Strong authentication, granular permissions, full audit trail, native GDPR. Swiss hosting on ISO 27001 servers, AES-256 at rest, TLS 1.3 in transit.
Request our security pack See featuresSophie M. — HR
published a payslip
Pierre L. — Manager
validated a payroll cycle
Marie D. — Admin
updated roles
Ext. auditor
exported a report
Illizeo Support
read-only access (impersonation)
Swiss · ISO 27001
Hosting
2FA + SSO
Auth
Granular
Permissions
Articles 17 & 20
GDPR
Authentication, authorization, logging and compliance — no add-on, no surcharge.
2FA via Google Authenticator, configurable per role. Fully customizable password policy (length, complexity, rotation, exclusions, lockout after failed attempts).
Auth0, Okta, Microsoft Entra (Azure AD), custom OIDC. Google and LinkedIn social SSO. Bearer-token sessions with audited impersonation.
Permissions across 5 sections (Profile, Employment Data, Payroll, Documents, Settings). 6 preset roles. Levels None · Read · Edit · Admin per permission.
Every critical action is logged: payslip workflow (sent, validated, refused, archived), role changes, support access (impersonation), exports. Searchable and filterable.
Data export per category (JSON, CSV, PDF) — Article 20. Deletion or anonymization — Article 17. DPO reachable at dpo@illizeo.com. Self-service or via HR.
Each customer company gets its own subdomain and isolated storage. Routes are protected by domain guards. Zero data crossover between customers.
From the employee accessing their payslip to the payroll admin running the cycle, every user only gets the rights they need. You can create your own roles or adjust the existing ones.
Who did what, when, on which employee. Exportable and filterable audit log. In case of audit or labour inspection, you present the log — not a promise.
Sophie M. — HR
published a payslip
Pierre L. — Manager
validated a payroll cycle
Marie D. — Admin
updated roles
Illizeo Support
read-only access (impersonation)
Article 20 (portability) and Article 17 (right to erasure) built into Illizeo. The employee — or HR on their behalf — can request a full export or deletion/anonymization right from their record.
Four things no HR tool should ever let slide.
All sensitive actions go through the audit log. Including Illizeo support access, which is tracked as impersonation.
Strict password policy: minimum length, complexity, rotation, lockout after attempts, ban on usernames.
Granular permissions, 4 levels, 6 preset roles. Least privilege, by default.
Export or deletion on demand, self-service. No ticket to open, no waiting, no proprietary format.
In Switzerland, on ISO 27001-certified servers. Infrastructure is managed by Infomaniak. No customer data leaves the EU / EEA / Switzerland.
AES-256 at rest, TLS 1.3 in transit. Passwords are hashed (never stored in clear). API tokens are issued per user and revocable individually.
Auth0, Okta, Microsoft Entra (Azure AD), custom OIDC. Google and LinkedIn social SSO. TOTP 2FA via Google Authenticator is available for all roles.
RBAC with 4 levels (None, Read, Edit, Admin) on Permissions across 5 sections. 6 preset roles: Payroll Admin, Manager, Team Manager, Accountant, Employee, Auditor. You can create your own roles.
The employee — or HR on their behalf — can request a multi-format export (JSON, CSV, PDF) or deletion/anonymization right from their record. GDPR Articles 17 and 20 compliant.
Only if you enable impersonation. That access is fully tracked in the audit log (date, agent, duration, actions taken). You can disable it at any time.
Yes, available on request at dpo@illizeo.com. Full list of providers (hosting, email, analytics, signature) with their location and compliance level.
Request our full security pack: architecture, encryption, sub-processors, business continuity plan, audit logs. We reply within 48 h.
Request the security pack
