Security & Compliance
Your data security and privacy are our top priorities. We implement industry-leading security practices and maintain the highest compliance standards.
Certifications & Compliance
SOC 2 Type II
Annually audited for security, availability, and confidentiality controls
GDPR Compliant
Full compliance with EU General Data Protection Regulation
ISO 27001
International standard for information security management
CCPA Compliant
California Consumer Privacy Act compliant data handling
Security Features
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- TLS 1.3 for all connections
- AES-256 encryption at rest
- Encrypted database backups
- Secure key management (AWS KMS)
Secure Infrastructure
Enterprise-grade cloud infrastructure with redundancy
- Multi-region deployment
- 99.9% uptime SLA
- Automated failover
- DDoS protection
- Regular security audits
Access Controls
Granular permissions and authentication controls
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Single Sign-On (SSO) support
- IP whitelisting (Enterprise)
- Session management
Data Protection
Comprehensive data lifecycle management
- Automatic 7-day deletion
- Manual deletion anytime
- Data export capabilities
- Secure data centers
- Regular backups
Compliance & Auditing
Continuous monitoring and audit trails
- Activity logging
- Audit trail for all actions
- Compliance reporting
- Third-party penetration testing
- Vulnerability scanning
API Security
Secure API access with rate limiting
- API key authentication
- OAuth 2.0 support
- Rate limiting
- Request validation
- API activity monitoring
How We Handle Your Data
What We Collect
- •Job descriptions you upload
- •Candidate resumes you upload
- •Account information (name, email)
- •Usage data and analytics
- •Payment information (via Stripe)
How We Process
- •AI analysis via Anthropic/OpenAI APIs
- •Text extraction and matching
- •Score calculation and ranking
- •Report generation
- •All processing is ephemeral
How We Protect
- •Encryption at rest and in transit
- •Access controls and MFA
- •Regular security audits
- •Incident response procedures
- •Employee security training
How We Delete
- •Auto-delete after 7 days
- •Manual deletion anytime
- •Secure data wiping
- •No AI provider retention
- •Complete removal guarantee
AI & Data Security
1Do AI providers train on our data?
No. We have enterprise agreements with Anthropic and OpenAI that explicitly prohibit using customer data for model training. Your data is processed ephemerally and not retained.
2How is candidate PII protected?
Personally identifiable information (PII) is encrypted and access-controlled. We minimize PII sent to AI providers and can redact sensitive information on request. Data is never sold or shared with third parties.
3What about bias in AI matching?
We actively test and mitigate bias in our algorithms. Our AI focuses on skills, experience, and qualifications—not demographic information. Regular audits ensure fair and equitable matching.
Incident Response
We have a documented incident response plan with 24/7 monitoring. In the unlikely event of a security incident:
- Immediate containment and investigation
- Notification within 72 hours (GDPR requirement)
- Root cause analysis and remediation
- Transparent communication with affected users
Third-Party Security Testing
We engage independent security firms to conduct regular penetration testing and vulnerability assessments:
- Quarterly penetration tests by certified ethical hackers
- Continuous vulnerability scanning of all infrastructure
- Bug bounty program for responsible disclosure
- Annual SOC 2 audits by independent CPA firms
Enterprise Security Features
Need advanced security for your organization? Our Enterprise plan includes additional security controls.
SSO & SAML 2.0
Single Sign-On integration with Okta, Azure AD, Google Workspace
IP Whitelisting
Restrict access to specific IP ranges for enhanced security
Custom Data Retention
Configure retention policies to meet your compliance needs
Have Security Questions?
Our security team is here to help. Request our detailed security whitepaper or schedule a security review.