Search site

PrimePay Trust Center

OverviewSecurityReliabilityCompliance

Our Commitment

At PrimePay, safeguarding your data is at the heart of everything we do. Our product development approach is built around robust measures to protect your information every step of the way.

Compliance

At PrimePay, we uphold a culture of compliance by implementing industry standards, regulatory guidelines, and internal policies to protect client data and maintain operational integrity.

Security

PrimePay ensures comprehensive data security by implementing robust encryption methods, regular backups, and continuous real-time monitoring to safeguard sensitive information effectively.

Reliability

PrimePay enforces robust access controls, conducts thorough testing, deploys advanced firewalls, and utilizes state-of-the-art encryption protocols to ensure maximum data security and system integrity.

Compliance

Security & Compliance Credentials

We are committed to achieving and maintaining industry-recognized security and compliance credentials, validating our efforts to protect data and foster customer trust.

SOC 1 Type II

Request SOC Report

Data Privacy Framework

Learn More

Data Security & Protection

PrimePay ensures data security with encryption, backups and real-time monitoring.​
HCM platform

  • Data Security

    All data in transit is protected with modern, standards‑based TLS encryption.

  • Data At Rest

    Data at rest is secured with strong, NIST‑approved encryption.

  • Data Availability-Backups

    PrimePay separates its application servers from our database servers. Servers are separated into different VLANs.​

  • Data Segmentation and Isolation​

    PrimePay separates its application servers from our database servers. Servers are separated into different VLANs.​

Application Security

PrimePay enforces robust access controls, testing, firewalls and encryption.​
HCM platform

  • Access Controls

    Access controls are segmented by duties or job need.​

  • Testing And Review

    All changes to our application are subject to peer review and testing before being merged.​

  • DDOS Protection

    PrimePay utilizes public cloud built-in DDOS mitigation services alongside a private cloud for sensitive data or specialized configurations.​

  • Deep Packet Inspection​

    PrimePay does IDS/IPS.​

  • Next Generation Firewalls​

    Yes, PrimePay utilizes this.​

  • Zero Trust Network Architecture

    PrimePay segments our architecture.​

  • Secure Network Protocols and Encryption​

    PrimePay only allows protocols that are required for the services we provide.​

  • Multi-Region

    PrimePay uses a multi-region setup for its infrastructure. The principal region for running the application uses a multi-region infrastructure setup. The principal region for running the application is Virginia. Backup data center is located in Texas.​

Product Security

PrimePay protects products with monitoring, testing, intelligence and scanning.​
HCM platform

  • DNS Security and Content Filtering​

    TBD

  • Endpoint Detection Response

    PrimePay utilizes a 3rd Party vendor for this. Our vendor supplies both Managed End Point Detection Response (MDR) and End-Point Detection.

  • Network Flow and Traffic Analysis​

    Yes, through our firewall provider.​

  • Cloud and Container Monitoring​

    PrimePay utilizes 3rd Party Vendors for this.

  • Threat Intelligence Feeds​

    PrimePay utilizes 3rd Party Vendors for this.

  • Penetration Testing​

    PrimePay’s security team uses third parties to conduct penetration tests to identify deficiencies in the system that may affect critical assets.​

  • Vulnerability Scanning​

    PrimePay uses third-party security tools to continuously scan our applications, systems, and infrastructure for security risks and vulnerabilities.

People Security

PrimePay fosters secure culture through authentication, training and policies.​
HCM platform

  • Authentication

    PrimePay allows you to add an extra layer of security to your account by enabling authenticator apps.​

  • Zero Trust Architecture​

    Limited access to production and verified users, checked off in a ticketing system. There are layers of protection built into the PrimePay platform.​

  • VPN

    PrimePay utilizes an internal VPN for PrimePay employee and all critical access.​

  • Dedicated Team

    PrimePay has a dedicated security team to enforce secure practices and respond to security incidents quickly and efficiently.​

  • Policies

    PrimePay maintains a robust set of security policies that are updated periodically to meet the demands of an evolving security environment. Policies are communicated to employees and available for review at any time.​

  • Training

    All PrimePay employees are required to complete security training. PrimePay’s security team provides continuous education on emerging security threats and communicates updates with employees regularly.​

  • Background Checks

    PrimePay performs background checks for potential candidates before hiring.​

  • New-hire reviews

    PrimePay requires all new hires to sign and acknowledge PrimePay’s information security policy and confidentiality agreements upon joining the team.​

Information Security

PrimePay secures data with HIPAA and SOC compliance.​
HCM platform

  • DPF

    PrimePay rigorously adheres to the Data Privacy Framework by implementing comprehensive privacy measures and robust security protocols that ensure the responsible handling, storage, and transmission of sensitive data while maintaining client trust. You can look us up here Data Privacy Framework.

  • HIPPA

    PrimePay complies with HIPAA guidelines to safeguard our customers’ protected health information (PHI), including maintaining business associate agreements (BAAs) between customers and PrimePay, along with any third parties partners to whom we disclose information.

  • SOC

    PrimePay updates SOC 1 Type II reports every year. Customers can request access by filling out a non-disclosure agreement and requesting it from their account manager.​

  • State & Federal Laws

    PrimePay is fully committed to adhering to all applicable state and federal laws. We regularly review and update our policies, procedures, and operations to ensure that every aspect of our business complies with all legal and regulatory requirements, thereby safeguarding our clients and maintaining the highest standards of integrity and accountability.

  • DPA

    PrimePay has established a robust Data Processing Agreement that governs all data handling practices to ensure compliance with strict privacy and security standards. A link to PrimePay’s DPA can be found here PrimePay Schedules.