GDPR‑by‑design.
Isolation by default.

Built to satisfy strict data protection and sovereignty needs.

Data Protection

🔐

Pseudonymization

PII masking in logs and system outputs for enhanced privacy protection.

⏰

Retention Policies

Configurable retention (30-365 days) with automated nightly purge jobs.

🗑️

Right-to-Erasure

Complete data deletion workflows with certified destruction.

📋

Legitimate Interest

Documented legal basis for recruitment data processing.

Encryption & Keys

🔒

At-Rest Encryption

AES-256-GCM for all sensitive data storage.

🔑

Credential Encryption

AES-256-CBC for passwords and API keys.

🛡️

OAuth Protection

AES-256-GCM encryption for OAuth tokens.

✍️

HMAC Signing

State signing protects against CSRF and replay attacks.

🗝️

Key Management

Environment-based secure key management system.

🔐

TLS Everywhere

HTTPS/TLS for all communications in transit.

Isolation & Access Controls

🏢

Per‑Tenant Stacks

Every tenant gets separate Docker containers, databases, queues, and storage. Complete physical isolation.

Separate DBIsolated QueuesIndependent StorageDedicated Resources

👥

RBAC

Role-Based Access Control with Admin, Recruiter, and User roles.

⚡

Rate Limiting

Protection against brute force: 10 req/15min (admin config), 3 req/5min (SMTP), 30 req/min (general).

🛡️

Input Validation

Comprehensive sanitization and validation to prevent injection attacks.

🚫

SSRF Protection

URL validation and private network blocking for security.

📊

Audit Logging

70+ audit points across the codebase. Complete event tracking.

🔍

PII-Free Logs

No personal data in system logs or audit trails.

Regions & On‑Prem

🇪🇺

EU-Friendly Hosting

EU data center options for GDPR compliance and data sovereignty.

Built in EU

Regional data storage

GDPR native

DPA available

🏢

On-Prem & Air-Gapped

Deploy entirely within your infrastructure for maximum control.

Behind your firewall

Air-gapped capable

Data sovereignty

Custom integration

DPA and security review available on request for Enterprise customers.

Request Security Review

Authentication Status

✅ Available Now

Multi-Factor Authentication (MFA)
Role-Based Access Control (RBAC)
Comprehensive audit logs
JWT token authentication
Session management

🔜 Planned

SSO (SAML)
SSO (OIDC)
Advanced MFA options

SSO (SAML/OIDC) is planned. Contact us for timeline and early access.

Request SSO Early Access

Questions about security?

Our security team is here to answer questions about our practices, compliance, and architecture.

Download Security Overview (PDF)Contact Security

GDPR‑by‑design. Isolation by default.