Support

How we keep your platform secure

adminmanageremployeesecurity Last updated 26 April 2026

Your HR Toolkit holds sensitive employee data: tax file numbers, bank details, super, performance records. Keeping that data secure is core to how the platform is built. This article gives you the high level picture of the controls in place.

Encryption

  • In transit. Every connection to the platform uses TLS 1.2 or higher (modern HTTPS). The browser-to-platform connection is encrypted end to end. We don’t accept unencrypted HTTP.
  • At rest. Sensitive employee fields (Tax File Number, bank account, bank BSB, bank name, super member number) are encrypted at the application layer using AES-256-GCM before being stored. A separate random initialisation vector is generated per record so two identical values produce different stored ciphertext.
  • Database storage. The underlying database (Cloudflare D1) and object storage (Cloudflare R2) provide their own encryption at rest on top of the application-layer encryption.
  • Encryption keys. Stored as Cloudflare Workers secrets, separate from the database. They are not visible from the application’s regular data plane.

Access controls

  • Role based permissions. Every user is one of four roles: Employee, Manager, Org Admin, or Kairos Admin. The platform enforces what each role can see and do, both in the UI and at the API.
  • Sensitive field gating. TFN, bank, and super details are visible only to users with payroll-admin level access. The TFN itself is never shown in the UI even to admins — only the fact that it has been provided.
  • Two-factor authentication (2FA). Every user can turn on 2FA for their account. See Set up two-factor authentication. Org admins can also require 2FA across the organisation.
  • API keys. Optional, scoped API keys for integrations. Keys are stored as SHA-256 hashes (the original key value is never stored) and can be revoked at any time.

Audit logging

Every meaningful action on the platform is recorded in an audit log: sign-ins, failed sign-in attempts, data changes, data exports, password resets, and any time someone uses the Login As feature to act on another employee’s behalf.

Each log entry captures who did the action, when, the IP address, the browser, and what changed. Sensitive field values are redacted from the log so the audit trail itself doesn’t leak data. See Audit logs and admin actions.

Hosting and infrastructure

The platform runs entirely on Cloudflare, which is a major global internet infrastructure provider. Specifically:

  • Workers for the application and API logic
  • D1 for the relational database (SQLite-based, replicated)
  • R2 for object storage (uploaded documents, images, attachments)
  • Pages for serving the web interface

Cloudflare maintains a comprehensive set of independent security certifications including ISO 27001, ISO 27018, SOC 2 Type II, and PCI DSS. The complete list of their current certifications is at cloudflare.com/trust-hub and is updated as their certifications evolve.

See Where your data is stored for more detail on data residency and infrastructure.

What you should do

The most important security control is the one you control: your account. We strongly recommend every user:

  • Turn on 2FA (see Set up two-factor authentication)
  • Use a strong, unique password (a password manager makes this easy)
  • Sign out of shared devices
  • Treat suspicious-looking emails carefully (phishing is the most common way attackers reach platforms)

See Account security best practices for the full checklist.

Reporting a security concern

If you find something that looks like a security issue (unauthorised access, unexpected behaviour, a bug that exposes data), email security@yourhrtoolkit.com.au straight away. We treat security reports as high priority and will respond within one business day.