Security and Reliability

BrightHR is committed to keeping your employee and business information safe and secure. This page explains how we protect, safeguard and store your data.

Who is BrightHR?

We're a trusted HR software provider for small business owners and we’ve designed software systems for over five years.

We have a global audience with over 100000 customers in the UK, Ireland, Canada, New Zealand and Australia—and we’re still growing.

How does your software perform?

We know how important it is for you to access your business data quickly. That’s why we host several instances of our software in multiple data centres and use traffic management technology to direct traffic to the fastest responding service.

As a result, our software always operates at a high level of speed and reliability.

What security measures do you have in place?

With our two-factor authentication feature, a BrightHR user has to enter a unique code sent to their mobile to access their BrightHR account.

We also ask users to follow strong password complexity rules and change their passwords regularly. Plus, we monitor any changes to admin accounts to make sure they’re genuine..

Your data and where it's held

We hold your data in highly secure local data centres. For customers subscribing in the Republic of Ireland we store data in the European Union. For Customers subscribing in the United Kingdom we store data in the United Kingdom and the European Union. For Customers subscribing in Canada, Australia or New Zealand we store data in the county of subscription.

This complies with the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) and local data protection legislation. We assume that both the DPA and GDPR will not change following the UK's exit from the European Union. However, we will manage any law changes to make sure we remain compliant.

How we monitor access to your data

The security of your data is our top priority, which is why we have a dedicated information and cyber security team.

We use standard authentication mechanisms to identify users, so we know exactly who’s accessing your data. We also restrict or allow access to data based on a user’s role and their need to access the data, to make sure that information stays confidential.

To prevent external access to your data, we deploy our system in Microsoft's Azure platform.

Azure has in-built protection and controls access to our systems and data.We also run regular internal vulnerability tests and address any issues found.

How we comply with GDPR

As a business, we’re committed to complying with the General Data Protection Regulation (GDPR) for our software products.

When you subscribe to BrightHR, we become the data processor and you remain the data controller. We always store data local to the company that are using it and use encryption to protect it.

We also use secure protocols for transporting the data and when asked to delete the data, we remove it permanently from the system.

It's highly unlikely that there will ever be a data breach, but if there is, we will inform you immediately. Under the ICO guidelines for breaches, we must inform the ICO within 72 hours of becoming aware of a breach.

Useful Links


BrightHR is ISO27001 and accredited by the Cyber Essentials Plus. It is also PCI compliant and registered with the ICO.

See certificates


To learn more about how our BrightHR accounts operate, you can access the full terms and conditions on our website.

Read full T&Cs

Security FAQs

Got more security questions? No problem. Head to our Support Hub to browse our most frequently asked questions now.

Go to Support Hub