ABOUT DEEL LOCAL PAYROLL, POWERED BY PAYSPACE

Cloud Security Overview

At Deel Local Payroll, powered by PaySpace, the security and privacy of our clients’ data are our highest priorities. We provide secure, cloud-native solutions that adhere to the most rigorous international standards and regional data protection laws, ensuring that your business stays compliant and protected.

Compliance

Our Commitment to Security

Our systems are built with end-to-end security in mind, incorporating advanced threat detection, real-time monitoring, and data encryption both at rest and in transit. With zero reliance on physical servers, we eliminate the risks of hardware failure and unauthorized physical access.

Certifications and Compliance

To reinforce our position as a leader in secure cloud technology, Deel Local Payroll, powered by PaySpace maintains the following certifications and regulatory compliance frameworks:

  • ISO 27001:2022 Certified: We are proud to be certified under the most recent ISO 27001:2022 standard, demonstrating our adherence to best practices in information security management.

  • SOC 1 and SOC 2 Compliant: Our internal controls meet the stringent criteria for SOC 1 and SOC 2, ensuring the integrity, availability, and confidentiality of your data.

  • POPIA, GDPR, and LGPD Compliance: We fully comply with global data privacy regulations, including South Africa’s POPIA, the EU’s GDPR, and Brazil’s LGPD. This ensures that personal data is handled responsibly and lawfully across all jurisdictions in which we operate.

Enhanced Data Residency Flexibility

In a move to better serve our international customers, we have officially launched a new data centre in Europe. This gives our custers the ability to choose where their company data is hosted—either in South Africa or Europe—allowing for enhanced flexibility and alignment with local data sovereignty requirements.

Secure by Design

With our modern, multi-tenant SaaS architecture, Deel Local Payroll, powered by PaySpace offers:

  • Redundant data backup across geographically dispersed locations.

  • Real-time failover and disaster recovery mechanisms.

  • Continuous vulnerability assessments and penetration testing.

  • Role-based access controls and multi-factor authentication for enhanced access security.

Infrastructure

  • Our services and data are hosted in Microsoft Azure facilities in South Africa and Europe – Read about Azure infrastructure security.
  • Deel Local Payroll services have been built with disaster recovery in mind. We use geo-replication to replicate our data in real-time to an Azure data center in Europe. We test our disaster recovery processes annually and record evidence of this for audit purposes.
  • Azure provides robust availability, based on extensive redundancy achieved with virtualization technology.
  • All of our services are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
  • Deel Local Payroll uses Azure SQL Server that has up to the minute backups going back 7 days and data is replicated in near real-time to our DR environment.
  • We use Azure Security Center to strengthen our security posture and track compliance.
  • We use Azure Defender for advanced protection of our Azure workloads.
  • We use Azure Sentinel to deliver intelligent security analytics and threat intelligence, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
  • We use a Web Application Firewall (WAF) for common exploits and vulnerabilities.

ISO 27001 Certified

  • We have been independently assessed and certified as meeting the exacting requirements of ISO 27001:2022 for our Information Security Management System (ISMS). The assessment, carried out by an accredited certification body, provides evidence to our customers, suppliers, employees and partners of our 100% commitment to securing the critical information assets that we hold; both our own and those of our clients.
  • We have also demonstrated the commitment throughout the company to ongoing and continuous improvement. It provides evidence of the existence of an effective ISMS that satisfies the international standard, ISO 27001.

SOC 1 and SOC 2 Compliant

  • Deel Local Payroll, powered by PaySpace has achieved SOC 1 and SOC 2 compliance, underscoring our commitment to top standards of security and confidentiality.

  • SOC 1 and SOC 2 certifications prove our strong data security and privacy measures. They enable us to serve customers confidently and ensure a secure environment for everyone.

Layers

Data

  • All customer data is stored in South Africa and Europe (DR) and is encrypted at rest.
  • Deel Local Payroll, powered by PaySpace is powered by a single instance, multi-tenant architecture, in which all users and applications share a single, common infrastructure i.e. database and code base, but is logically and unique separated for each customer. Authorisation and security policies ensure that each customer’s data is kept separate from that of other customers using a TenantID, which associates each record across multiple tables with an individual tenant.
Arrows

Data Transfer

  • All data sent to or from Deel Local Payroll, powered by PaySpace services is encrypted in transit using 256-bit encryption or greater.
  • Our API and application endpoints are TLS/SSL only and score an “A+” rating on SSL Labs’ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
Security

Authentication

  • Deel Local Payroll, powered by PaySpace is served 100% over https.
  • We have two-factor authentication (2FA) and strong password policies on Azure to ensure access to cloud services are protected.
  • We offer customers 2FA options when logging into Deel Local Payroll, powered by PaySpace using Google Authenticator, Email or SMS.
  • We can enable Single Sign On (SSO) for customers who use identity providers such as AzureAD, Google and Okta. Deel Local Payroll, powered by PaySpace uses OpenID Connect and OAUTH to achieve SSO.
Controls

Permissions and Admin Controls

  • Company administrators can define security roles and attach users to these roles. Roles can be defined to restrict or allow users access to a specific area within the system.
  • Administrators can give users access to organisational units defined on a company level. This further restricts users to only access employees attached to specific units.
Blocks

Application Monitoring

  • On an application level, an audit trail exists on every screen for traceability purposes.
  • All access to PaySpace services is logged and audited.
  • We use Azure Monitor to maximise the availability and performance of our applications and services. We use proactive alerts to notify us of any issues timeously.
Audits

Security Audits

  • We are independently audited for our ISO27001 certification annually.
  • We use a reputable 3rd party security specialist company for penetration testing.
Check

Compliance

  • Deel Local Payroll, powered by PaySpace is POPIA, GDPR  and LGPD compliant.