Resourceinn Security:
Data That’s Always Protected

Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.1+ protocols with 256-bit encryption.

Encryption at Rest

All sensitive data in our databases and backups is encrypted using the AES-256 encryption algorithm. Encryption keys are securely managed using Hardware Security Modules (HSMs) with regular rotation schedules.

Role-Based Access Control (RBAC)

Customizable roles (HR Admin, Payroll Admin, Manager, Employee, Auditor, Custom roles) with granular permissions ensure employees, admins, and managers access only the data required for their role.

Multi-Factor Authentication (MFA)

MFA is enforced for all administrative accounts and high-privilege roles; optional MFA is available for all other users.

Session Management

Automatic session timeout after 30 minutes of inactivity; configurable per organization.

Admin Activity Logging

All administrative actions are logged with timestamp, user ID, action details, and IP address for complete audit trails.

Password Security

Passwords are hashed and salted using industry-standard algorithms. Strong password requirements and periodic password reset policies are enforced based on your configuration.

Web Application Firewall (WAF)

Protects against common web attacks including SQL injection, cross-site scripting (XSS), and DDoS attacks.

DDoS Protection

Multi-layered DDoS mitigation with rate limiting and traffic analysis.

Intrusion Detection / Prevention (IDS/IPS)

Real-time monitoring and blocking of suspicious network activities.

Network Segmentation

Production, staging, and development environments are completely isolated.

Continuous Scanning

Automated vulnerability scanning of all systems at regular intervals.

Penetration Testing & Audits

Comprehensive internal penetration testing and vulnerability assessments conducted regularly. Independent security audits by external certified security experts are performed annually as part of ISO 27001 certification requirements.

Remediation Timeline

Security vulnerabilities are addressed according to severity: critical vulnerabilities patched within 24 hours; high-severity within 1 week; medium/low within 30 days.

Incident Response Procedures

Documented incident classification, investigation, containment, eradication, and recovery procedures are maintained with defined roles and escalation paths.

24/7 Monitoring

Security events are monitored continuously with defined playbooks and post-incident review procedures to identify and address root causes.

GDPR Breach Notification

In accordance with GDPR requirements, Resourceinn notifies relevant authorities within the mandatory 72-hour window of a confirmed data breach.

Notifications will include: (a) description of the incident; (b) categories/volume of data affected; (c) likely consequences; (d) measures taken or proposed; and (e) points of contact.

Notification is not an admission of fault.

Security Contact

Report vulnerabilities and security concerns to: [email protected]

Regular Updates

Security patches and updates are deployed during scheduled maintenance windows.

Critical Patch Deployment

Emergency hotfixes for critical vulnerabilities are deployed within 24 hours.

Zero-Downtime Deployment

Updates are deployed to live systems without service interruption through load balancing.

Advance Notice of Changes

For any material changes to Subprocessors (new vendors or changed roles), Resourceinn provides 7 days advance notice via client communication channels.

Client Objection Rights

Clients have the right to reasonably object to new or changed Subprocessors. If Resourceinn and the client cannot resolve the objection in good faith, the client may terminate the affected Services and receive a prorated refund of prepaid fees.

Periodic Reassessment

Subprocessor compliance and security posture is reviewed periodically to ensure continued adherence to security standards.

Due Diligence & Vetting

All third-party vendors (Subprocessors) used for hosting, storage, delivery, support, or security undergo security and compliance assessment before engagement.

Data Processing Agreements

Subprocessors are bound by data processing agreements with obligations no less protective than those in our Data Protection & Security Agreement.

Subprocessor List & Transparency

Resourceinn maintains a current list of all Subprocessors and their roles. This list is available upon request to clients.

Failover & Redundancy

Seamless failover to secondary data centers. Resources distributed across multiple regions for continuous availability.

Service Level Agreement (SLA)

99.95% uptime guarantee with automatic credits for downtime exceeding SLA.

Business Continuity Testing

Quarterly disaster recovery drills and annual comprehensive testing ensure readiness.

Backup Frequency & Distribution

Automated daily backups with hourly incremental backups. Backups are stored across multiple geographically distributed data centers for maximum redundancy.

Recovery Objectives

Recovery Time Objective (RTO): Maximum 72 hours for complete system recovery
Recovery Point Objective (RPO): Maximum 7 days of data loss

Backup Security & Testing

All backups are encrypted, isolated from production systems, and version-controlled for point-in-time recovery. Regular backup restoration tests verify data integrity and recovery procedures.

Data Storage Locations

Primary data storage locations: Singapore and Kingdom of Saudi Arabia (KSA). Data is stored in secure, ISO 27001 certified data centers in these regions.

No Data Mining or Secondary Use

Your data is never used for any purpose other than providing the Resourceinn service.

Complete Activity Logging

Every data access, modification, deletion, export, and login is tracked with user, timestamp, IP address, and action details.

Tamper-Proof Logging

Audit logs are immutable and cannot be modified or deleted by any user, even administrators.

Log Access Control

Only authorized audit administrators can access and export audit logs.

Real-Time Alerts

Configurable alerts for suspicious activities (failed login attempts, unusual data access patterns, etc.).

Export During Active Subscription

During your subscription term, you can export your data at any time using available tools and APIs in commonly used formats.

Post-Termination Data Export

Upon service termination or written request, Resourceinn makes your data available for export in a commonly used format (e.g., CSV) for 30 days following the termination date.

Deletion from Active Systems

After the 30-day export window, Resourceinn commences secure deletion of your data from active production systems.

Backup Deletion Timeline

Backups containing your data will be overwritten in the ordinary course of backup cycles and are targeted for deletion within 90 days following active data deletion.

Legal Hold & Dispute Resolution

If deletion must be delayed due to legal requirements or dispute resolution processes, data is isolated and protected from routine processing.

Certificate of Deletion

Upon completion of deletion, Resourceinn will provide a written certificate of deletion upon client request.

Data Transition Assistance

Upon termination, Resourceinn provides reasonable cooperation to support your data transition to another platform. Professional services rates may apply for extended transition support.