Information Security and Compliance
Our customers trust us with their data, and we’re committed to enforcing all safeguards needed to protect your information.
Under the California Consumer Privacy Act (CCPA), any California consumer can request to view all information a company has saved on them along with a full list of all third parties that data is shared with. If privacy guidelines are violated, even if there is no breach, consumers have the right to sue the company. Hiretual values consumer trust and is 100% CCPA compliant.
The GDPR is the latest data protection directive for businesses to protect the privacy of EU citizens with enhanced security provisions. Hiretual is 100% GDPR compliant.
SOC 2 Type 1 and SOC 2 Type 2 certified
The SOC 2 Type 1 report assesses the design of security processes at a specific point in time. The SOC 2 Type 2 reports concern policies and procedures over a specified time period. For this more rigorous designation, systems must be evaluated for a minimum of six months.
Hiretual’s procedures and controls have been third-party audited to validate our success in ensuring the security, availability, processing integrity and confidentiality of our customer’s information.
EU-US Privacy Shield certified
The Privacy Shield Framework, approved by the European Union (EU) and US Government, is a recognized mechanism for complying with EU data protection requirements when transferring personal data from the European Economic Area (EEA) to the United States. Organizations participating in the Framework are deemed to provide “adequate” privacy protection of data, as required under the EU Data Protection Directive and the General Data Protection Regulation (GDPR).
All Hiretual personnel has agreed to confidentiality terms, background screenings, and security training. Our team is familiar with security protocol addressing device security, acceptable use, malware prevention, incident reporting and other measures.
Hiretual hosts services on Amazon Web Services (AWS) and is protected by AWS’s data centers and compliance programs in its infrastructure. AWS provides high availability, dependability, and scalability.
Information Protection Protocols
Hiretual guards customer data with industry best practices, ensuring that all data transmission over public networks is done with strong encryption.
- Comprehensive risk analysis and data protection for customers.
- Amazon Web Services employs modern software security techniques and requires multi-factor authentication for access.
- Data isolation – one user will never access and modify another customer’s data.
- We transmit data to customers over public networks with strong encryptions – between Hiretual clients and Hiretual service (data generated and imported by Hiretual users).
- TLS 1.2 protocols, AES256 encryption, SHA2 signatures, and emails sent through an end-to-end protected and encrypted system.
- We store encryption keys in a secure server on a segregated network with very limited access using AWS Key Management Service.
Network monitoring and protection
We have rigorous measures in place to detect unusual or unauthorized activities and conditions. Our alarms are configured to notify operations and management personnel when warning thresholds are crossed on key operational metrics. We have an on-call schedule so personnel is always available to respond to operational issues. Personnel deploy, perform, review, and analyze logs and investigate issues arising from alerts to ensure that systems and data are kept secure.