Your data is our responsibility.
Recruitment data is sensitive by nature. We treat security as a product feature, not an afterthought. Here’s how we protect your data at every layer.
Independently verified.
We hold the certifications that enterprise procurement teams require.
SOC 2 Type II
Independently audited controls for security, availability, and confidentiality. Report available under NDA.
GDPR Compliant
Full compliance with the EU General Data Protection Regulation. DPA available on request.
ISO 27001
Certified information security management system. Annual surveillance audits by accredited body.
Built on Google Cloud Platform.
Multi-region, auto-scaling, and encrypted at every layer.
Google Cloud Platform
All infrastructure runs on GCP with multi-region redundancy across Europe, US, and APAC. Auto-scaling ensures uptime during peak loads.
Encryption at rest
All data encrypted at rest using AES-256 with Google-managed encryption keys. Database backups encrypted with customer-managed keys available on Enterprise plans.
Encryption in transit
All connections secured with TLS 1.3. We enforce HSTS, certificate transparency, and automated certificate rotation.
Automated backups
Continuous backups with point-in-time recovery. Backups retained for 30 days with cross-region replication for disaster recovery.
You control your data.
Choose where it lives, who can access it, and how long it's retained.
Data residency
Choose where your data lives. Available regions: EU (Belgium), US (Iowa), UK (London), APAC (Singapore). Data never leaves your selected region.
Access controls
Role-based access with granular permissions. SSO via SAML 2.0 and OIDC. Mandatory MFA for all staff access to production systems.
Data retention
Configurable retention policies per organization. Automatic purge of candidate data after retention period. Full audit log of all data access and modifications.
Privacy by design.
GDPR compliance is built into the product, not bolted on.
Data Processing Agreement
Standard DPA available for all customers. Custom DPA terms available for Enterprise.
Data subject rights
Built-in tools for access requests, rectification, erasure, portability, and restriction of processing.
Legal basis
Legitimate interest for recruiter operations. Explicit consent management for candidate data with granular opt-in/opt-out.
Sub-processors
Maintained list of sub-processors with advance notification of changes. All sub-processors contractually bound to equivalent protections.
Uptime SLA, guaranteed.
We publish real-time and historical uptime data so you can verify our track record. Financial credits for any SLA breach.
View status pageDefense in depth.
Multiple layers of security testing, monitoring, and auditing.
Penetration testing
Annual third-party penetration tests by certified firms. Continuous automated vulnerability scanning.
Code review
All code changes require peer review. Static analysis and SAST scanning on every pull request.
Dependency scanning
Automated dependency vulnerability scanning with SLA-based remediation timelines. Critical: 24h. High: 72h.
SOC 2 auditing
Continuous monitoring with automated evidence collection. Annual Type II audit with no exceptions to date.
Security documentation.
Download the documents your security and procurement teams need.
Data Processing Agreement
Standard DPA covering GDPR obligations for data processors.
Security Whitepaper
Detailed overview of our security architecture and practices.
Compliance Questionnaire
Pre-filled SIG Lite and CAIQ responses for vendor assessments.
Have security questions?
Our security team is available to answer questions, provide documentation, and support your vendor assessment process.