Shiftee maintains the highest standards for security and protection of your personal data.
Shiftee complies to and is certified with various security certificates as we follow strict risk management policies with handling our users' personal data.
ISO/IEC 27001 Certificationin progress
ISO/IEC 27001 is an international standard for information security management and supports organizations' data asset management and protection.
Information Security Tests
Shiftee conducts data protection vulnerability assessments through professional security consultants and consistently maintains the highest level of security.
Shiftee is trusted and used by many domestic and global companies.
Shiftee does not collect private information that is not for the purpose of time and attendance management. All collected data are encrypted in secure database at rest.
Collection of Limited Information
Shiftee is a time and attendance software and does not collect private sensitive information.
employee number (optional)
phone number (optional)
We protect our data from external access by encrypting all data to be incomprehensible.
Shiftee database encryption algorithm
Strong Password Algorithm
We use incomprehensible algorithm used in operating systems such as OpenBSD and Linux Distribution.
Location Based Service (LBS) Certified
We are registered and certified as a Location Based Service (LBS) by the Korea Communications Commission.
Collection and Disposal of Location Information
Shiftee collects location infomation for a limited time (only during clock-in and clock-out), and all location data are deleted immediately after clock in/out validation.
AWS Cloud Security
We save our data in Amazon Web Services (AWS) which is used by countless companies worldwide. Our server is located in the AWS Seoul region.
AWS Service Ready
By passing and meeting the requirements of the AWS Service Ready Program, Shiftee has proven to be of the highest level of expertise and security.
DDoS Attack Protection
As the largest cloud infrastructure, AWS maintains the highest level of security and defends against DDoS attacks.
Disastor Response System
Shiftee maintains Disaster Recovery Plan (DRP) and Enterprise Service Level Agreement (SLA) to respond quickly during crises and emergency situations.
All saved data are encrypted with AES-256 algorithm at rest, and passwords are encrypted additionally with a different algorithm to make decryption impossible.
We use and enforce https (TLS 1.2) for all client-server communications.
Access logs of the users are created. In the logs are the processor, process date and time, access IP, process records. The user's details of access, authorization, changes, and cancellations are preserved for a certain period.
You can grant system access with limited privileges to different members by tasks and positions.
We use AWS (Amazon Web Services) for hosting and the server is located in AWS Seoul data center.
We conduct vulnerability assessments every quarter and review carefully to fix any vulnerabilities detected.
Your Shiftee support team is here to assist you.