Built-In Compliance

Compliance

Compliance controls are woven into every layer of AdaptDay — not added as an afterthought or sold as an add-on.

Compliance by design.

Every feature is built with regulatory requirements in mind, so you can focus on your people instead of paperwork.

Audit Logging

Every create, update, and delete operation is recorded with the user, timestamp, resource type, action, and full before/after values. The audit_logs table is append-only — entries cannot be modified or deleted by anyone, including administrators.

Append-OnlyImmutableFull History

Role-Based Access Control

Five system roles (Owner, Admin, HR Manager, Manager, Employee) with configurable permissions. Create custom roles with granular resource/action/scope control. RBAC is enforced at the domain service layer, ensuring UI bypasses are impossible.

5 System RolesCustom RolesGranular Scopes

Document Management

Track policy acknowledgments with timestamps and digital signatures. Configure document retention rules with automatic expiration alerts. Maintain version history for every policy and handbook. Track which employees have — and have not — acknowledged required documents.

Retention PoliciesVersion ControlAcknowledgments

Data Residency

All data is hosted on US-based infrastructure. Application hosting via Vercel (iad1 region) and database via Neon PostgreSQL. Data stays within the configured region. No data is transferred to third countries without appropriate safeguards.

US-BasedVercel iad1Neon PostgreSQL

SOC 2 Readiness

AdaptDay is built with SOC 2 Trust Service Criteria in mind. Access logging, encryption at rest and in transit, least-privilege access, change management controls, and incident response procedures are embedded in the platform architecture.

Access LoggingEncryptionLeast Privilege

GDPR Considerations

Support for data subject rights including the right to access, rectification, erasure, and data portability. Customer Data export is available through the platform. Data retention periods are configurable per document type and organizational policy.

Right to AccessRight to ErasureData Portability

I-9 & Employment Verification

Onboarding workflows include I-9 document collection and verification tracking. Track Section 1 and Section 2 completion status, reverification deadlines, and document expiration. Maintain a complete audit trail of the verification process.

I-9 TrackingReverificationDocument Collection

Certifications & Training

Track required certifications for each role and location. Set expiration dates with automatic renewal reminders. Monitor compliance rates across the organization. Generate reports showing which employees are current, expiring, or past due.

Expiration TrackingRenewal AlertsCompliance Reports

Compliance controls at every layer.

AdaptDay is designed with compliance controls built into every layer. From the database schema to the API layer to the user interface, every operation is logged, scoped, and auditable.

Every mutation

Audit logged with before/after values

Every query

Scoped by tenant_id automatically

Every role

Enforced at the domain service layer

Have regulatory questions?

For specific regulatory questions or to request a compliance review, reach out to our team.