We take security & privacy seriously


We follow state of the art security standards

We use modern security protocols. All our data is hosted on Google Cloud storage platform. We use end-to-end HTTPS encryption for all external network communication.

Our uptime is above 99.9% and we have full replication of all the data on two database nodes. Our systems are regularly tested by external penetration testing teams.

Read more about our security in the FAQ below →

Have a question about security?

Where is my data stored?

Management of all hosting facilities directly by Google Cloud (Belgium data centre). Data transmission through TLS/SSL only with HSTS and perfect forward secrecy fully enabled. Pento is graded as a "B" rating on SSL Labs' tests.

How secure is Pento's network?

All transmissions between client and server and to external systems are performed through end-to-end HTTPS encryption. We have strict separation of testing and production environments. Isolation of Pento network from the Internet, with the exception of a single entry point (proxy). Each point inside the network follows strict firewall rules.

How do you handle logging?

Deployment of audit logs to trace authentication and monitor logical system access, as well as data access and modifications. Systems technical events, such as errors, are monitored and logged separately. Retention of audit logs is set to one year.

How do you manage permissions?

Access to customer data is limited to authorized employees who require it for their job. We protect access to Pento systems through Google Cloud and Kubernetes rights management.

What is your uptime and availability?

We have uptime of 99.9% or higher. We do replication of all data continuously on two nodes for our databases and through multiple data centers for our Google Cloud storage. All data is handled on servers with automatic failover system.

Do you have a bug bounty program?

Please contact sec@pento.io for any bug bounty requests.


100% GDPR Compliant Platform

Your employee data is for your eyes only. We go to great length to ensure a fully GDPR compliant payroll process and platform.

We take special care of the data submitted to us during the onboarding process. Both our employees handling the process and customers sign separate confidentiality agreements.

Read more about our data handling in the FAQ below →

Have a question about privacy?

How do you handle the customer onboarding process?

We have strict internal guidelines to ensure no data leakage of personal data in the onboarding process. All personal data files are immediately deleted from our systems and Pento employee computers after the data has been successfully imported onto Pento cloud infrastructure.

Who has access to personal data?

Access to customer data is limited to authorized employees who require it for their job. We protect access to Pento systems through Google Cloud and Kubernetes rights management.

How do you monitor transmission of personal data?

Monitoring and log of data transmission from IT systems that store or process personal data.

Do you have a Data Protection Agreement?

Yes! You can find our Data Processing Agreement here.

How do you help with user data protection?

Coming Soon: We enforce mandatory user authentication by email and password (controlled by a strict policy) with the option of two-factor authentication (2FA) via SMS token authentication.

Our Promise

Your payroll security and employee data confidentiality is our number 1 priority.

Modern payroll you can trust

We go above and beyond for our customers.

4 years

of successfully running payroll for our customers


companies signed up so far


our Trustpilot rating


our average uptime

Interested to see how this could look for your business?

Tell us about your payroll and we’ll show you how Pento can simplify your payroll process

Rated 5 stars and trusted by 1000+ companies
Get started →