Security

Shiftee maintains the highest standards for security and protection of your personal data.

Compliance and Certifications

Shiftee complies to and is certified with various security certificates as we follow strict risk management policies with handling our users' personal data.

ISO/IEC 27001 Certification

ISO/IEC 27001 is an international standard for information security management and supports organizations' data asset management and protection.

Information Security Tests

Shiftee conducts data protection vulnerability assessments through professional security consultants and consistently maintains the highest level of security.

Shiftee is trusted and used by many domestic and global companies.


Method of Data Protection

Shiftee does not collect private information that is not for the purpose of time and attendance management. All collected data are encrypted in secure database at rest.

Collection of Limited Information

Shiftee is a time and attendance software and does not collect private sensitive information.


Collected data

name
email address
employee number (optional)
phone number (optional)

Encryption Algorithm

We protect our data from external access by encrypting all data to be incomprehensible.


AES-256 Algorithm

Shiftee database encryption algorithm

Strong Password Algorithm

We use incomprehensible algorithm used in operating systems such as OpenBSD and Linux Distribution.

Location Based Service (LBS) Certified

We are registered and certified as a Location Based Service (LBS) by the Korea Communications Commission.


Collection and Disposal of Location Information

Shiftee collects location infomation for a limited time (only during clock-in and clock-out), and all location data are deleted immediately after clock in/out validation.

Cloud Service with Guaranteed Safety

AWS Cloud Security

We save our data in Amazon Web Services (AWS) which is used by countless companies worldwide. Our server is located in the AWS Seoul region.

AWS Service Ready

By passing and meeting the requirements of the AWS Service Ready Program, Shiftee has proven to be of the highest level of expertise and security.

DDoS Attack Protection

As the largest cloud infrastructure, AWS maintains the highest level of security and defends against DDoS attacks.


Disastor Response System

Shiftee maintains Disaster Recovery Plan (DRP) and Enterprise Service Level Agreement (SLA) to respond quickly during crises and emergency situations.

FAQ

All saved data are encrypted with AES-256 algorithm at rest, and passwords are encrypted additionally with a different algorithm to make decryption impossible.

We use and enforce https (TLS 1.2) for all client-server communications.

Access logs of the users are created. In the logs are the processor, process date and time, access IP, process records. The user's details of access, authorization, changes, and cancellations are preserved for a certain period.

You can grant system access with limited privileges to different members by tasks and positions.

We use AWS (Amazon Web Services) for hosting and the server is located in AWS Seoul data center.

We conduct vulnerability assessments every quarter and review carefully to fix any vulnerabilities detected.

Any further questions regarding data protection and security?

Your Shiftee support team is here to assist you.