Happy HR employs enterprise-grade encryption standards, layered security controls, and industry-leading cloud technologies trusted by major SaaS providers and financial institutions to ensure the confidentiality, integrity, and availability of your HR data.
We are committed to maintaining a secure platform that protects customer information, supports business continuity, and aligns with recognised cybersecurity and privacy best practices.
Last updated: 22/05/2026
1. Infrastructure, hosting & backups
Happy HR is hosted exclusively within Amazon Web Services (AWS) infrastructure located in the Sydney, Australia (ap-southeast-2) region. No customer data is stored or replicated outside Australia unless explicitly authorised by the client.
AWS provides world-class physical and network security and is trusted by governments, financial institutions, and some of the largest global technology companies. AWS infrastructure is designed with high availability, redundancy, and fault tolerance to support continuous access to your data and minimise service disruption.
Happy HR benefits from AWS’s highly resilient architecture and uptime commitments, including:
- Redundant infrastructure across multiple availability zones
- Enterprise-grade networking and perimeter protection
- Continuous infrastructure monitoring and threat detection
- Automated failover and recovery capabilities
- Industry-leading physical security controls within AWS facilities
To protect against accidental deletion, corruption, or system failure, Happy HR maintains secure incremental backups of customer data and file storage. Backup snapshots are retained for a rolling 20-day period and are encrypted and protected using AWS security controls.
Disaster recovery and backup procedures are regularly reviewed to support data resilience and business continuity requirements.
2. Data security & encryption
Protecting customer data is a core principle of the Happy HR platform.
Customer information is securely stored within protected AWS cloud infrastructure rather than local devices or on-premise systems. This reduces the risk associated with hardware theft, loss, or local system compromise.
Happy HR uses multiple layers of encryption and security technologies to protect sensitive information, including:
- Encryption of data at rest
- Encryption of data in transit using SSL/TLS protocols
- Salted and hashed protection mechanisms for sensitive credentials and personal information
- Secure cryptographic standards aligned with NIST recommendations
- Restricted access controls and authentication requirements
Sensitive information stored within the platform is protected using industry-recognised cryptographic mechanisms designed to reduce the risk of unauthorised access, interception, or exposure.
All communication between users and the Happy HR platform is encrypted via HTTPS to ensure secure transmission of information over the internet.
3. Customer data ownership & privacy
Happy HR customers retain ownership and control of their data at all times.
We do not sell, rent, disclose, or commercially exploit customer information or employee records. Data is only processed for the purpose of delivering Happy HR services and supporting authorised platform functionality.
Access to customer environments is strictly controlled and limited to authorised personnel where necessary for:
- Technical support
- Troubleshooting
- Maintenance activities
- Security incident response
Happy HR personnel cannot access customer data without appropriate authorisation and legitimate operational need.
Happy HR complies with applicable Australian privacy obligations and operates in accordance with the principles of the Privacy Act 1988 (Cth), including responsible handling, storage, and protection of personal information.
4. Security monitoring, access control & platform protection
Happy HR applies a defence-in-depth security approach using multiple layers of technical and administrative controls.
These protections include:
- Firewalls and network segmentation
- Web Application Firewall (WAF) protection
- Intrusion detection and monitoring capabilities
- Access logging and audit trails
- Role-based access controls (RBAC)
- Multi-layer authentication and permission management
- Continuous infrastructure monitoring
Administrative access to production systems is highly restricted and limited to authorised senior developers and infrastructure engineers only.
All privileged access activity is logged, monitored, and auditable to support accountability and incident investigation processes.
Happy HR also maintains secure development and deployment practices designed to reduce vulnerabilities and strengthen platform security throughout the software development lifecycle.
5. Compliance, audits & security assurance
Happy HR is proud to maintain ISO 27001 certification, demonstrating our commitment to internationally recognised information security management standards.
To support ongoing compliance and cybersecurity maturity, Happy HR undergoes regular independent security assessments and audits conducted by qualified third-party cybersecurity organisations.
These audit providers hold ISO 27001 and CREST certifications, ensuring audits are performed to internationally recognised standards.
