staffora
Home Features About Architecture Docs API Contact GitHub
Production-Ready · Enterprise-Grade · UK Compliant

The Enterprise
HR System

Staffora is a complete, production-ready HRIS with 13 modules, multi-tenant architecture, and UK compliance built in. Deploy in minutes with Docker. Customise everything. Built for real companies.

Deploy Now View on GitHub
Multi-Tenant
Row-level isolation
UK Compliant
PAYE, NI, GDPR
13 HR Modules
Full employee lifecycle
Source Available
Proprietary License

Built to Run in Production

Not a toy project. Staffora uses the same stack powering real companies, chosen for performance, type safety, and long-term maintainability.

Backend

E
Elysia.js
HTTP framework
TS
TypeScript
Type safety
PG
PostgreSQL 16
Primary database
R
Redis 7
Cache & queues

Frontend

R
React 18
UI library
RR
React Router v7
Client routing
TQ
TanStack Query
Server state
TW
Tailwind CSS
Utility styles

Infrastructure

D
Docker
Containerization
PB
PgBouncer
Connection pooling
N
Nginx
Reverse proxy
P+G
Prometheus + Grafana
Monitoring

Testing

B
Bun Test
Backend tests
V
Vitest
Frontend tests
S
Storybook 8
Component development & visual testing

Everything You Need, Out of the Box

13 modules that cover the entire employee lifecycle, backed by 109 API modules under the hood.

Core HR

Employee lifecycle, effective-dated records, org chart, contract management

Payroll

PAYE/NI calculations, pay schedules, journal entries, period locking

Time & Attendance

Timesheets, shifts, clock-in/out, geofencing, overtime

Leave Management

Leave requests, policies, entitlements, carryover rules

Talent & Performance

Reviews, goals, 360 feedback, competency frameworks

Recruitment

Requisitions, candidates, interviews, offers, DBS checks

Learning (LMS)

Courses, learning paths, certificates, CPD tracking

Benefits

Plan enrollment, beneficiary nominations, exchange

Case Management

ER cases, grievance, disciplinary, whistleblowing

UK Compliance

SSP, statutory leave, RTW, NMW, WTR, gender pay gap

GDPR & Privacy

DSAR, data erasure, breach tracking, consent, ROPA

Analytics & Reports

Dynamic report builder, dashboards, KPI tracking

Workflows

Configurable approval chains, visual builder, automation

View All Features

Architecture That Scales With You

Multi-tenant isolation, state machine governance, and production infrastructure baked in from day one. Not bolted on later.

Multi-Tenant Isolation

Row-Level Security on every table, tenant context per request, zero data leakage. Each tenant's data is cryptographically isolated at the database layer, ensuring complete separation without sacrificing query performance.

State Machine Governance

Employee lifecycle, leave requests, cases, performance, and recruitment are all governed by explicit state machines. Every transition is validated, audited, and reversible, eliminating invalid state combinations.

Production-Ready Infrastructure

PgBouncer connection pooling, Redis caching, OpenTelemetry tracing, Prometheus metrics, and comprehensive audit logging. Everything you need to run in production with confidence, from day one.

Security You Can Audit Yourself

Transparent, auditable security layers. RBAC, MFA, CSRF protection, rate limiting, audit logging, and more.

RBAC + Field-Level Permissions

Granular access control

MFA with TOTP + Backup Codes

Multi-factor authentication

CSRF Protection (HMAC-SHA256)

Request forgery prevention

Rate Limiting (Redis-backed)

Abuse prevention

Idempotency Keys on All Mutations

Safe retries

ClamAV Virus Scanning

File upload protection

Immutable Audit Logging

Complete traceability

API Key Authentication

Service-to-service auth