Remote Pass
Technology

A B2B SaaS payroll platform, built on AWS in Mumbai.

Remote Pass is architected for the scale, security and statutory requirements of running payroll for Indian companies — from a 5-person startup to a 5,000-employee enterprise across 28+ states and UTs.

Region
ap-south-1 (Mumbai), DR in ap-south-2 (Hyderabad)
Encryption
AES-256 at rest (KMS CMKs), TLS 1.3 in transit, field-level for PII
Auth
Cognito + SAML/OIDC SSO + WebAuthn MFA
Tenancy
Row-level + schema-level isolation; per-tenant IAM roles
SLA
99.99% monthly uptime, RTO 1 hr, RPO 5 min
Compliance
ISO 27001, SOC 2 Type II (in progress), DPDP Act
Infrastructure

Secure, scalable, and built on AWS in Mumbai.

Remote Pass runs on AWS ap-south-1, designed for the scale and compliance Indian companies expect — from a 5-person startup to a 5,000-employee enterprise.

AWSAWSAmazon RDSAmazon RDSAmazon S3Amazon S3CloudFrontCloudFrontAWS KMSAWS KMSAWS LambdaAWS Lambda

        ┌──────────────────────────────────────────────────┐
        │   CloudFront  →   AWS WAF  →  Application Load   │
        │                                  Balancer        │
        └──────────────┬──────────────────────┬────────────┘
                       │                      │
                ┌──────▼──────┐        ┌──────▼──────┐
                │  Amazon EKS │        │   Lambda    │
                │  (services) │        │  (workers)  │
                └──────┬──────┘        └──────┬──────┘
                       │                      │
        ┌──────────────▼──────────────────────▼────────────┐
        │  Amazon RDS · ElastiCache · S3 · KMS · Secrets    │
        │              ap-south-1 (Mumbai)                  │
        └───────────────────────────────────────────────────┘
Built on AWS in ap-south-1 (Mumbai)

Customer data stays in India by default. We use Amazon EKS, Amazon RDS for PostgreSQL with Multi-AZ failover, S3 with versioning, and CloudFront for low-latency delivery across Tier-1, Tier-2 and Tier-3 cities.

Encrypted end-to-end

AES-256 at rest via AWS KMS-managed keys, TLS 1.3 in transit, and field-level encryption for PAN, Aadhaar and bank details. Audit logs are streamed to immutable S3 Object Lock buckets.

Compliance-ready by design

ISO 27001, SOC 2 Type II in progress, and DPDP Act-aligned data residency. Customer isolation enforced at the row, schema and IAM-role level.

How we use AWS in production.

Every AWS service is chosen to solve a specific Indian payroll problem — cycle peaks, statutory filings, data residency, and audit-grade history.

Amazon EKS

Kubernetes-orchestrated microservices for the HR, payroll and spend platform. Auto-scales from 3 to 60+ pods during India payroll-cycle peaks (28th–2nd of every month).

AWS Lambda

Serverless workers for TDS filings, PF/ESI challan generation, payslip PDF rendering, webhook ingestion from Razorpay, and async email/SMS delivery.

Amazon RDS (PostgreSQL)

Primary OLTP store with Multi-AZ, automated daily snapshots, 30-day point-in-time recovery, encrypted with AWS KMS CMKs and read replicas for reporting.

Amazon S3

Payslips, Form 16, signed offer letters, KYC documents, payroll archives. Versioned, encrypted (SSE-KMS), Object Lock for audit-grade immutability.

Amazon CloudFront

Edge delivery for the web app and customer-uploaded assets across India PoPs (Mumbai, Delhi, Chennai, Bengaluru, Hyderabad, Kolkata) and global.

AWS KMS & Secrets Manager

Customer-managed keys for field-level encryption of PAN, Aadhaar, UAN, bank account numbers. Rotated secrets for DB, third-party API and integration credentials.

Amazon Cognito

Authentication, MFA enforcement for admin users, SSO via SAML/OIDC for enterprise customers.

Amazon SQS & EventBridge

Asynchronous, idempotent processing of payroll runs, retries on transient failures, and event-driven integrations with Tally, Zoho Books and ClearTax.

Amazon CloudWatch & X-Ray

Centralised logs, metrics, anomaly detection on payroll-cycle latency, distributed tracing across services and Lambdas.

AWS WAF & Shield

Layer 7 protection on every customer-facing endpoint, OWASP Top-10 rule sets, geo-blocking and rate limiting per tenant.

AWS Backup

Policy-driven cross-region backups (ap-south-1 → ap-south-2) with retention aligned to Indian statutory record-keeping requirements (7 years).

Amazon Bedrock

Powers our analytics and forecasting models with private data isolation per tenant.

Why Remote Pass is an AWS-native company.

We chose AWS on day one for one reason: payroll is regulated, time-sensitive, and unforgiving. AWS gives us the only combination of in-India data residency (ap-south-1), enterprise security primitives (KMS, WAF, Shield, GuardDuty), and the elastic compute we need during month-end payroll peaks. Our roadmap — Bedrock-powered analytics, EKS-based multi-region failover, and S3 Object Lock for 7-year statutory archives — is all in. AWS Activate credits help us accelerate compliance certifications (ISO 27001 and SOC 2 Type II) and ship new capabilities to every customer faster.

Talk to our team