Independent audits and reviews help validate the effectiveness of Happy HR’s:
- Security controls
- Risk management processes
- Access control procedures
- Infrastructure protections
- Operational security practices
Our ongoing cybersecurity program includes:
- Continuous security improvement initiatives
- Threat monitoring and risk assessment
- Phishing awareness and prevention measures
- Secure account management practices
- Shared cybersecurity responsibility education
6. PCI DSS & payment security
Happy HR uses EWAY which is PCI compliant and follows strict payment security standards to protect financial transaction information.
For payment processing, Happy HR uses EWAY, a trusted and secure Australian payment gateway provider.
Importantly:
- Happy HR does not store customer credit card details
- Cardholder information is processed securely via EWAY
- Payment transactions are encrypted during transmission
- Sensitive payment data is isolated from the Happy HR platform environment
This approach minimises risk exposure and aligns with industry best practices for secure payment processing.
7. Staff security & internal policies
Happy HR recognises that strong internal security practices are essential to maintaining customer trust.
All Happy HR employees:
- Are trained in privacy and data handling obligations
- Operate in accordance with the Australian Privacy Act
- Follow internal security and confidentiality policies
- Are required to maintain strict access and information handling standards
For additional security assurance, all staff undergo police background checks prior to employment.
Happy HR also maintains internal processes and procedures relating to:
- Access management
- Incident response
- Security awareness
- Confidentiality obligations
- Acceptable use policies
- Ongoing staff training and compliance
8. Ongoing commitment to security
Cybersecurity is an ongoing priority at Happy HR. We continuously review and enhance our systems, controls, and operational practices to respond to evolving threats and industry standards.
Our objective is to provide customers with a secure, reliable, and trusted HR platform that protects sensitive employee and business information while supporting compliance and operational confidence.
9. Subprocessors
Happy HR engages a limited number of trusted third-party service providers (“Subprocessors”) to support the delivery, hosting, maintenance, security, and payment functionality of the Happy HR platform.
All subprocessors are carefully selected based on their security, reliability, compliance standards, and operational capabilities. Where applicable, subprocessors are required to maintain appropriate security controls and comply with relevant privacy and data protection obligations.
Happy HR takes reasonable steps to ensure subprocessors handle customer data securely and only process information necessary to provide their services.
Current Subprocessors
Name:
Amazon Web Services
Purpose:
Cloud hosting infrastructure, secure data storage, backups, networking, and platform availability
Data location:
Sydney, Australia (ap-southeast-2)
Name:
EWAY
Purpose:
Secure payment gateway and payment transaction processing
Data location:
Australia
Name:
Microsoft
Purpose:
Business productivity, internal operations, and communication systems (where applicable)
Data location:
Australia
Name:
Cloudflare
Purpose:
Web application firewall (WAF), performance optimisation, and DDoS protection (where applicable)
Data location:
Global network
Name:
Atlassian
Purpose:
Internal ticketing, support, and operational management tools (where applicable)
Data location:
Australia
Name:
Flare
Purpose:
Flare is our onboarding partner that the data is shared for validation to correct banking / super details to the individual. This ensures the data is valid and correct when inducting an employee. This means the correct data so the benefits can be created as the data is validated, this is required for onboarding.
Data location:
Microsoft Azure / Australia
Name:
Superpath
Purpose:
Superpath is our learning partner. We work with them for e-learning content and all that is shared is name, email to validate a user account. This is only shared if you choose to add an employee to Happy learning, when you choose to connect that data.
Data location:
Google Cloud Australia/Global
Happy HR ensures that subprocessors:
- Only access data necessary to perform their services
- Maintain appropriate technical and organisational security measures
- Are subject to confidentiality and data protection obligations
- Support secure transmission and storage of information
- Operate under contractual arrangements aligned with privacy and security requirements
Where customer data is stored or processed by subprocessors, Happy HR seeks to ensure the data remains hosted within Australia. Some operational or support subprocessors may process limited metadata or operational information through global infrastructure networks.
Subprocessor management
Happy HR may update or replace subprocessors from time to time as our services evolve. Any new subprocessors are assessed through internal vendor and security review processes prior to engagement.
Customers may request additional information regarding subprocessors or data handling practices by contacting Happy HR directly.
