Security & Privacy
Is your data safe?
At Teamtailor, we take the confidentiality, integrity, and availability of your data, including personal data, very seriously. As part of our ongoing commitment to protecting your data, our dedicated information security team maintains a robust information protection system based on ISO27001 principles.
Who can access my data?
Two different groups have access to your data:
You and your staff: Your staff will have access to the data according to the permissions you assign. You control who has access to which functions, candidates, recruitment processes, settings, etc.
For more information on access levels and instructions for inviting users, see Invite users and select the right access | Teamtailor Support.
Our staff: A limited number of authorised Teamtailor personnel can gain access to your data. Teamtailor team members will only access your data if this is necessary for things like onboarding new customers, customer support, or troubleshooting.
Within Teamtailor, access to data is based on the principle of least privilege, which means that Teamtailor limits its employees’ access rights to data to the bare minimum. To do so, we use role-based access controls, where access levels are approved and reviewed by designated system owners. In addition, our employees are required to use unique user accounts.
Furthermore, access is revoked as part of our structured off-boarding process, which is triggered when someone leaves the company or changes roles. We enforce MFA for all access to privileged data, and we conduct regular reviews of access rights. Finally, all access to our hosting platforms is audit logged.
What's the uptime of your service?
Keeping our services up and running is a top priority for us. We are constantly evaluating and improving our infrastructure and technical solutions to reduce the risk of downtime and malfunctions.
As such, we have a historical uptime of 99.9% or higher. Take a look at our stats for previous months at status.teamtailor.com.
How is my data backed up?
We are continuously backing up our databases on filesystem level to ensure that we can quickly restore data in the event of hardware failures or data corruption.
Where is my data stored?
Teamtailor stores data at AWS data centers in Ireland. AWS data centers are ISO 27001 certified and SOC2 compliant. Read more about AWS data center protection.
Do you encrypt my data?
All communication with the Teamtailor application and between our servers is encrypted using the industry standard HTTPS (TLS 1.2 or higher). Teamtailor uses AES-256 encryption at rest for your data. Passwords are hashed according to industry best practices.
How do you protect the Teamtailor application?
The Teamtailor development team is small and experienced. Product teams are responsible for assessing risks and implementing mitigation measures as part of their daily work.
Our code deploy pipeline includes mandatory peer review by at least two persons, static code analysis, dependency checks, and automatic unit and integration tests. Code changes will be blocked if code does not have sufficient automatic test cases, or any vulnerabilities are found in third party dependencies used by our code. Every build has its own dedicated test environment where changes are verified before the build is released. Test and production environments are fully separated and do not share any data.
We also do external penetration tests at least once per year and run weekly vulnerability scans of public-facing services.
What about your employees?
Teamtailor performs reference checks on all new employees. All new hires and contractors are required to sign a strict confidentiality agreement and to accept policies governing the use of information and equipment.
All Teamtailor employees attend regular security awareness training.
Data protection & privacy
Protecting your personal data is very important to us. We work hard to ensure that your and your candidate’s personal data is always protected and that our company is GDPR compliant. If we are processing personal data on your behalf, as a data processor, not only do we make sure that we are following data protection laws, like the GDPR, but we also make sure that we only process personal data in accordance with your strict instructions, as provided in our standard terms and conditions and Data Processing Agreement.
Privacy by design
We put privacy first at all times, with everything we do. When developing new product features as part of the services we provide, we always make sure to develop these features with privacy first in mind.
Protecting personal data, wherever it is processed or stored, is very important to us. To make sure that we are always respecting the rights and freedom of data subjects, we strive to process personal data within the European Economic Area first and foremost, and we strive to find service providers within the EEA who ensure the highest level of protection, security, and functionality.
In the event we need to send data outside of the EEA, we send this data in compliance with the GDPR. Furthermore, in accordance with current legislation, we always conduct a data transfer impact assessment to identify which additional security measures may be required given the risk associated with a particular transfer. We are happy to provide our current data transfer impact assessment upon request.
Teamtailor mainly acts as a data processor when it comes to processing personal data as part of providing our service. Since data controllers, i.e., our customers, are obligated to respond to the rights of data subjects, as it relates to their personal data, we have made sure to develop our service to help our customers implement efficient and robust processes for handling data subject requests.
For more information, please refer to the following support articles: