Security & Compliance
Remzo handles sensitive employee and payroll data for companies across the GCC and India. Here is exactly how we protect it.
Security Architecture
Six independent layers of security — each one a barrier that must be breached before the next even becomes relevant.
AES-256 encryption for all data at rest. TLS 1.3 for data in transit. Every byte of employee data is unreadable to unauthorized parties.
Granular role-based access control (RBAC) with mandatory MFA. Least-privilege principle enforced across every user type and API endpoint.
Hosted on ISO 27001-certified cloud infrastructure with multi-region redundancy. Zero shared-tenancy for sensitive payroll data.
Continuous vulnerability scanning, quarterly penetration testing, and automated SAST/DAST pipelines integrated into every release.
Automated daily encrypted backups with point-in-time recovery up to 30 days. RPO < 1 hour, RTO < 4 hours across all services.
24/7 security monitoring with a documented incident response plan. Critical incidents escalated and contained within 2 hours of detection.
Data Privacy
India's Digital Personal Data Protection Act, 2023 sets binding obligations on how personal data of Indian citizens is collected, processed, and stored. Remzo is fully aligned with every provision of the Act.
Data Minimisation
We collect only the data strictly required to deliver our services — nothing beyond the minimum necessary.
Consent Management
Explicit, revocable consent is obtained before collecting any personal data, with full audit trails maintained.
Data Principal Rights
Employees can request access, correction, or erasure of their personal data through our self-service portal at any time.
Data Fiduciary Obligations
As a Data Fiduciary under the DPDP Act, Remzo maintains a Data Protection Officer and a Board-approved data governance policy.
Remzo
Data Protection Certificate
Certified Compliance
Updated for FY 2025–26
Regulatory Framework
Every employer on Remzo is backed by full statutory compliance across all major Indian labour laws. Our in-house compliance team files, tracks, and audits every obligation on your behalf.
Compliance Score
FY 2025–26
Audit Trail
A live view of every statutory obligation Remzo manages on behalf of employers. Updated each filing cycle.
| Regulation | Governing Act | What Remzo Handles | Status |
|---|---|---|---|
| Tax Deduction at Source (TDS) | Income Tax Act, 1961 — Section 192 | Monthly TDS computation, deduction, and Form 24Q filing | Complied |
| Provident Fund (PF) | Employees' Provident Fund Act, 1952 | EPF + EPS contributions, ECR filing, UAN generation & KYC | Complied |
| Employee State Insurance (ESIC) | ESI Act, 1948 | ESIC contribution, IP number generation, monthly challan | Complied |
| DPDP Act & Aadhaar Compliance | DPDP Act 2023 + Aadhaar Act 2016 | Consent management, data minimisation, masked Aadhaar storage | Complied |
| Shop & Establishment Act | State-wise legislation (28+ states) | Leave policy, working hours, holiday registers — state specific | Complied |
| India Statutory Compliance 2025 | Labour Codes — Wages, IR, SS, OSH (notified states) | Readiness tracked per state notification; auto-updates on enactment | Complied |
Income Tax Act, 1961 — Section 192
Monthly TDS computation, deduction, and Form 24Q filing
Employees' Provident Fund Act, 1952
EPF + EPS contributions, ECR filing, UAN generation & KYC
ESI Act, 1948
ESIC contribution, IP number generation, monthly challan
DPDP Act 2023 + Aadhaar Act 2016
Consent management, data minimisation, masked Aadhaar storage
State-wise legislation (28+ states)
Leave policy, working hours, holiday registers — state specific
Labour Codes — Wages, IR, SS, OSH (notified states)
Readiness tracked per state notification; auto-updates on enactment
Last reviewed: May 2025 · Next review: August 2025 · Maintained by Remzo Compliance Team
Security
Security is a shared responsibility. If you discover a vulnerability in Remzo's systems, we want to hear from you immediately. We commit to a 48-hour initial response, no legal action for good-faith researchers, and public credit in our Hall of Thanks.
Find answers to common questions about compliance.
Yes. All companies hiring employees in India must comply with applicable labor laws including EPF, TDS and ESI regardless of whether the company is Indian or foreign.
The main payroll compliance requirements in India include EPF contributions, TDS deduction and deposit, ESI contributions, gratuity provisioning, professional tax, and maintaining statutory records and registers.
Non-compliance can result in heavy penalties, interest charges, damages and even criminal prosecution. For example, EPF default attracts 12 to 25 percent interest per annum plus damages.
Remzo handles all payroll compliance automatically including EPF, TDS, ESI, gratuity, professional tax, monthly filings and annual returns. You do not need to manage any of this yourself.
Yes. All Indian employees whether working from office or remotely are covered under India labor laws and payroll compliance requirements.
