MSP logoMSPMySalaryPal
PricingBook a demo
Security & Trust

Payroll data deservesserious protection.

We built MySalaryPal to replace password-protected payslip emails with something materially safer. Here's exactly how we keep your employees' data secure.

EU data residency

All personal data is stored and processed in the European Union. Your payroll never leaves the EU.

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest. Payslip files and database backups are encrypted by default.

Role-based access

Payroll, HR and employee roles are separated. People only see what their role allows — enforced at the database layer.

Passkey sign-in

Face ID, Touch ID, Windows Hello or your device PIN as a second factor — phishing-resistant by design.

Full audit trail

Every payslip view, upload, change request and admin action is logged with user, time and IP.

Daily backups

Point-in-time recovery with daily encrypted backups retained for 30 days.

GDPR ready

DPA available on request. Subject access, export and erasure flows are built into the product — no email tickets required.

Least-privilege internals

Production access is restricted, MFA-enforced, and reviewed. We don't read your payslip data in the course of normal operations.

Security monitoring

Automated monitoring, rate limiting and anomaly detection help identify suspicious activity and protect customer data.

Incident response

Security incidents are investigated promptly and affected customers are notified where required by law.

Compliance posture

MySalaryPal is designed for employers across Europe. We align with:

  • GDPR (EU 2016/679)
  • UK GDPR & Data Protection Act 2018
  • Irish Data Protection Act 2018
  • ePrivacy Regulations
  • EU Pay Transparency Directive (2023/970) ready
  • PCI-DSS via Paddle (Merchant of Record)
  • Data Processing Agreement (DPA) available on request prior to contract execution.
  • Subprocessor list reviewed periodically and updated when service providers change.
  • Customers may request details of applicable international transfer safeguards.

Subprocessors

A short, deliberate list. All EU-hosted where the option exists.

Supabase (EU region)

Database, authentication and file storage

Cloudflare

Edge delivery and DDoS protection

Paddle

Payments — Merchant of Record, PCI-DSS

Google Gemini / OpenAI

Payslip explanations. Inputs are not used to train models.

Resend

Transactional email delivery

AI providers process payroll text solely to generate explanations. Inputs and outputs are not used to train public models.

Reporting a security concern

If you believe you've found a vulnerability or have a security question, email security@mysalarypal.com. We acknowledge reports within one business day.

Book a security walkthrough Read the Privacy Notice