Security Overview
Security starts with trust
We know your data is sensitive. That’s why we combine enterprise- grade security features with regular audits to ensure that you’re always protected.
Compliance
We comply with global data protection and security frameworks

SOC 2 Type II Certified
Rippling's SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
GDPR Compliance
We comply with GDPR as a data processor, and manage the transfer data via Standard Contractual Clauses.
CCPA Compliance
We ensure policies, processes, and controls comply with CCPA requirements, and have even built CCPA employee notices directly into our software.
Data & Infrastructure Security
We're built to secure your most sensitive data

Secure Infrastructure provider
We host all of our data in physically secure, US-based Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.
Data encryption in transit & at rest
process
All data sent to or from Rippling is encrypted using TLS, and all customer data is encrypted using AES-256.
Data redundancy and resiliency
Rippling’s infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.
Strict access controls
Access to all Rippling’s systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activity.
Server security and monitoring
All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.
Personnel Security
We hold our employees to the highest standard

Formal security policies and incident response plan
Rippling maintains a set of comprehensive security polices that are kept up-to-date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.
Strict onboarding and offboarding
process
Every new hire must pass a thorough background check and attend a “Legal and Security” training course, as well as an InfoSec training course once a year. We instantly disable departing employee’s devices, apps, and access during offboarding via Rippling’s IDM and MDM products.
Continuous security training
The Rippling Security Team provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly.
Office Security
Rippling manages visitors, office access, and overall office security via a formal office security program.
App & Development
Our developers keep
security top of mind

Secure Infrastructure provider
We host all of our data in physically secure, US-based Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.
Data encryption in transit & at rest
All data sent to or from Rippling is encrypted using TLS, and all customer data is encrypted using AES-256.
Data redundancy and resiliency
Rippling’s infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.
Strict access controls
Access to all Rippling’s systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activity.
Server security and monitoring
All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.