Discover our features

Want to know all the features available on PayFit ? Here is a detailed list.

Payroll and declarations

Go to the product page

Security audits

  • Use of technology such as Sentry and AWS Cloudtrail to provide an audit trail over its infrastructure and the PayFit application. Auditing allows to perform ad-hoc security analysis, track changes made to the PayFit setup and audit access to every network layer.

  • Run of a private bug bounty programme on HackerOne to identify and mitigate security threats. Access to this programme is by invitation only.

Hosting & network

  • Management of all hosting facilities directly by Amazon Web Services, according to ISO 27001.

  • All transmissions between client and server and to external systems are performed through end-to-end HTTPS encryption.

  • PayFit's network splits into subnetworks, each handling a specific function, both for performance and security enhancement.

  • Separation of testing and production environments.

  • Isolation of PayFit network from the Internet, with the exception of a single entry point (proxy). Each point inside the network follows strict firewall rules.

  • Protection of access to PayFit systems through AWS and Kubernetes rights management.

  • Access to data, by authorised staff members, is only allowed through a VPN protected by 2FA authentication.

  • Monitoring and log of data transmission from IT systems that store or process personal data.

  • Synchronisation of all servers through an AWS NTP server.

Data

  • Data storage and backups situated in France.Encryption of all stored data in transit and at rest, including any backup copies.

  • Data anonymisation or non-transmission to sub-processors.

  • Mandatory user authentication by email and password (controlled by a strict policy) with the option of two-factor authentication (2FA) via SMS token authentication.Internally, data access, for authorised staff members, is only allowed through a VPN protected by 2FA authentication.

  • Data transmission through TLS/SSL only with HSTS and perfect forward secrecy fully enabled. PayFit is graded as an "A" rating on SSL Labs' tests.

  • Access to customer data restricted to identified teams, with a proportional and justified reason to do so. Systematic log of such access.

How does PayFit compare to an outsourced payroll solution?

PayFit's hybrid approach combines the best of two worlds - outsourcing, and in-house payroll. With PayFit, you get the control and visibility of a fully automated, cloud-based payroll software, AND dedicated support from CIPP payroll experts* (*Standard or Premium package).

Gestion du personnel

Accéder à la page produit

Security audits

  • Use of technology such as Sentry and AWS Cloudtrail to provide an audit trail over its infrastructure and the PayFit application. Auditing allows to perform ad-hoc security analysis, track changes made to the PayFit setup and audit access to every network layer.

  • Run of a private bug bounty programme on HackerOne to identify and mitigate security threats. Access to this programme is by invitation only.

Hosting & network

  • Management of all hosting facilities directly by Amazon Web Services, according to ISO 27001.

  • All transmissions between client and server and to external systems are performed through end-to-end HTTPS encryption.

  • PayFit's network splits into subnetworks, each handling a specific function, both for performance and security enhancement.

  • Separation of testing and production environments.

  • Isolation of PayFit network from the Internet, with the exception of a single entry point (proxy). Each point inside the network follows strict firewall rules.

  • Protection of access to PayFit systems through AWS and Kubernetes rights management.

  • Access to data, by authorised staff members, is only allowed through a VPN protected by 2FA authentication.

  • Monitoring and log of data transmission from IT systems that store or process personal data.

  • Synchronisation of all servers through an AWS NTP server.

Data

  • Data storage and backups situated in France.Encryption of all stored data in transit and at rest, including any backup copies.

  • Data anonymisation or non-transmission to sub-processors.

  • Mandatory user authentication by email and password (controlled by a strict policy) with the option of two-factor authentication (2FA) via SMS token authentication.Internally, data access, for authorised staff members, is only allowed through a VPN protected by 2FA authentication.

  • Data transmission through TLS/SSL only with HSTS and perfect forward secrecy fully enabled. PayFit is graded as an "A" rating on SSL Labs' tests.

  • Access to customer data restricted to identified teams, with a proportional and justified reason to do so. Systematic log of such access.