Are companies getting tighter with their merit cycle spending?
Download ‘The Merit Cycle State of the Union’ to see salary, equity, and performance rating trends from comp cycles in 2024 ->

We’re committed to protecting your data.

Our customers trust us with some of their most sensitive information: the compensation information of their employees. We take this responsibility seriously, and have built our products from the ground up with security and privacy best practices, enterprise-grade security features, and regular audits and privacy protections.

Security and Privacy by design

SOC 2

Pave maintains a SOC 2 Type 2, where a third party auditor assesses the suitability and effectiveness of our controls.

GDPR & CCPA

We are committed to GDPR & CCPA compliance and helping our customers meet their compliance needs.

Aggregated and de-identified data

Pave does not use individual identifying information in our Benchmarking product. Our Benchmarking product uses only aggregated and de-identified data.

Utilizing enterprise-grade cloud storage

Pave stores data within Google Cloud located in the United States.

Transfers of Personal Data

Pave uses the most up to date Standard Contractual Clauses for transfers between customers and Pave, and between Pave and our subprocessors.

Enterprise-grade Security & Privacy standards

Security by design

Pave enables best-in-class security for every customer on the Pave platform. We offer Single-Sign-On (SSO) authentication, role-based access controls, and in-product data protection to ensure you can confidently share sensitive compensation information based on the privileges you set.

Enforced access controls

Pave takes confidentiality extremely seriously and has adopted the Principle of Least Privilege.

Accelerate GDPR & CCPA compliance

Pave understands that compensation data is extremely sensitive. Therefore, we aim to not only comply with security standards like the GDPR and CCPA, but also consider privacy with every product we build.

Why Pave

Dedicated Security Team
Pave’s dedicated Security team is focused on protecting your data.
Pen testing
Pave conducts bi-annual pentesting through third party providers.
Encryption
Pave encrypts data at rest and in transit.
Bug bounty program
Pave runs a bug bounty program (where we pay hackers to find security bugs in our systems).

Frequently Asked Questions

What data does Pave collect?
Why does Pave collect this data?
How does Pave use Customer Data?

If you have any questions about our security and privacy practices, please contact us at support@pave.com

Solutions
Market DataCompensation WorkflowsCommunication
Product
BenchmarkingMarket PricingCompensation PlanningTotal RewardsVisual Offer Letter
Resources
BlogPave Data LabWebinarsCase StudiesGuidesHelp CenterIntegrations
Company
PricingCustomersAboutCareersSecurity & PrivacyPress RoomContact Support
Legal
Privacy PolicyTerms of UseService Terms
Fulfillment PolicyMaster Subscription Agreement
Built in San Francisco, CA
© Copyright 2023

Pave's successful SOC 2 Type 2 report was issued by the Johanson Group and is actively monitored by Drata.

(function (h, o, t, j, a, r) { h.hj = h.hj || function () { (h.hj.q = h.hj.q || []).push(arguments) }; h._hjSettings = { hjid: 2412860, hjsv: 6 }; a = o.getElementsByTagName('head')[0]; r = o.createElement('script'); r.async = 1; r.src = t + h._hjSettings.hjid + j + h._hjSettings.hjsv; a.appendChild(r); })(window, document, 'https://static.hotjar.com/c/hotjar-', '.js?sv='); !function () { var analytics = window.analytics = window.analytics || []; if (!analytics.initialize) if (analytics.invoked) window.console && console.error && console.error("Segment snippet included twice."); else { analytics.invoked = !0; analytics.methods = ["trackSubmit", "trackClick", "trackLink", "trackForm", "pageview", "identify", "reset", "group", "track", "ready", "alias", "debug", "page", "once", "off", "on", "addSourceMiddleware", "addIntegrationMiddleware", "setAnonymousId", "addDestinationMiddleware"]; analytics.factory = function (e) { return function () { var t = Array.prototype.slice.call(arguments); t.unshift(e); analytics.push(t); return analytics } }; for (var e = 0; e < analytics.methods.length; e++) { var key = analytics.methods[e]; analytics[key] = analytics.factory(key) } analytics.load = function (key, e) { var t = document.createElement("script"); t.type = "text/javascript"; t.async = !0; t.src = "https://cdn.segment.com/analytics.js/v1/" + key + "/analytics.min.js"; var n = document.getElementsByTagName("script")[0]; n.parentNode.insertBefore(t, n); analytics._loadOptions = e }; analytics.SNIPPET_VERSION = "4.13.1"; analytics.load("0KGQyN5tZ344emH53H3kxq9XcOO1bKKw"); analytics.page(); } }(); $(document).ready(function () { $('[data-analytics]').on('click', function (e) { var properties var event = $(this).attr('data-analytics') $.each(this.attributes, function (_, attribute) { if (attribute.name.startsWith('data-property-')) { if (!properties) properties = {} var property = attribute.name.split('data-property-')[1] properties[property] = attribute.value } }) analytics.track(event, properties) }) }); var isMobile = /iPhone|iPad|iPod|Android/i.test(navigator.userAgent); if (isMobile) { var dropdown = document.querySelectorAll('.navbar__dropdown'); for (var i = 0; i < dropdown.length; i++) { dropdown[i].addEventListener('click', function(e) { e.stopPropagation(); this.classList.toggle('w--open'); }); } }