Security & Trust

Your team's data, treated with care.

PeopleBridge holds SSNs, I-9 documents, direct deposit details, and signed consent forms. We treat that data with the seriousness it deserves — row-level security on every table, encryption at rest, masked storage for the most sensitive fields. Here's exactly what that means.

🛡️ Row-level security

Every database table has policies that enforce tenant isolation. An employee at one business cannot see (or even query for) data from another — enforced at the database level, not just the app.

🔒 Encryption at rest

All data is encrypted at rest by our cloud provider. Connections to the database use TLS in transit. Backups are encrypted automatically.

🙈 SSN & bank info masked

During onboarding, the full SSN and bank account/routing numbers are encrypted server-side. Managers and owners only ever see the last 4 digits — no one in your team can read the full values.

📝 Audit log on sensitive actions

Schedule publishes, employee terminations, password resets, and consent signatures are all timestamped and attributed in an immutable log. Useful for disputes, payroll questions, and labor compliance.

📍 GPS verification, not surveillance

Clock-in records the employee's location at the moment they tap "Clock In" — no background tracking. Coordinates are kept for dispute resolution only and never sold or shared.

✅ Consent forms with audit trail

Every policy acknowledgment is signed in-app with timestamp, IP, and version tracking. Server-side validation guarantees a required form can't be skipped — the legal "consent gate" is database-enforced.

What data we collect

Only what's needed to run your team's schedule, payroll, and HR records:

  • Employee profile — name, email, phone, hourly rate, employment type
  • Onboarding (optional) — DOB, address, emergency contacts, W-4 elections, I-9 documents, direct deposit details
  • Operational — shift assignments, clock-in events (with GPS at clock-in time), time-off requests, messages
  • Integration data — if you connect a POS (Toast, Square, or Clover today; TouchBistro on the roadmap), Stripe Billing, or an upcoming payroll/accounting/ChMS system, we sync only the data needed for that integration (e.g. orders, tips, tax, and employee mappings for POS; subscription state for Stripe)

We do not use your data to train models, sell to third parties, or share with advertisers. We never will.

Where data lives

Your data is stored in Supabase (Postgres) on Amazon Web Services (us-east region). Supabase handles encryption at rest, automated backups, and physical security. The app frontend is served from Vercel's global CDN.

Email is delivered via Zoho SMTP through Make.com for the trigger workflow. No PII beyond a recipient email + first name appears in those payloads.

Who can see what

  • Employees see their own schedule, clock history, messages, and profile. Nothing else.
  • Managers see the team and locations assigned to them — not other locations, not other businesses.
  • Owners see everything in their own organization.
  • No one sees data from another customer's organization. Cross-tenant isolation is enforced by Postgres row-level security, not by the application code.

What's not done yet — honest list

We're an early-stage product. Here's what we don't have yet but plan to add:
  • SOC 2 certification — on the roadmap for 2027
  • Customer-managed encryption keys — not currently offered
  • HIPAA / BAA — we don't sign BAAs yet. PeopleBridge is for workforce management, not patient management — no patient data (PHI) is ever stored — so it stays outside HIPAA's patient-data scope. (BAA availability tracked for 2026.)

Reporting a vulnerability

If you've found a security issue, please email info@peoplebridge.app with details. We respond within 24 hours and credit responsible disclosure in our changelog (with your permission).

Questions? We'd rather you ask.

Email info@peoplebridge.app and we'll answer — usually within a few hours.

Start your free trial