Security Whitepaper
A deep dive into our defense-in-depth approach, compliance standards, and data protection methodologies.
Infrastructure Security
AWS-Based Architecture
Our entire platform is hosted on Amazon Web Services (AWS) in the US-East-1 region. We leverage AWS's world-class physical security and network infrastructure, including VPC isolation, strict security groups, and automated scaling.
Encryption at Rest & In Transit
All data transmitted between your client and our API is encrypted using TLS 1.2+ (Transport Layer Security). Data storage uses AES-256 encryption, ensuring that your candidates' data is unreadable to unauthorized parties.
Compliance & Certifications
SOC 2 Type II
We undergo annual independent audits to verify the effectiveness of our security controls, availability, and confidentiality.
GDPR Compliant
Fully compliant with the General Data Protection Regulation. We provide Data Processing Addendums (DPA) for all Enterprise customers.
CCPA Ready
We support consumer rights under the California Consumer Privacy Act, including the right to access and delete personal information.
Data Privacy & Retention
We believe that you should have complete control over your data. Our retention policies are designed to minimize risk while ensuring service reliability.
| Data Type | Retention Period | Deletion Policy |
|---|---|---|
| Processed Resumes | 30 Days (Default) | Automatic hard delete after retention period. Immediate deletion available via API. |
| Analysis Results | 90 Days | kept for historical reporting, anonymized after 90 days. |
| API Logs | 14 Days | Used for debugging and security auditing only. |