Please access this document via the main proposal.

Return to proposal →

Infrastructure & Hosting

Enterprise-grade cloud infrastructure

Hosting

Microsoft Azure

The Peopletree platform is hosted exclusively on Microsoft Azure. All data is stored in EU-region data centres, with geographic redundancy and automated failover.

  • EU-region primary hosting (Netherlands)
  • Geographic redundancy with automated failover
  • 99.9% uptime SLA
  • Automated daily backups with 30-day retention
Architecture

Multi-tenant, isolated data

Each client operates in a logically isolated tenant environment. dfcu Bank data is never commingled with other client data, and access is strictly controlled at the tenant boundary.

  • Logical tenant isolation
  • No cross-tenant data access
  • Dedicated database schemas per client
  • Containerised application deployment
Authentication

SSO and MFA

The platform supports SAML 2.0 single sign-on, enabling integration with dfcu Bank's existing identity provider. Multi-factor authentication is supported and can be enforced at the tenant level.

  • SAML 2.0 SSO integration
  • MFA enforcement available
  • Role-based access control (RBAC)
  • Session timeout and audit logging
Data Security

Encryption and access controls

All data is encrypted at rest and in transit. Access to production data is restricted to authorised Peopletree engineers and is logged and audited.

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Principle of least privilege access
  • All access events logged and auditable
AI Processing

How TAILA handles data

TAILA (the AI intelligence layer) uses Azure OpenAI Service. All AI processing is stateless - no employee data is retained by the AI model, stored in training datasets, or used to improve the underlying model. dfcu Bank data never leaves the EU Azure region.

Stateless Processing

Each AI interaction is processed independently. No conversation history, employee profiles, or assessment data is retained by the AI model between sessions.

No Training on Client Data

dfcu Bank employee data is never used to train or fine-tune the underlying AI model. Microsoft's enterprise data protection commitments apply in full.

EU Region Only

All AI processing occurs within the EU Azure region. Data does not leave the EU boundary during AI processing, supporting GDPR compliance requirements.

Monitoring & Governance

Continuous monitoring and compliance

Compliance

SOC 2 Type II

Peopletree Group is SOC 2 Type II certified, independently audited by a third-party firm. The certification covers the Security, Availability, and Confidentiality trust service criteria.

  • Annual third-party SOC 2 Type II audit
  • Security, Availability, Confidentiality criteria
  • Audit report available on request under NDA
  • GDPR Data Processing Agreement available
Monitoring

24/7 platform monitoring

The platform is monitored continuously for availability, performance, and security events. Automated alerts trigger incident response procedures for any anomalous activity.

  • 24/7 automated availability monitoring
  • Security event detection and alerting
  • Incident response SLA: 4 hours for critical issues
  • Monthly platform health reports available
Roles & Responsibilities

What Peopletree manages vs what dfcu Bank controls

Area Peopletree Group dfcu Bank
Platform hosting and infrastructure Fully managed No action required
Security patching and updates Fully managed No action required
User access provisioning Managed via admin portal HR admin approves user requests
SSO / identity integration Configures SAML connection Provides IdP metadata and IT support
HRIS / payroll data integration Builds and maintains integration Provides data access and IT liaison
Data ownership Data processor only Data controller - owns all employee data
Backup and recovery Automated daily backups No action required
Compliance reporting Provides SOC 2 report and DPA Reviews and signs DPA
Technical Contact

Questions from your IT or security team?

Brett Mulder
Managing Partner - Initial Enquiries

For initial technical questions, reach out to Brett who will connect you with the appropriate technical resource.

Rob Heymann
Technical Lead

For detailed technical due diligence, security questionnaires, and IT integration planning, Rob leads the technical team.