Employee data is among the most sensitive information an organization holds. Salaries, performance records, medical leave, personal documents — all of it lives in your HR system. Here's exactly how PinoX protects it.
Authentication & access control
Every PinoX session starts with a cryptographically signed JWT token. Tokens carry a configurable expiry window with sliding refresh — meaning inactive sessions expire automatically, and active sessions extend without disrupting the user experience.
Passwords are never stored in plain text. We use bcrypt hashing with a configurable work factor, making brute-force attacks computationally impractical even if a database were somehow compromised.
Access to every resource is controlled by Role-Based Access Control (RBAC) enforced at the API layer — not just the UI. Even if someone bypasses the frontend, they can't access data their role doesn't permit.
Encryption in transit and at rest
All data transmitted between your browser and the PinoX API is encrypted via TLS 1.2+. We enforce HTTPS everywhere — there is no HTTP fallback.
Data stored in the database is encrypted at rest using AES-256, the same standard used by financial institutions and government agencies. Keys are managed through Azure Key Vault, completely separate from the application layer.
"Security isn't a feature we added at the end. Every architectural decision — from the API gateway to the database schema — was made with data protection as a first-class requirement."
The audit trail
Every action in PinoX — every record update, every approval, every login — is written to a tamper-evident audit log that records the user, timestamp, IP address, and the exact change made. This log is stored separately from application data and cannot be modified through the application layer.
This isn't just good practice — it's essential for KVKK compliance in Turkey and GDPR alignment across Europe.
Azure infrastructure
PinoX runs on Microsoft Azure — the same infrastructure trusted by 95% of Fortune 500 companies. Our deployment uses:
Infrastructure security layers
- Private virtual network — database never exposed to the public internet
- DDoS Protection Standard — automatic mitigation of volumetric attacks
- Azure Monitor — 24/7 alerting on anomalous activity
- Azure Key Vault — centralized secret and key management
- App Service managed certificates — automatic TLS renewal
- Geo-redundant backups — point-in-time recovery available
Compliance
PinoX is designed with KVKK (Turkish Personal Data Protection Law) compliance as a baseline, with GDPR alignment for European operations. CALIGO, the company behind PinoX, holds ISO 27001 certification for information security management.
For Enterprise customers, we support deployment against your own managed database instance — meaning your data never leaves your infrastructure at all.