Security & Trust

Your hiring data, protected

We take the security of your candidate and company data seriously. Here's a transparent look at the controls that protect your team — built for enterprise IT and procurement review.

SSO — OIDC & SAML Encryption at rest & in transit Role-based access control Audit logs & retention

Authentication & Access

  • Enterprise SSO via OIDC (Microsoft Entra, Okta) and SAML 2.0
  • Role-based access control across the hiring org
  • Granular, scoped permissions for teams and departments
  • Session and token-based authentication for all APIs
  • Rate limiting on authentication and sensitive endpoints

Data Protection

  • TLS encryption for all data in transit
  • Message encryption at rest (AES-256-GCM)
  • Relationship-gated messaging — deny-by-default authorization
  • PII access controls and contact masking until unlocked
  • Secrets kept out of source and injected via environment

Visibility & Audit

  • Audit center with configurable data retention
  • Org-wide activity trail for hiring actions
  • Admin conversation viewer with export controls (audited)
  • Operations & alerting for system health and anomalies
  • CSV export of audit records for your compliance team

Privacy & Compliance

  • Privacy-first data handling, aligned with GDPR principles
  • User rights: access, correction and deletion of personal data
  • Configurable data retention windows
  • Data Processing Agreement (DPA) available on request
  • Transparent privacy policy covering collection and use

Infrastructure & Reliability

  • Managed, reputable cloud infrastructure & databases
  • Object storage with size limits and validation on uploads
  • Health checks and graceful shutdown for safe deploys
  • Performance caching with safe fallbacks
  • Backups and monitored background jobs

Enterprise Assurance

  • Named account manager for enterprise plans
  • Priority support and faster response targets
  • Security questionnaire support during procurement
  • Guidance for your IT review and onboarding
  • Custom contract and data terms on enterprise plans

We describe only the controls we actually run today. If your procurement process requires a security questionnaire, DPA, or specific compliance attestations, our enterprise team will work with you directly.

Have a security or compliance question?

Talk to our enterprise team — we're happy to walk your IT team through our controls.

Contact enterprise team Read privacy policy