Your data is safe with us
We handle sensitive employee data. Here is exactly how we protect it.
Encryption at rest and in transit
All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. No exceptions.
Row-level security
Every database query is scoped to your organisation. Your data is never visible to other customers — enforced at the database level, not just the application layer.
Signed URLs for file access
Offer letter documents and attachments are never publicly accessible. Every file access requires a short-lived signed URL.
Third-party authentication
Provisio uses Clerk for authentication. Passwords are never stored by us. Clerk supports MFA, SSO, and passkeys.
Payments handled by Stripe
We never see or store payment card details. All billing is handled by Stripe, a PCI DSS Level 1 certified provider.
Infrastructure
Provisio runs on Vercel (compute) and Supabase (database), both hosted on AWS in US-East regions with automatic backups.
Security questions or concerns?
If you have a security question, need to complete a vendor questionnaire, or want to report a vulnerability, please reach out. We respond to all security inquiries within one business day.
Contact us