operational security procedure documentation - including incident response SLAs, change management policies, and BC/DR plans - is available in the Client Portal.

Need the full security documentation?

The full SOC 2 Type 2 report, penetration test executive summary, and data processing agreements are available to prospective customers and IT teams under NDA.

Access the Client Portal Request Security Pack

Security &Compliance