ERPOps logoERPOps AI Copilot
Sign In →Free Trial

HR & employee data protection

Last updated: April 2026

"ERPOps monitors your ERP integrations — not your employee data. We watch the pipe. Not the water inside it."

This page explains exactly what data we see, what we never see, and how we protect the boundary for HR teams operating under HIPAA, GDPR, and federal data handling requirements.

The core principle: we watch the pipe, not the water

ERPOps operates as an integration monitoring layer. When your PeopleSoft payroll connector runs, we observe the operational metadata — job status, timing, error codes, record counts, and connector health — not the employee records being processed. A failed benefits integration tells us "BATCH_JOB_BENEFITS_SYNC failed at record 4,847 of 12,203 with a field validation error." It does not tell us which employee, what their election was, or any other personal information.

What ERPOps sees vs. what it never touches

What we see (operational metadata)

  • Connector run status (success / failure / degraded)
  • Error codes, exit codes, and stack traces
  • Job timing, duration, and throughput
  • Record counts (e.g. "12,203 records processed") — not the records themselves
  • Integration retry attempts and failure patterns
  • Gateway health scores and latency metrics

What we never see

  • Employee names, SSNs, or government IDs
  • Salary, compensation, or payroll figures
  • Medical records, diagnoses, or PHI of any kind
  • Benefits elections, FSA/HSA balances, or insurance data
  • FMLA designations, leave records, or accommodation requests
  • Tax withholding data or direct deposit account information

How PII sanitization works

Before any operational log or error detail reaches our AI diagnostic engine, it passes through an automated sanitization layer. This layer identifies and masks fields matching known PII patterns — names, email addresses, numeric identifiers, IP addresses, and internal system hostnames. The AI receives a sanitized version: "Field validation failed on record [ID_REDACTED] in job [JOB_ID]." It diagnoses the integration problem without ever processing the employee data involved.

ERP integration runs
Error log emitted
[PII fields masked]
Sanitized metadata
AI diagnosis
Root cause delivered

HIPAA and Business Associate Agreements

If your organization processes Protected Health Information (PHI) through ERP integrations — benefits enrollment, FSA/HSA administration, medical leave tracking, or ACA reporting — ERPOps can operate as a HIPAA Business Associate.

We offer a Business Associate Agreement (BAA) to Enterprise customers. The BAA documents our technical safeguards, access controls, breach notification commitments, and subcontractor management in accordance with 45 CFR Part 164.

To request a BAA or our HIPAA compliance documentation:

Request BAA

Federal and state government requirements

ERPOps was built by a team with direct experience implementing PeopleSoft HCM at the U.S. State Department, HHS, and U.S. Census Bureau. We understand federal data handling requirements from the inside.

For federal customers, we offer: US-region data hosting, FedRAMP roadmap documentation available under NDA, support for agency-specific security questionnaires (SCA, RMF, ATO packages), and a dedicated federal procurement contact. Contact sales@erpops.ai with "Federal" in the subject line.

Enterprise customers may request our BAA, Data Processing Addendum (DPA), HIPAA compliance documentation, and federal security questionnaire responses by contacting sales@erpops.ai.

This page is provided as a plain-language summary of our practices. Enterprise customers may request our full Data Processing Addendum (DPA), Master Services Agreement (MSA), and security questionnaire responses by contacting sales@erpops.ai.

Real-world HR integration scenarios

Three concrete examples of ERPOps operating on the metadata boundary — diagnosing real problems without ever touching employee data.

PeopleSoft Payroll Integration Failure

Scenario

Your bi-weekly payroll job fails at 11pm. 40,000 employees won't be paid.

What ERPOps sees

PSFT_PAYROLL_BATCH exit code 1, record 18,441 of 40,000, field EMPLID_FK constraint violation.

What ERPOps doesn't see

Employee names, SSNs, bank accounts, or salary amounts.

What happens

AI identifies the foreign key constraint, links it to a known PeopleSoft data integrity issue, surfaces the affected job step, and recommends the SQL fix — without ever seeing who employee 18,441 is.

Workday Benefits Open Enrollment Sync

Scenario

Annual open enrollment. 8,000 employees updating medical, dental, and FSA elections. The Workday-to-carrier sync starts failing midway.

What ERPOps sees

WD_BENEFITS_EXPORT_CARRIER timeout at record 4,203, HTTP 504 from carrier endpoint, retry queue depth 1,847.

What ERPOps doesn't see

Which employees, what plans they selected, PHI of any kind.

What happens

ERPOps detects the carrier endpoint degradation, alerts the team, and triggers a retry playbook — protecting enrollment without exposing a single employee record.

Oracle HCM FMLA Integration

Scenario

Leave management system syncing FMLA designations to Oracle HCM. Intermittent failures are causing leave records to not post, creating compliance risk.

What ERPOps sees

OHC_LEAVE_SYNC_JOB failure rate 12%, average retry count 3.4, error pattern: network timeout on leave_type = [MASKED].

What ERPOps doesn't see

Employee names, medical conditions, physician certifications, or the nature of leave.

What happens

ERPOps identifies the network pattern, correlates it to a known Oracle connector timeout configuration, and surfaces the fix — while the FMLA data itself remains entirely within your environment.