Security
We value your trust.
Punchcard is built to keep your audit data secure and protected. Our business depends on it. We undergo regular third-party audits on our security measures to stay aligned with our high standards.
Encryption
All connections to Punchcard are encrypted using TLS, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade from Qualys SSL Labs. Customer data is encrypted at rest and in transit.
Software development
New product functionality is reviewed for security impact before it ships. Development, testing, and demo environments are separate from production. All code development goes through a standard review process.
Access management
We employ a dynamic access-control policy: accounts and personnel get only the access essential to their roles. Regular audits and role-based access reviews maintain optimal security and minimize risk.
Vulnerability assessments
Code, libraries, and systems undergo frequent vulnerability scans. When potential risks surface, we apply patches and updates promptly to mitigate identified security concerns.
Single sign-on
Enable SSO for your workspace and give your team access to Punchcard without compromising on security. SSO gives you deeper administrative control and a layer of protection around audit data.
Multi-factor authentication
We require MFA for all internal accounts. This addresses the risk of unauthorized access and ensures a higher level of data protection and identity assurance across our systems and sensitive customer information.
Report a security issue.
If you believe you've found a security vulnerability in any Punchcard product, please email security@punchcard.com. We'll acknowledge your report within one business day and keep you updated as we investigate.