Empuls has not experienced any breach involving the compromise of personal data — for itself or its customers — in the last three years, and no investigation has been initiated by any Data Protection Commissioner or Supervisory Authority.
A Clean Security Record
Empuls has maintained zero reported personal data breaches over the past three years. No incident involving the unauthorized access, disclosure, or loss of employee or customer data has been reported to any Data Protection Commissioner or Supervisory Authority during this period. This applies across jurisdictions covered by GDPR, India’s Digital Personal Data Protection Act (DPDPA), and other applicable data protection frameworks in Empuls’s operating regions.What Underpins This Track Record
Empuls operates under a layered security architecture backed by recognized industry certifications. Xoxoday Empuls holds ISO 27001 certification for information security management and SOC 2 Type II attestation, which independently verifies the design and operating effectiveness of controls related to security, availability, and confidentiality. SOC 2 Type II audits are conducted over an extended observation period — typically six to twelve months — meaning controls are tested under real operating conditions, not just at a single point in time. This distinguishes the attestation from a point-in-time audit and reflects how Empuls performs day-to-day, not just during an assessment window.How This Affects Your Integration Stack
Many organizations connect Empuls with HRIS and productivity tools including Workday, SAP SuccessFactors, Darwinbox, Slack, and Microsoft Teams. Each integration involves the movement of employee data — employment anniversaries, tenure milestones, and demographic attributes that trigger recognition workflows. Empuls enforces strict access controls and data minimization principles across all integration touchpoints. Only the data fields necessary to power a specific feature are requested, and no employee personal data is retained beyond the scope of the agreed service. An organization automating service awards via Darwinbox, for example, shares only the fields needed for milestone detection — not the full employee record.Regulatory Investigation Status
Empuls has not been subject to any formal investigation, inquiry, or enforcement action by a data protection regulator or supervisory authority in any operating jurisdiction. Organizations running vendor due diligence — including enterprise procurement and InfoSec reviews — can reference Empuls’s security documentation and certifications to support their own compliance assessments.What This Means for HR and People Teams
When an employee recognition platform connects to Slack for peer shoutouts or syncs with SAP SuccessFactors to trigger long-service awards, People teams need assurance that the underlying data handling is secure and accountable. Empuls’s breach-free history, combined with active ISO 27001 and SOC 2 Type II certifications, gives HR leaders a defensible basis for vendor approval across InfoSec, legal, and procurement reviews. Learn more: Empuls Help Centre — GeneralIs Empuls ISO 27001 and SOC 2 Type II certified?
Learn about the certifications Empuls holds and what they mean for your organization’s data security posture.
What employee data does Empuls collect and retain?
Understand what personal data Empuls collects across integrations, how long it is stored, and how deletion requests are handled.