Information Security and Compliance

Our customers trust us with their data, and we’re committed to enforcing all safeguards needed to protect your information.

A High Bar for Privacy and Security

CCPA Compliant

Under the California Consumer Privacy Act (CCPA), any California consumer can request to view all information a company has saved on them along with a full list of all third parties that data is shared with. If privacy guidelines are violated, even if there is no breach, consumers have the right to sue the company. Hiretual values consumer trust and is 100% CCPA compliant.

Learn more about CCPA--->

GDPR compliant

The GDPR is the latest data protection directive for businesses to protect the privacy of EU citizens with enhanced security provisions. Hiretual is 100% GDPR compliant.

Learn more about GDPR--->

SOC 2 Type 2 certified

The SOC 2 Type 2 reports concern policies and procedures over a specified time period. For this more rigorous designation, systems must be evaluated for a minimum of six months. Hiretual’s procedures and controls have been third-party audited to validate our success in ensuring the security, availability, processing integrity and confidentiality of our customer’s information.

Learn more about SOC 2 Type 2 certified--->

EU-US Privacy Shield certified

The Privacy Shield Framework, approved by the European Union (EU) and US Government, is a recognized mechanism for complying with EU data protection requirements when transferring personal data from the European Economic Area (EEA) to the United States. Organizations participating in the Framework are deemed to provide “adequate” privacy protection of data, as required under the EU Data Protection Directive and the General Data Protection Regulation (GDPR). Hiretual is aware of the Schrems II decision. In lieu of the Schrems II decision, Hiretual relies on the Standard Contractual Clauses (SCCs) from the GDPR incorporated into its Data Processing Addendums for any data transfers from the EEA to the U.S.

Learn more about EU-US Privacy Shield certified--->


The Office of Federal Contract Compliance (OFCCP) is a federal government organization that is responsible for ensuring that the companies working with the government are in compliance with fair employment practices. Hiretual supports record keeping standards established by OFCCP as required by our customers who are subject to this compliance. Hiretual helps the customers with their OFCCP audit by providing diversity reports that allows recruiters to gain analytical insights to their candidate pipelines. These reports provide a breakdown on the search by gender and ethnicity for candidates that they've taken an action on or engaged with on Hiretual's platform. These diversity reports from Hiretual can help a team's good faith diversity efforts in the case of an OFCCP audit, by allowing them to track and demonstrate the number of diversity searches performed and the ratio of underrepresented candidates in their pipeline.

Learn more about OFCCP--->

Designed to Protect You

Data Center Security

Hiretual’s physical infrastructure is hosted and managed within Amazon’s secure data centers, as we utilize Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Learn more about Amazon security:

SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)




DOD CSM Levels 1-5

PCI DSS Level 1

ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018



FIPS 140-2

MTCS Level 3


Arrow pointing up

Penetration Testing and Vulnerability Assessments

Third-party security testing of Hiretual's platform is performed by independent and reputable security consulting firms including and not limited to Leviathan and BishopFox. Findings from each assessment are reviewed by the assessors, risk ranked, and assigned to the responsible team.
Arrow pointing up

Encrypted Data at Rest

The data is stored encrypted in AWS EBS volumes with snapshots backed by Amazon S3. All data at rest is encrypted using Advanced Encryption Standard (AES) 256, a symmetric-key encryption standard using 256-bit encryption keys.
Arrow pointing up

Encrypt Data in Transit

Hiretual enables HTTPS for its customer facing web-services and internal services including SSL database connections to protect sensitive data transmitted to and from applications. To access Hiretual web services, a user requires a more secure network connection using the web browser. It is mandatory to use TLS 1.2 with strict cipher suites for secure network communication and data exchange between users systems and Hiretual web services.
Arrow pointing up

Customer Data Retention and Destruction

A customer has the freedom to request for removal of their data to comply with their data retention requirements. If they do not request explicitly for data removal, then Hiretual retains the database’s storage for a period of three years, after which time it is automatically destroyed, rendering the data unrecoverable. Decommissioning hardware is managed by our infrastructure provider using a process designed to prevent customer data exposure. AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning.
Arrow pointing up

Data Backups

Application database backups for our products occur on the following frequencies: On site backups are performed daily and retained for two days in AWS us-west regions; Additional backups are taken bi-weekly, which are then stored and retained for four weeks in AWS us-east region. All backup data is encrypted using AES-256 encryption.
Arrow pointing up

Physical Security

Hiretual utilizes ISO 27001 and FISMA certified data centers managed by Amazon. AWS data centers are housed in nondescript facilities branded as AWS facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited. For additional information see:
Arrow pointing up

Data Access Control Access

At Hiretual, data access controls all infrastructure and customer’s data is granted based on principles of the least privilege and need-to-know governed by role and individual user profiles. Access Authentication at Hiretual supports SAML 2.0 and SSO integration. Hiretual utilizes MFA, AWS SSO and Okta IdP to prevent unauthorized access to the systems and application.
Arrow pointing up

Secure Development Practices

Audited and governed through SOC2 compliance, Hiretual actively monitors and applies development best practices to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks and actively monitors vulnerabilities using Lacework.
Arrow pointing up

Disaster Recovery and High Availability

Hiretual web services using AWS CloudFormation automates disaster recovery and automatically restores web applications and databases in the case of a disaster. Hiretual’s platform is designed to dynamically deploy the web-services within AWS US cloud regions, actively monitor for service failures, and recover any failed platform components including the web-services, application and database.
Arrow pointing up
Ready to hire the best talent?

Copyright © Hiretual 2021. All Rights Reserved