Data security and compliance

We take data security seriously

Payroll and HR data are among the most sensitive things a company holds, and we treat them that way. Finn is built with enterprise-grade security from infrastructure to user access, and Philippine statutory compliance is built into the product itself.

Certifications and registration

Independently verified, publicly registered

ISO 27001:2022 certified

Clear Mile operates a certified information security management system, with the recurring audits and continual improvement the standard demands.

Registered with the National Privacy Commission

We are registered with the Philippine National Privacy Commission and operate under the Data Privacy Act of 2012 (RA 10173). Our registration is publicly verifiable on the NPC registry.

Platform safeguards

Protection at every level

Access

Role-based, logged, 2FA

Role-based permissions and secure authentication mean users only see what their role requires. Access is logged for audit, and two-factor authentication protects administrative accounts.

Continuity

Backups and disaster recovery

Automated backups and disaster recovery procedures protect against data loss, so payroll and HR operations can resume quickly after any interruption.

Monitoring

Continuous vigilance

Advanced security controls and continuous monitoring, maintained by a team dedicated to the integrity and privacy of your data.

Infrastructure

Enterprise cloud hosting

Finn runs on Amazon Web Services and DigitalOcean, established cloud providers with their own audited physical, network and operational security underpinning the platform.

ISO 27001:2022 certified
Registered with the National Privacy Commission
RA 10173 Data Privacy Act
Statutory compliance

The agencies, built into the product

BIR

Withholding tax computed per cutoff under current tables, year-end annualization, alphalist data preparation and BIR Form 2316 for every employee.

SSS, PhilHealth and Pag-IBIG

Contribution schedules maintained by Clear Mile and applied automatically, with shares reported per remittance period and agency loans tracked to settlement.

DOLE labor standards

Holiday pay, premium rates, service incentive leave and 13th month pay computed as the rules prescribe.

When the rules change

Tables and calendars are updated in the platform by our team and tested before your next run. You find out from our release notes, not from a penalty notice.

Due diligence

Questions your auditors will ask, answered

Who can see payroll data inside Finn?

Access is role-based with secure authentication. HR, finance, managers and employees each see only what their role requires, all access is logged for audit purposes, and administrative accounts are protected with two-factor authentication.

How are statutory table updates handled?

Clear Mile maintains contribution schedules, tax tables and the holiday calendar centrally. Updates are tested and released to all customers before they take effect, with release notes describing what changed.

What happens if there is a system interruption?

Automated backups and disaster recovery procedures are in place. Services can be restored quickly with minimal downtime, so payroll and HR operations continue.

Can you support our vendor security assessment?

Yes. We regularly complete vendor due diligence questionnaires and can walk your security team through our ISMS, our NPC registration, our policies and our technical controls.

Bring your security questionnaire

Our team will walk your reviewers through the ISMS, the platform controls and the statutory coverage, in whatever depth they need.

Talk to us