Security
Comprehensive security measures protecting your data and ensuring compliance in our evidence-based hiring platform
Encryption
End-to-end encryption with AES-256-GCM and envelope encryption using AWS KMS
Privacy First
PII redaction, audit trails, and data subject request capabilities built-in
Compliance
SOC 2 Type II, GDPR, EEOC compliant with comprehensive audit trails
Security Architecture
Infrastructure Security
- AWS Infrastructure
Hosted on AWS with enterprise-grade security controls
- Network Security
VPC, security groups, and WAF protection
- DDoS Protection
AWS Shield Advanced for DDoS mitigation
- SSL/TLS
TLS 1.3 encryption for all data in transit
Application Security
- Authentication
Multi-factor authentication and OAuth 2.0
- Authorization
Role-based access control (RBAC)
- Input Validation
Comprehensive input sanitization and validation
- Security Headers
CSP, HSTS, and other security headers
Data Protection
Encryption at Rest
All data encrypted with AES-256-GCM using AWS KMS key management
Encryption in Transit
TLS 1.3 encryption for all API communications and data transfers
PII Protection
Automatic PII redaction in logs and audit trails
Compliance & Auditing
Compliance Standards
Audit Capabilities
- Comprehensive audit logging
- Data access tracking
- User activity monitoring
- Security event logging
- Data subject request tracking
Security Monitoring & Response
24/7 Monitoring
- Real-time threat detection
- Automated security scanning
- Vulnerability assessments
- Penetration testing
Incident Response
- Dedicated security team
- Incident response procedures
- User notification protocols
- Regulatory reporting
Security Questions?
Contact our security team for detailed information about our security practices